Welcome! If you’ve been following me for the last year you know that I’ve been examining many software publishers that put a digital signature on their downloads. I’ve seen lots of submission of Interesting Solutions files to the FreeFixer database, so I thought it was about time to write a few lines about this publisher.
The scan result from VirusTotal below clearly shows why you probably should avoid the Interesting Solutions files. It is detected under names such as Downloader.CBD, Adware.Yontoo.55, a variant of MSIL/Adware.PullUpdate.G.gen, PUP.Optional.WebGuard.A, HEUR/QVM03.0.Malware.Gen and Injekt (fs).
Did you also find a Interesting Solutions file? Do you remember the download link for the software that bundled Interesting Solutions? Please let me know so I can test it out on my lab machine.
Hello! Did you see a file, such as WhatsApp.exe, on your system signed by Stepan Rybin? Then read on..
I found this Stepan Rybin file while reviewing some of the submissions to the FreeFixer web site. I thought it looked a little bit like a typical “MultiPlug” adware file and the VirusTotal scan result showed that was the case. Ad-Aware reports WhatsApp.exe as Gen:Variant.Adware.Mikey.7658, Avast calls it Win32:MultiPlug-TP [PUP], Cyren names it W32/S-05e718fa!Eldorado, F-Prot calls it W32/S-05e718fa!Eldorado and Sophos detects it as MultiPlug.
Did you also find a Stepan Rybin download? Do you remember where you downloaded it? Please post the URL in the comments below. I’d like to install this download on my lab machine to have a closer look at it.
Welcome! Was as usual looking though some of the recent submissions to the FreeFixer database and0 found an interesting file, signed by System Alerts. The file is named v7GATO64.dll.
The VirusTotal report shows that the System Alerts file should probably be avoided, unless you like adware on your machine of course;) v7GATO64.dll is detected as Adware.Agent.PHD by BitDefender, Adware.Agent.PHD by F-Secure, Adware.Agent.PHD by nProtect and Suspicious_GEN.F47V0209 by TrendMicro-HouseCall.
Did you also find a file digitally signed by System Alerts? What kind of download was it and where did you find it? Please let me know, I’d like to test this adware on my lab machine.
This page shows how to remove i.imgur.com connections, caused by adware, from Mozilla Firefox, Google Chrome and Internet Explorer.
I noticed i.imgur.com in my browser’s status bar when doing a search at Google. Under normal circumstances, a search at Google should not generate a connection to i.imgur.com. If this is what you are experiencing, you may have some adware installed on your machine. More on that later on.
The following are some of the status bar messages you may see in your browser’s status bar:
Waiting for i.imgur.com…
Transferring data from i.imgur.com…
Looking up i.imgur.com…
Read i.imgur.com
Connected to i.imgur.com…
Those that have been following this blog already know this, but for new visitors: Not long ago I dedicated a few of my lab machines and purposely installed some potentially unwanted programs on them. I have been tracking the behaviour on these computers to see what kinds of advertisements that are displayed. I’m also looking on other interesting things such as if the potentially unwanted program updates itself, or if it downloads and installs additional potentially unwanted programs on the machines. I first found the i.imgur.com in Firefox’s status bar on one of these lab machines.
So, how do you remove i.imgur.com from your web browser? The answer is: By removing the adware from your machine. On the machine where i.imgur.com showed up in the status bar I had an adware called CheckMeUp installed. I removed CheckMeUp with FreeFixer and that stopped the browser from loading data from i.imgur.com.
The problem with statusbar messages like this one is that I think it can be caused by many variants of potentially unwanted programs, not just the CheckMeUp adware on my system. This makes it impossible to say exactly what you need to remove to stop the statusbar messages.
So, what can be done? To remove i.imgur.com you need to check your computer for potentially unwanted programs and uninstall them. Here’s my suggested removal procedure:
The first thing I would do to remove i.imgur.com is to examine the software installed on the machine, by opening the “Uninstall programs” dialog. You can open this dialog from the Windows Control Panel. If you are using one of the more recent versions of Windows you can just type in “uninstall” in the Control Panel’s search field to find that dialog:
Click on the “Uninstall a program” link and the Uninstall programs dialog will open up:
Do you see something suspect in there or something that you don’t remember installing? Tip: Sort on the “Installed On” column to see if something was installed about the same time as you started seeing the i.imgur.com status bar messages. Do you see CheckMeUp there?
