Remove static.dreamsadnetwork.com from Firefox, Chrome and Internet Explorer

browser status bar

This page shows how to remove static.dreamsadnetwork.com from Mozilla Firefox, Google Chrome and Internet Explorer.

Did you just see static.dreamsadnetwork.com in the status bar of your web browser and ask yourself where it came from? Or did static.dreamsadnetwork.com show up while you search for something on one of the major search engines, such as the Google search engine?

Here are some of the status bar messages you may see in your browser’s status bar:

  • Waiting for static.dreamsadnetwork.com…
  • Transferring data from static.dreamsadnetwork.com…
  • Looking up static.dreamsadnetwork.com…
  • Read static.dreamsadnetwork.com
  • Connected to static.dreamsadnetwork.com…

Does this sound like what you are seeing, you presumably have some potentially unwanted program installed on your machine that makes the static.dreamsadnetwork.com domain appear in your browser. So don’t blame the people that runs the website you were at when you first spotted static.dreamsadnetwork.com in the status bar. They are almost certainly not responsible, but from the potentially unwanted program that’s installed on your system. I’ll try help you with the static.dreamsadnetwork.com removal in this blog post.

I found static.dreamsadnetwork.com on one of the lab machines where I have some potentially unwanted programs running. I’ve talked about this in some of the previous blog posts. The potentially unwanted programs was installed on purpose, and from time to time I check if anything new has appeared, such as pop-up windows, new tabs in the browsers, injected ads on website that usually don’t show ads, or if some new files have been saved to the hard-drive. dreamsadnetwork.com appeared in my network log while I did a search at Google.

static.dreamsadnetwork.com resolves to 69.28.58.33. static.dreamsadnetwork.com was created on 2013-08-29.

So, how do you remove static.dreamsadnetwork.com from your browser? On the machine where static.dreamsadnetwork.com showed up in the statusbar I had WebWaltz, YTDownloader, SpeedChecker and PriceFountain installed. I removed them with FreeFixer and that stopped the browser from loading data from static.dreamsadnetwork.com.

The issue with statusbar messages such as this one is that it can be caused by many variants of potentially unwanted programs, not just the potentially unwanted program on my system. This makes it impossible to say exactly what you need to remove to stop the status bar messages.

Anyway, here’s my suggestion for the static.dreamsadnetwork.com removal:

  1. Check what programs you have installed in the Add/Remove programs dialog in the Windows Control Panel. Do you see something that you don’t remember installing or that was recently installed?
  2. How about your add-ons you have in your web browsers. Anything in the list that you don’t remember installing?
  3. If that does not help, I’d recommend a scan with FreeFixer to manually track down the potentially unwanted program. FreeFixer is a freeware tool that I’m working on that scans your computer at lots of locations, such as browser add-ons, processes, Windows services, recently modified files, etc. If you want to get additional details about a file in the scan result, you can click the More Info link for that file and a web page will open up with a VirusTotal report which will be very useful to determine if the file is safe or malware:

    FreeFixer More Info link example
    An example of FreeFixer’s “More Info” links. Click for full size.

Did you find any potentially unwanted program on your machine? Did that stop static.dreamsadnetwork.com? Please post the name of the potentially unwanted program you uninstalled from your machine in the comment below.

Thank you!

Remove fsn2ip0s.com Pop Up Ads

pop-ups

Did you just get a pop-up from fsn2ip0s.com and wonder where it came from? Did the fsn2ip0s.com ad appear to have been popped up from a web site that under normal circumstances don’t use aggressive advertising such as pop-up windows? Or did the fsn2ip0s.com pop up show up while you clicked a link on one of the big search engines, such as Google, Bing or Yahoo?

Here is a screenshot on the fsn2ip0s.com pop-up from my machine:

fsn2ip0s.com pop up

fsn2ip0s.com resolves to 54.200.143.216. The following domains also resolves to the same IP, thanks to DomainTools.com:

  •  62wfo4ys8z.com
  • 7uwfj0k.com
  • f1v476z.com

If this description sounds like your story, you apparently have some adware installed on your system that pops up the fsn2ip0s.com ads. Contacting the site owner would be a waste of time. The ads are not coming from them. I’ll do my best to help you with the fsn2ip0s.com removal in this blog post.

