Hello! I was playing around and testing some downloads when I found a file signed by Install Source (Fried Cookie Ltd.).
If you have a Install Source (Fried Cookie Ltd.) file on your computer you may have noticed that Install Source (Fried Cookie Ltd.) pops up as the publisher in the User Account Control dialog when running the file. It is also possible to check a digital signature by looking at a file’s properties.
The issue is that chrome_setup.exe is not an official Google Chrome download. If it was, it should be signed by Google Inc.. Here’s how the authentic Google Chrome looks like when you double click on it. Notice that the “Verified publisher” says “Google Inc”.
Of the 56 anti-virus scanners, 5 detected the file. AVG reports chrome_setup.exe as Generic.834, AVware detects it as InstallCore (fs), Comodo detects it as Application.Win32.FriedCookie.CIRK, ESET-NOD32 reports a variant of Win32/InstallCore.UT and VIPRE detects it as InstallCore (fs).
Did you also find a file digitally signed by Install Source (Fried Cookie Ltd.)? Where did you find it and are the anti-virus programs detecting it? Please share in the comments below.
Hello readers! I was playing around and testing some downloads when I found a file digitally signed by TOV Doychkhof.
It is also possible to check a digital signature by looking at a file’s properties. Here’s a screenshot of the TOV Doychkhof certificate.
The issue is that FlashPlayer__6741_i1439870194_il674.exe is not an official Adobe Flash Player download. If it was, it should have been digitally signed by Adobe Systems Incorporated. Here’s how the authentic Adobe Flash Player looks like when you double click on it. Notice that the “Verified publisher” says “Adobe Systems Incorporated”.
When I uploaded the TOV Doychkhof file to VirusTotal, it came up with a 34% detection rate. The file is detected as Trojan.Amonetize.341 by DrWeb, Riskware/Amonetize by Fortinet, not-a-virus:AdWare.Win32.Amonetize.sfd by Kaspersky, Artemis by McAfee-GW-Edition and HEUR/QVM10.1.Malware.Gen by Qihoo-360.
Did you also find a file digitally signed by TOV Doychkhof? What kind of download was it and where did you find it?
Hello guys and gals. Today I wanted to talk about an adware called Dynamo Combo and give you some removal instructions. Dynamo Combo appears to be a variant of BrowseFox that I blogged about previously. If Dynamo Combo is installed and running on your machine, you will see a new add-on, called Dynamo Combo, installed into Firefox and Internet Explorer. I’ll show how to remove Dynamo Combo in this blog post with the FreeFixer removal tool.
So, how did Dynamo Combo install on your machine? It was probably bundled with some download that you installed recently. Bundling means that software is included in other software’s installers.
Generally, you can avoid bundled software such as Dynamo Combo by being careful when installing software and declining the bundled offers in the installer.
So, how about the Dynamo Combo removal? You can remove Dynamo Combo with the FreeFixer removal tool. Here’s a few screenshots from the removal that should help you: A reboot of your computer might be required to complete the removal.
Hope that helped you with the removal.
Did you also find Dynamo Combo on your system? Any idea how it was installed? Please share your story the comments below. Thanks!
Did you find a “Mozilla Firefox” download signed by Bully Unity LTD? Just wanted to give you the heads up that this is not the official Mozilla Firefox download. The real deal should be signed by Mozilla Corporation.
I uploaded the file to VirusTotal, but it was not detected by any of the anti-virus scanners. Did you also find a Bully Unity LTD file? Was it detected by the anti-virus programs?
Welcome! Just a quick post on a publisher called Edward Kosar that I found while running some tests for the upcoming FreeFixer release. The suspicious file is named “How I Met Your Mother S09E22 HDTV x264-KILLERS[ettv].exe”.
The certificate is issued by Certum Code Signing CA. According to the cert, Edward Kosar is located in Ukraine.
So, why did I put up this blog post? Well, the thing is that the Edward Kosar file is detected by many of the scanners, according to VirusTotal. F-Prot classifies How I Met Your Mother S09E22 HDTV x264-KILLERS[ettv].exe as W32/S-e70371e2!Eldorado, Kaspersky reports not-a-virus:AdWare.Win32.MultiPlug.oaqy, McAfee detects it as MultiPlug-FTW, Panda classifies it as Trj/Genetic.gen and VBA32 reports suspected of Heur.Malware-Cryptor.Multiplug.