Then you can examine you browser add-ons. Potentially unwanted program often turn up under the add-ons dialog in Mozilla Firefox, Google Chrome, Internet Explorer or Safari. Is there anything that looks suspicious? Something that you don’t remember installing? Is CheckMeUp listed there?
I think you will be able to track down and remove the potentially unwanted program with the steps outlined above, but in case that did not work you can try the FreeFixer removal tool to identify and remove the potentially unwanted program. FreeFixer is a freeware tool that I started develop about 8 years ago. Freefixer is a tool designed to manually find and uninstall unwanted software. When you’ve identified the unwanted files you can simply tick a checkbox and click on the Fix button to remove the unwanted file.
FreeFixer’s removal feature is not locked down like many other removal tools out there. It won’t require you to pay a fee just when you are about to remove the unwanted files.
And if you’re having a mess figuring out if a file is legitimate or potentially unwanted in FreeFixer’s scan result, click on the More Info link for the file. That will open up a web page which contains additional details about the file. On that web page, check out the VirusTotal report which can be very useful:
An example of FreeFixer’s “More Info” links. Click for full size.
Did this blog post help you to remove i.imgur.com? Please let me know or how I can improve this blog post.
Welcome! Just wanted to give you the heads up on a file called Skype_Setup.exe that’s digitally signed by Funnel Connector (Fried Cookie Ltd.).
What caught my attention was that the download was called Skype_Setup.exe. This might look like an official Skype download, but it is not. If it was an official download, it should have been digitally signed by Skype Software Sarl. Here’s how the authentic Skype looks like when you double click on it. Notice that the “Verified publisher” says “Skype Software Sarl”.
The problem with the Funnel Connector (Fried Cookie Ltd.) file is that it is detected by some of the anti-viruses. Here are some of the detection names: Application.Win32.FriedCookie.CIRK, Win32.Application.InstallCore.DI and InstallCore (fs).
Did you also find an Funnel Connector (Fried Cookie Ltd.)? Do you remember the download link? Please post it in the comments below and I’ll upload it to VirusTotal to see if that one is also detected.
Hello readers! If you’ve been following my recent posts here on the FreeFixer blog, you know that I’ve been looking at files that have a valid digital signature and bundle various types of potentially unwanted programs and programs that works as a downloader. A few days ago I found another publisher named Platform Connector (Fried Cookie Ltd.).
Information about a digital signature and the certificate can be found under the Digital Signature tab. The screenshot shows the Platform Connector (Fried Cookie Ltd.) certificate. From the certificate info we can see that Platform Connector (Fried Cookie Ltd.) appears to be located in Tel Aviv in Israel.
So, why am I writing about the Platform Connector (Fried Cookie Ltd.) file? Check out what the anti-viruses report about the file:
Avira detects installer_jdownloader_English.exe as Adware/InstallCore.734264, ESET-NOD32 reports a variant of Win32/InstallCore.WX potentially unwanted, K7GW reports Trojan ( 004b61851 ) and VIPRE reports InstallCore (fs) are a few of the detection names for installer_jdownloader_English.exe.
Did you also find a Platform Connector (Fried Cookie Ltd.) file? Do you remember where you downloaded it?
Did you just get a pop-up from plarium.com and wonder where it came from? Did the plarium.com ad appear to have been launched from a web site that under normal circumstances don’t use aggressive advertising such as pop-up windows? Or did the plarium.com pop-up show up while you clicked a link on one of the major search engines, such as Google, Bing or Yahoo?
Here’s how the plarium.com pop-up looked like when I got it on my computer:
The ad is for the Stormfall Age of War game. The URL mentions the adcash.com domain.
If this description sounds like your system, you most likely have some adware installed on your machine that pops up the plarium.com ads. There’s no use contacting the owners of the web site you currently were browsing. The advertisements are not coming from them. I’ll do my best to help you remove the plarium.com pop-up in this blog post. This is done by cleaning your computer from the unwanted adware.
If you have been following this blog already know this, but if you are new: Not long ago I dedicated a few of my lab machines and purposely installed some adware programs on them. I have been observing the behaviour on these machines to see what kinds of advertisements that are displayed. I’m also looking on other interesting things such as if the adware auto-updates, or if it downloads additional unwanted software on the computers. I first found the plarium.com pop-up on one of these lab machines.