Those that have been visiting this blog already know this, but for new visitors: Not long ago I dedicated a few of my lab computers and purposely installed a few adware programs on them. I’ve been tracking the behaviour on these computers to see what kinds of advertisements that are displayed. I’m also looking on other interesting things such as if the adware auto-updates, or if it downloads and installs additional unwanted software on the machines. I first observed the fsn2ip0s.com pop-up on one of these lab computers.

So, how do you remove the fsn2ip0s.com pop-up ads? On the machine where I got the fsn2ip0s.com ads I had installed. I removed them with FreeFixer and that stopped the fsn2ip0s.com pop-ups and all the other ads I was getting in .

The issue with pop-ups like this one is that it can be popped up by many variants of adware, not just the adware running on my machine. This makes it impossible to say exactly what you need to remove to stop the pop-ups.

Anyway, here’s my suggestion for the fsn2ip0s.com ads removal:

  1. Review what programs you have installed in the Add/Remove programs dialog in the Windows Control Panel. Do you see something that you don’t remember installing or that was recently installed?
  2. How about your add-ons you installed in Chrome, Firefox, Internet Explorer or Safari. Anything in the list that you don’t remember installing?
  3. If that didn’t solve the problem, you can give FreeFixer a try. FreeFixer is built to assist users when manually tracking down adware and other types of unwanted software. It is a freeware utility that I’ve been working since 2006 and it scans your computer at lots of locations where unwanted software is known to hook into your system. If you would like to get additional details about a file in FreeFixer’s scan result, you can just click the More Info link for that file and a web page with a VirusTotal report will open up, which can be very useful to determine if the file is safe or malware:

    FreeFixer More Info link example
    An example of FreeFixer’s “More Info” links. Click for full size.

Did this blog post help you to remove the fsn2ip0s.com pop-up ads? Please let me know or how I can improve this blog post.

Thank you!

Remove js.ourstatsstaticstack.com From Firefox, Chrome and Internet Explorer

browser status bar, , ,

This page shows how to remove js.ourstatsstaticstack.com from Mozilla Firefox, Google Chrome and Internet Explorer.

Sound familiar? You see js.ourstatsstaticstack.com in your browser’s status bar or in the network log while browsing sites that usually don’t load any content from third party domains. Maybe the js.ourstatsstaticstack.com domain appear when performing a search at the Google search engine?

Here’s how the js.ourstatsstaticstack.com connection looked like when I got it in the network log on my computer:

js.ourstatsstaticstack.com connection

The following are some of the status bar messages you may see in your browser’s status bar:

  • Waiting for js.ourstatsstaticstack.com…
  • Transferring data from js.ourstatsstaticstack.com…
  • Looking up js.ourstatsstaticstack.com…
  • Read js.ourstatsstaticstack.com
  • Connected to js.ourstatsstaticstack.com…

I’ve also spotted the app.ourstatsstaticstack.com (69.16.175.10), errors.ourstatsstaticstack.com (54.231.33.68) and logs.ourstatsstaticstack.com (69.16.175.10) subdomains.

Does this sound like your computer, you presumably have some potentially unwanted program installed on your machine that makes the js.ourstatsstaticstack.com domain appear in your browser. Contacting the owner for the site you were at would be a waste of time. The js.ourstatsstaticstack.com statusbar messages are not coming from them. I’ll try help you to remove the js.ourstatsstaticstack.com status bar messages in this blog post.

I found js.ourstatsstaticstack.com on one of the lab systems where I have some potentially unwanted programs running. I’ve talked about this in some of the previous blog posts. The potentially unwanted programs was installed on purpose, and from time to time I check if something new has appeared, such as pop-up windows, new tabs in the web browsers, injected ads on site that usually don’t show ads, or if some new files have been saved to the hard-drive.

js.ourstatsstaticstack.com resolves to the 69.16.175.42 address and ourstatsstaticstack.com to 208.109.4.201. js.ourstatsstaticstack.com was created on 2014-02-18.