So, how do you remove the plarium.com pop-up ads? On the machine where I got the plarium.com ads I had BlockAndSurf, TinyWallet and BrowserWarden installed. I removed them with FreeFixer and that stopped the plarium.com pop-ups and all the other ads I was getting in Mozilla Firefox.
It seems as plarium.com is getting quite a lot of traffic, based on Alexa’s traffic rank:
The problem with this type of pop-up is that it can be popped up by many variants of adware. This makes it impossible to say exactly what you need to remove to stop the pop-ups.
Anyway, here’s my suggestion for the plarium.com ads removal:
The first thing I would do to remove the plarium.com pop-ups is to examine the software installed on the machine, by opening the “Uninstall programs” dialog. You can reach this dialog from the Windows Control Panel. If you are using one of the more recent versions of Windows you can just type in “uninstall” in the Control Panel’s search field to find that dialog:
Click on the “Uninstall a program” link and the Uninstall programs dialog will open up:
Do you see something suspicious listed there or something that you don’t remember installing? Tip: Sort on the “Installed On” column to see if some program was installed approximately about the same time as you started seeing the plarium.com pop-ups.
The next thing to check would be your browser’s add-ons. Adware often show up under the add-ons dialog in Chrome, Firefox, Internet Explorer or Safari. Is there anything that looks suspicious? Something that you don’t remember installing?
I think most users will be able to find and remove the adware with the steps outlined above, but in case that did not work you can try the FreeFixer removal tool to identify and remove the adware. FreeFixer is a freeware tool that I started develop many years ago. It’s a tool designed to manually identify and uninstall unwanted software. When you’ve found the unwanted files you can simply tick a checkbox and click on the Fix button to remove the unwanted file.
FreeFixer’s removal feature is not crippled like many other removal tools out there. It will not require you to purchase the program just when you are about to remove the unwanted files.
And if you’re having problems determining if a file is clean or unwanted in the FreeFixer scan result, click on the More Info link for the file. That will open up your web browser with a page which contains additional details about the file. On that web page, check out the VirusTotal report which can be very useful:
An example of FreeFixer’s “More Info” links. Click for full size.
Here you can see FreeFixer in action removing the adware that caused pop-up ads:
Did you find any adware on your machine? Did that stop the plarium.com ads? Please post the name of the adware you uninstalled from your machine in the comment below.
Did you just get a pop-up from diriginal.info and wonder where it came from? Did the diriginal.info ad appear to have been initiated from a web site that under normal circumstances don’t use aggressive advertising such as pop-up windows? Or did the diriginal.info pop-up show up while you clicked a link on one of the big search engines, such as Google, Bing or Yahoo?
Here is a screenshot on the diriginal.info pop-up from my computer:
The download pushed here was digitally signed by Andrey Hmelnikov. The download is hosted at groupsetzipmyjob.org.
Does this sound like your experience, you probably have some adware installed on your machine that pops up the diriginal.info ads. So don’t flame the people that runs the web site you were at, the advertisements are almost certainly not coming from that site, but from the adware that’s installed on your system. I’ll do my best to help you with the diriginal.info removal in this blog post.
For those that are new to the blog: A little while back I dedicated some of my lab machines and intentionally installed some adware programs on them. Since then I have been tracking the behaviour on these computers to see what kinds of advertisements that are displayed. I’m also looking on other interesting things such as if the adware updates itself automatically, or if it downloads and installs additional unwanted software on the systems. I first spotted the diriginal.info pop-up on one of these lab computers.
diriginal.info resolves to the 54.69.104.255 address. diriginal.info was created on 2014-08-21.
So, how do you remove the diriginal.info pop-up ads? On the machine where I got the diriginal.info ads I had PriceLess, PriceFountain, PriceHorse, OfferBoulevard and SpeedCheck installed. I removed them with FreeFixer and that stopped the diriginal.info pop-ups and all the other ads I was getting in Internet Explorer.
It seems as diriginal.info is getting quite a lot of traffic, based on Alexa’s traffic rank:
The issue with this type of pop-up is that it can be launched by many variants of adware, not just the adware running on my computer. This makes it impossible to say exactly what you need to remove to stop the pop-ups.
Anyway, here’s my suggestion for the diriginal.info ads removal:
Check what programs you have installed in the Add/Remove programs dialog in the Windows Control Panel. Do you see anything that you don’t remember installing or that was recently installed?