So, how do you remove js.ourstatsstaticstack.com from your browser? On the machine where js.ourstatsstaticstack.com showed up in the status bar I had TornTV installed. I removed it with FreeFixer and that stopped the browser from loading data from js.ourstatsstaticstack.com.

The problem with this type of status bar message is that it can be caused by many variants of potentially unwanted programs. This makes it impossible to say exactly what you need to remove to stop the status bar messages.

So, what can be done? To remove js.ourstatsstaticstack.com you need to examine your computer for potentially unwanted programs and uninstall them. Here’s my suggested removal procedure:

The first thing I would do to remove js.ourstatsstaticstack.com is to examine the software installed on the machine, by opening the “Uninstall programs” dialog. You can find this dialog from the Windows Control Panel. If you are using one of the more recent versions of Windows Operating System you can just type in “uninstall” in the Control Panel’s search field to find that dialog:
Uninstall a program search

Click on the “Uninstall a program” link and the Uninstall programs dialog will open up:
Uninstall a program dialog

Do you see something strange-looking listed there or something that you don’t remember installing? Tip: Sort on the “Installed On” column to see if something was installed about the same time as you started observing the js.ourstatsstaticstack.com status bar messages.

Then you can examine you browser add-ons. Potentially unwanted program often appear under the add-ons dialog in Google Chrome, Mozilla Firefox, Internet Explorer or Safari. Is there anything that looks suspicious? Something that you don’t remember installing?
Firefox add-ons manager

I think most users will be able to identify and remove the potentially unwanted program with the steps outlined above, but in case that did not work you can try the FreeFixer removal tool to identify and remove the potentially unwanted program. FreeFixer is a freeware tool that I started develop about 8 years ago. Freefixer is a tool designed to manually track down and uninstall unwanted software. When you’ve tracked down the unwanted files you can simply tick a checkbox and click on the Fix button to remove the unwanted file.

FreeFixer’s removal feature is not crippled like many other removal tools out there. It won’t require you to pay a fee just when you are about to remove the unwanted files.

And if you’re having troubles deciding if a file is safe or potentially unwanted in FreeFixer’s scan report, click on the More Info link for the file. That will open up your browser with a page which contains more information about the file. On that web page, check out the VirusTotal report which can be quite useful:

FreeFixer More Info link example
An example of FreeFixer’s “More Info” links. Click for full size.

Did this blog post help you to remove js.ourstatsstaticstack.com? Please let me know or how I can improve this blog post.

Thank you!

ocsp.godaddy.com – Your Browser Is Connecting to GoDaddy’s OCSP Server

Uncategorized

If you see a HTTP connection to ocsp.godaddy.com in your browser’s network traffic log, there’s no need to worry. ocsp.godaddy.com is GoDaddy’s OCSP server and is used to check the revocation status of digital certificates. OCSP is an acronym for Online Certificate Status Protocol. GoDaddy sells domain names, SSL certificates, and lots of other services.

Here’s a screenshot of the ocsp.godaddy.com HTTP requests and responses:

ocsp.godaddy.com connection

As you can see in the screenshot above, the request has the “application/ocsp-request” type.

If you see Google Chrome, Mozilla Firefox or Internet Explorer connecting to ocsp.godaddy.com, they are in the middle of the process of verifying a digital certificate. Perhaps a certificate for a HTTPS connection you just made? The connection can also be initiated by a javascript running in the browser if that script, for example, makes a HTTPS connection.

Thanks for reading!

Lamphouse Media LLC – 21% Detection Rate – Adware.Agent.PGG

digital signature

Hi there! If you’ve been following me for the last year you know that I’ve been examining many software publishers that put a digital signature on their downloads. Today I found another publisher called Lamphouse Media LLC while checking out some of the more recent submissions to the FreeFixer database.

You can view the details of a digital signature by looking at a file’s properties from Windows Explorer.