How about your browser add-ons. Anything in the list that you don’t remember installing?
If that did not help, I’d recommend a scan with FreeFixer to manually track down the adware. FreeFixer is a freeware tool that I’m working on that scans your computer at lots of locations, such as browser add-ons, processes, Windows services, recently modified files, etc. If you want to get additional details about a file in the scan result, you can click the More Info link for that file and a web page will open up with a VirusTotal report which will be very useful to determine if the file is safe or malware:
An example of FreeFixer’s “More Info” links. Click for full size.
Here’s a video guide showing how to remove pop-up ads with FreeFixer:
Did this blog post help you to remove the diriginal.info popup ads? Please let me know or how I can improve this blog post.
Does this sound familiar? You see pop-up advertisements from bestones.net while browsing websites that normally don’t advertise in pop-up windows. The pop-ups manage to escape the built-in pop-up blockers in Google Chrome, Mozilla Firefox, Internet Explorer or Safari. Perhaps the bestones.net pop-ups appear when clicking search results from a Google search? Or does the pop-ups show up even when you’re not browsing?
Here’s a screenshot of the bestones.net pop-up ad when it showed up on my machine:
Does this sound like your story, you most likely have some adware installed on your computer that pops up the bestones.net ads. There’s no use contacting the owners of the website you were browsing. The ads are not coming from them. I’ll try help you to remove the bestones.net pop-ups in this blog post.
Those that have been visiting this blog already know this, but for new visitors: Recently I dedicated a few of my lab computers and intentionally installed some adware programs on them. I have been monitoring the actions on these systems to see what kinds of advertisements that are displayed. I’m also looking on other interesting things such as if the adware auto-updates, or if it downloads additional unwanted software on the systems. I first observed the bestones.net pop-up on one of these lab machines.
bestones.net resolves to the 54.69.104.255 IP address. bestones.net was registered on 2014-08-21.
So, how do you remove the bestones.net pop-up ads? On the machine where I got the bestones.net ads I had PriceLess, PriceFountain, PriceHorse and SpeedCheck installed. I removed them with FreeFixer and that stopped the bestones.net pop-ups and all the other ads I was getting in Internet Explorer.
The issue with pop-ups such as this one is that it can be launched by many variants of adware. This makes it impossible to say exactly what you need to remove to stop the pop-ups.
So, what can be done? To remove the bestones.net pop-up ads you need to check your system for adware or other types of unwanted software and uninstall it. Here’s my suggested removal procedure:
Review what programs you have installed in the Add/Remove programs dialog in the Windows Control Panel. Do you see anything that you don’t remember installing or that was recently installed?
You can also check the browser add-ons. Same thing here, do you see something that you don’t remember installing?
If that does not help, you can give FreeFixer a try. FreeFixer is built to assist users when manually tracking down adware and other types of unwanted software. It is a freeware utility that I’ve been working since 2006 and it scans your computer at lots of locations where unwanted software is known to hook into your computer. If you would like to get additional details about a file in FreeFixer’s scan result, you can just click the More Info link for that file and a web page with a VirusTotal report will open up, which can be very useful to determine if the file is safe or malware:
An example of FreeFixer’s “More Info” links. Click for full size.
Here’s a video tutorial on how to remove the pop-ups with FreeFixer:
Did this blog post help you to remove the bestones.net pop-up ads? Please let me know or how I can improve this blog post.
Hello readers. Another day, another blog post. Did you just see something called SpadeCast on your machine? I just spotted SpadeCast while reviewing some of the latest submissions to FreeFixer’s database.
I first thought that this was a BrowseFox variant, based on how it named its filename. But the VirusTotal and the anti-virus programs there detect it as “Adware.SpadeCast“. The detection rate is 9/53. Some of the detection names for SpadeCast are Adware.SpadeCast.A and Trojan.Win32.Generic!BT. I guess it could still be a BrowseFox variant.
So, how about the removal? If you’d like to remove SpadeCast you can do so with the FreeFixer removal tool. Just select the files digitally signed by “SpadeCast”, click the Fix, reboot, and the problem should be solved.
Hope that helped you with the removal.
Did you also find SpadeCast on your computer? Any idea how it installed? Please share by posting a comment. I’d like to install and test this on my lab machine.