The reason why I think the Lamphouse Media LLC file is interesting is because it is detected by some of the scanners at VirusTotal. It came up with a 21% detection rate. The file is detected as Generic.BAF by AVG, Adware.Agent.PGG by BitDefender and Adware.Agent.PGG by nProtect.

Lamphouse Media LLC anti-virus report

Did you also find an Lamphouse Media LLC? Do you remember the download link? Please post it in the comments below. I’d like to check it out on my lab machine.

Thanks for reading.

Remove mmotraffic.com Pop Up Ads Caused By Adware

pop-ups

Did you just get a pop-up from mmotraffic.com and ponder where it came from? Did the mmotraffic.com ad appear to have been popped up from a web site that under normal circumstances don’t use aggressive advertising such as pop-up windows? Or did the mmotraffic.com pop-up show up while you clicked a link on one of the big search engines, such as Google, Bing or Yahoo?

Here is a screen capture on the mmotraffic.com pop-up tab from my system:

mmotraffic.com pop up

The URL mentions poster.gogames.me.

If this description sounds like what you are seeing, you presumably have some adware installed on your system that pops up the mmotraffic.com ads. So there’s no use contacting the site owner. The ads are not coming from them. I’ll try help you with the mmotraffic.com removal in this blog post. This is done by removing the unwanted adware from your computer.

If you have been visiting this blog already know this, but if you are new: Some time ago I dedicated some of my lab machines and wilfully installed some adware programs on them. Since then I’ve been tracking the behaviour on these machines to see what kinds of advertisements that are displayed. I’m also looking on other interesting things such as if the adware updates itself automatically, or if it downloads additional unwanted software on the machines. I first observed the mmotraffic.com pop-up on one of these lab machines.

mmotraffic.com resolves to the 217.149.70.40 address. mmotraffic.com was created on 2008-08-22.

So, how do you remove the mmotraffic.com pop-up ads? On the machine where I got the mmotraffic.com ads I had TinyWallet, BrowserWarden and BlockAndSurf installed. I removed them with FreeFixer and that stopped the mmotraffic.com pop-ups and all the other ads I was getting in Mozilla Firefox.

It seems as mmotraffic.com is getting quite a lot of traffic, based on Alexa’s traffic rank:

mmotraffic.com traffic rank

The bad news with pop-ups such as this one is that it can be popped up by many variants of adware, not just the adware on my computer. This makes it impossible to say exactly what you need to remove to stop the pop-ups.

So, what should done to solve the problem? To remove the mmotraffic.com pop-up ads you need to check your machine for adware or other types of unwanted software and uninstall it. Here’s my suggested removal procedure:

The first thing I would do to remove the mmotraffic.com pop-ups is to examine the programs installed on the machine, by opening the “Uninstall programs” dialog. You can find this dialog from the Windows Control Panel. If you are using one of the more recent versions of Windows you can just type in “uninstall” in the Control Panel’s search field to find that dialog:
Uninstall a program search

Click on the “Uninstall a program” link and the Uninstall programs dialog will open up:
Uninstall a program dialog

Do you see something suspicious listed there or something that you don’t remember installing? Tip: Sort on the “Installed On” column to see if some program was installed approximately about the same time as you started observing the mmotraffic.com pop-ups.

Then I would check the browser add-ons. Adware often show up under the add-ons menu in Google Chrome, Mozilla Firefox, Internet Explorer or Safari. Is there something that looks suspicious? Something that you don’t remember installing?
Firefox add-ons manager

I think you will be able to track down and remove the adware with the steps outlined above, but in case that did not work you can try the FreeFixer removal tool to identify and remove the adware. FreeFixer is a freeware tool that I started develop many years ago. Freefixer is a tool designed to manually track down and remove unwanted software. When you’ve found the unwanted files you can simply tick a checkbox and click on the Fix button to remove the unwanted file.

FreeFixer’s removal feature is not locked down like many other removal tools out there. It won’t require you to pay a fee just when you are about to remove the unwanted files.

And if you’re having a mess figuring out if a file is legitimate or unsafe in FreeFixer’s scan result, click on the More Info link for the file. That will open up your browser with a page which contains more information about the file. On that web page, check out the VirusTotal report which can be quite useful:

FreeFixer More Info link example
An example of FreeFixer’s “More Info” links. Click for full size.

Did you find any adware on your machine? Did that stop the mmotraffic.com ads? Please post the name of the adware you uninstalled from your machine in the comment below.

Thank you!

Remove targetingadvertiser.com Pop Up Ads

pop-ups

Does this sound familiar? You see pop-up ads from targetingadvertiser.com while browsing web sites that typically don’t advertise in pop-up windows. The pop-ups manage to evade the built-in pop-up blockers in Google Chrome, Mozilla Firefox, Internet Explorer, Safari or Opera. Maybe the targetingadvertiser.com pop-ups appear when clicking search results from the Google search engine? Or does the pop-ups appear even when you’re not browsing?

Here’s how the targetingadvertiser.com pop-up looked like when I got it on my system:

targetingadvertiser.com pop up

The subdomains is a.targetingadvertiser.com.

If you also see this on your system, you almost certainly have some adware installed on your machine that pops up the targetingadvertiser.com ads. So there’s no use contacting the site owner. The ads are not coming from them. I’ll try help you with the targetingadvertiser.com removal in this blog post.

Those that have been reading this blog already know this, but for new visitors: Recently I dedicated a few of my lab systems and deliberately installed a few adware programs on them. I have been following the behaviour on these computers to see what kinds of advertisements that are displayed. I’m also looking on other interesting things such as if the adware auto-updates, or if it downloads and installs additional unwanted software on the computers. I first noticed the targetingadvertiser.com pop-up on one of these lab machines.

a.targetingadvertiser.com resolves to 54.244.235.229. Here’s the traffic rank, thanks to Alexa:

targetingadvertiser.com traffic rank

So, how do you remove the targetingadvertiser.com pop-up ads? On the machine where I got the targetingadvertiser.com ads I had installed. I removed them with FreeFixer and that stopped the targetingadvertiser.com pop-ups and all the other ads I was getting in .

The bad news with pop-ups such as this one is that it can be popped up by many variants of adware, not just the adware that’s installed on my computer. This makes it impossible to say exactly what you need to remove to stop the pop-ups.

Anyway, here’s my suggestion for the targetingadvertiser.com ads removal:

  1. What software do you have installed if you look in the Add/Remove programs dialog in the Windows Control Panel? Something that you don’t remember installing yourself or that was recently installed?
  2. You can also check the browser add-ons. Same thing here, do you see anything that you don’t remember installing?
  3. If that did not help, I’d recommend a scan with FreeFixer to manually track down the adware. FreeFixer is a freeware tool that I’m working on that scans your computer at lots of locations, such as browser add-ons, processes, Windows services, recently modified files, etc. If you want to get additional details about a file in the scan result, you can click the More Info link for that file and a web page will open up with a VirusTotal report which will be very useful to determine if the file is safe or malware:

    FreeFixer More Info link example
    An example of FreeFixer’s “More Info” links. Click for full size.

Did this blog post help you to remove the targetingadvertiser.com pop-up ads? Please let me know or how I can improve this blog post.

Thank you!

Remove williamhill.com Pop Up Ads Caused By Adware

pop-ups

Do you see pop-up ads from williamhill.com while browsing on web sites that normally don’t advertise in pop-up windows. The pop-ups manage to escape the built-in pop-up blockers in Google Chrome, Mozilla Firefox, Internet Explorer, Safari or Opera. Perhaps the williamhill.com popups appear when clicking search results from Google? Or does the pop-ups appear even when you’re not browsing?

Here’s how the williamhill.com pop-up looked like when I got it on my machine:

williamhill.com pop up

I first noticed this pop up back in December 2014, but now it appeared again, so I thought I should write a few lines about it. The actual subdomain is static.williamhill.com.

If this sounds like what you are seeing on your machine, you presumably have some adware installed on your machine that pops up the williamhill.com ads. Don’t blame the people that owns the website you were at, the ads are almost certainly not coming from that site, but from the adware that’s installed on your machine. I’ll try help you to remove the williamhill.com pop-ups in this blog post. This is done by removing the unwanted adware.

Those that have been visiting this blog already know this, but here we go: Not long ago I dedicated some of my lab machines and deliberately installed some adware programs on them. I have been monitoring the behaviour on these machines to see what kinds of advertisements that are displayed. I’m also looking on other interesting things such as if the adware updates itself, or if it installs additional unwanted software on the systems. I first observed the williamhill.com pop-up on one of these lab computers.

So, how do you remove the williamhill.com pop-up ads? On the machine where I got the williamhill.com ads I had BlockAndSurf, TinyWallet and BrowserWarden installed. I removed them with FreeFixer and that stopped the williamhill.com pop-ups and all the other ads I was getting in .

The problem with pop-ups like this one is that it can be launched by many variants of adware, not just the adware that’s installed on my system. This makes it impossible to say exactly what you need to remove to stop the pop-ups.

So, what should done to solve the problem? To remove the williamhill.com pop up ads you need to examine your machine for adware or other types of unwanted software and uninstall it. Here’s my suggested removal procedure:

  1. What software do you have installed if you look in the Add/Remove programs dialog in the Windows Control Panel? Something that you don’t remember installing yourself or that was recently installed?
  2. You can also check the add-ons you have in your browsers. Same thing here, do you see anything that you don’t remember installing?
  3. If that did not help, you can give FreeFixer a try. FreeFixer is built to assist users when manually tracking down adware and other types of unwanted software. It is a freeware utility that I’ve been working since 2006 and it scans your machine at lots of locations where unwanted software is known to hook into your system. If you would like to get additional details about a file in FreeFixer’s scan result, you can just click the More Info link for that file and a web page with a VirusTotal report will open up, which can be very useful to determine if the file is safe or malware:

    FreeFixer More Info link example
    An example of FreeFixer’s “More Info” links. Click for full size.

Here you can see FreeFixer in action removing pop-up ads:

Did this blog post help you to remove the williamhill.com pop-up ads? Please let me know or how I can improve this blog post.

Thank you!

Remove rvfrm2007.com Pop Up Ads

pop-ups, ,

Did you just get a pop-up from rvfrm2007.com and ask yourself where it came from? Did the rvfrm2007.com ad appear to have been popped up from a web site that under normal circumstances don’t use aggressive advertising such as pop-up windows? Or did the rvfrm2007.com pop-up show up while you clicked a link on one of the major search engines, such as Google, Bing or Yahoo?

Here is how the rvfrm2007.com ad looked like on my machine when it appeared in a new tab:

rvfrm2007.com pop up

The pop up mentions the ad124m.adk2.net domain. After a while, I was redirected to a igame.com ad.

If you also see this on your computer, you presumably have some adware installed on your computer that pops up the rvfrm2007.com ads. Contacting the site owner would be a waste of time. The ads are not coming from them. I’ll do my best to help you remove the rvfrm2007.com pop-up in this blog post.

For those that are new to the blog: Recently I dedicated some of my lab computers and wilfully installed a few adware programs on them. Since then I have been following the behaviour on these machines to see what kinds of advertisements that are displayed. I’m also looking on other interesting things such as if the adware updates itself, or if it downloads additional unwanted software on the machines. I first observed the rvfrm2007.com pop-up on one of these lab machines.

rvfrm2007.com resolves to the 173.192.117.80 IP address. rvfrm2007.com was created on 2015-01-01. Here’s some of the WHOIS info:

Registrant Name: DNS ADMIN
Registrant Organization: MYADWISE LTD.
Registrant Street: HAPLADA 5
Registrant City: OR YEHUDA
Registrant Country: IL

So, how do you remove the rvfrm2007.com pop-up ads? On the machine where I got the rvfrm2007.com ads I had BlockAndSurf, TinyWallet and BrowserWarden installed. I removed them with FreeFixer and that stopped the rvfrm2007.com pop-ups and all the other ads I was getting in Mozilla Firefox.

The issue with this type of pop-up is that it can be initiated by many variants of adware. This makes it impossible to say exactly what you need to remove to stop the pop-ups.

So, what can be done to solve the problem? To remove the rvfrm2007.com popup ads you need to review your system for adware or other types of unwanted software and uninstall it. Here’s my suggested removal procedure:

The first thing I would do to remove the rvfrm2007.com pop-ups is to examine the programs installed on the machine, by opening the “Uninstall programs” dialog. You can reach this dialog from the Windows Control Panel. If you are using one of the more recent versions of Windows you can just type in “uninstall” in the Control Panel’s search field to find that dialog:
Uninstall a program search

Click on the “Uninstall a program” link and the Uninstall programs dialog will open up:
Uninstall a program dialog

Do you see something suspicious listed there or something that you don’t remember installing? Tip: Sort on the “Installed On” column to see if something was installed about the same time as you started getting the rvfrm2007.com pop-ups.

The next thing to check would be your browser’s add-ons. Adware often appear under the add-ons dialog in Google Chrome, Mozilla Firefox, Internet Explorer, Safari or Opera. Is there anything that looks suspicious? Something that you don’t remember installing?
Firefox add-ons manager

I think you will be able to track down and remove the adware with the steps outlined above, but in case that did not work you can try the FreeFixer removal tool to identify and remove the adware. FreeFixer is a freeware tool that I started develop about 8 years ago. Freefixer is a tool built to manually track down and remove unwanted software. When you’ve found the unwanted files you can simply tick a checkbox and click on the Fix button to remove the unwanted file.

FreeFixer’s removal feature is not locked down like many other removal tools out there. It will not require you to pay a fee just when you are about to remove the unwanted files.

And if you’re having difficulties determining if a file is legit or unsafe in FreeFixer’s scan report, click on the More Info link for the file. That will open up your web browser with a page which contains additional information about the file. On that web page, check out the VirusTotal report which can be quite useful:

FreeFixer More Info link example
An example of FreeFixer’s “More Info” links. Click for full size.

Here you can see FreeFixer in action removing pop-up ads:

Did you find any adware on your machine? Did that stop the rvfrm2007.com ads? Please post the name of the adware you uninstalled from your machine in the comment below.

Thank you!

Advertaizing Grupp – 19% Detection Rate – InstallCore

digital signature, ,

Hi there! If you are a regular here on the FreeFixer blog you know that I’ve been looking on the certificates used to sign files that bundled various types of unwanted software. Today I found another certificate, used by a publisher called Advertaizing Grupp.

Advertaizing Grupp certificate

You can view the certificate by right-clicking on the file, and looking under the Digital Signature tab: According to the embedded certificate we can see that Advertaizing Grupp is located in Russia and that the certificate is issued by COMODO RSA Code Signing CA.

What caught my attention was that the download was called adobe_flash_setup.exe. This might look like an official Adobe Flash Player download, but it is not. If it was an official download, it would be signed by Adobe Systems Incorporated. Here’s how the authentic Adobe Flash Player looks like when you double click on it. Notice that the “Verified publisher” says “Adobe Systems Incorporated”.
Adobe Systems Incorporated - Adobe Flashplayer Installer

So, what does the anti-virus programs say about the Advertaizing Grupp file? No problem, I just uploaded the file to VirusTotal and it turned out that many of the anti-virus programs detects the Advertaizing Grupp file, with names such as Win32:Rootkit-gen [Rtk], Adware/InstallCo.zlz, Trojan.InstallCore.57, Trojan ( 004b4b721 ), Riskware.Win32.InstallCore.dnxkbc and Win32/Tnega.MFNTaRB.

Advertaizing Grupp anti virus report

Did you also find a download that was digitally signed by Advertaizing Grupp? What kind of download was it and was it detected by the anti-virus progams at VirusTotal? Please share in posting comments below.

Hope this blog post helped you avoid some unwanted software on your machine.

Thank you for reading.