Did you also run into a file that was digitally signed by Edward Kosar? What kind of download was it and was it detected by the anti-viruses at VirusTotal? Please share in posting comments below.
Hello readers. Hope you are doing ok. Just a quick post on the Video Dimmeradware. It appears that Video Dimmer has been around for some time, but now I noticed it bundled with several downloads.If Video Dimmer is installed on your machine, you’ll find a new service installed and videodimmerservice.exe running in the Windows Task Manager.
I’ll show how to remove Video Dimmer in this blog post with the FreeFixer removal tool.
So, how did Video Dimmer install on your machine? It was probably bundled with some download that you installed recently. Bundling means that software is included in other software’s installers. Here’s how it appeared in the installer:
When I find some new bundled software I always upload it to VirusTotal to check if the anti-malware programs there find something. Of the 56 anti-virus scanners, 10 detected the file. AVG detects Video Dimmer as Downloader.CBD, Avira detects it as Adware/PullUpdate.AP, Comodo names it ApplicUnwnt, Malwarebytes names it PUP.Optional.VideoDimmer.A and Qihoo-360 reports HEUR/QVM03.0.Malware.Gen.
All you need to do to remove Video Dimmer is to check the Video Dimmer files in the scan result and click the Fix button. A reboot of your computer may be required to complete the removal. Just select the Video Dimmer files as shown in the screenshots below.
Hope this helped you solved the Video Dimmer problem.
I stumbled upon Video Dimmer while testing out some downloads that are known to bundled lots of unwanted software. Any idea how Video Dimmer was installed on your computer? Please share your story the comments below. Thank you very much!
Hello guys and gals. Just a short post on an adware called Cyti Web. This appears to be a variant of BrowseFox that I’ve previously blogged about many times. If Cyti Web is running on your system, you will find new add-on installed into Firefox and Internet Explorer. I’ll show how to remove Cyti Web in this blog post with the FreeFixer removal tool.
CytiWeb is bundled with other software. Bundled means that it is included in another software’s installer. When I first found CytiWeb, it was bundled with a software download called FlvPlayer. The following screen-cap shows how Cyti Web was disclosed in FlvPlayer’s installer when I found it.
Generally, you can avoid bundled software such as Cyti Web by being careful when installing software and declining the bundled offers in the installer.
As usual when I find some new bundled software I uploaded it to VirusTotal to verify if the anti-virus scanners there detect anything interesting. 32 of the scanners detected the file. The Cyti Web files are detected as BrowseFox.F by AVG, ADWARE/BrowseFox.Gen2 by Avira, Trojan.BPlug.144 by DrWeb, Artemis by McAfee-GW-Edition, Yontoo.C by Symantec and AdWare.Kranet by VBA32.
You can remove Cyti Web with the FreeFixer removal tool. Here’s a few screenshots that should help you along the way: A restart of your machine might be required to complete the removal. Problem solved.
Hope this helped you remove the Cyti Web adware.
Any idea how you got Cyti Web on your computer? Please share by posting a comment. Thanks!
Does this sound like your story? You see pop-up ads from offers.karamba.com while browsing websites that mostl of the time don’t advertise in pop-up windows. The pop-ups manage to get round the built-in pop-up blockers in Chrome, Firefox, Internet Explorer or Safari. Perhaps the offers.karamba.com pop-ups appear when clicking search results from Google? Or does the pop-ups appear even when you’re not browsing?
Here’s a screen capture of the offers.karamba.com pop-up ad when it showed up on my computer:
Does this sound like your machine, you almost certainly have some adware installed on your computer that pops up the offers.karamba.com ads. There’s no use contacting the owners of the site you were browsing. The ads are not coming from them. I’ll do my best to help you remove the offers.karamba.com pop-up in this blog post.
For those that are new to the blog: A little while back I dedicated a few of my lab computers and deliberately installed some adware programs on them. Since then I have been observing the behaviour on these computers to see what kinds of advertisements that are displayed. I’m also looking on other interesting things such as if the adware updates itself, or if it downloads and installs additional unwanted software on the machines. I first found the offers.karamba.com pop-up on one of these lab computers.
So, how do you remove the offers.karamba.com pop-up ads? On the machine where I got the offers.karamba.com ads I had BlockAndSurf, TinyWallet and BrowserWarden installed. I removed them with FreeFixer and that stopped the offers.karamba.com pop-ups and all the other ads I was getting in Mozilla Firefox.
The bad news with pop-ups like this one is that it can be launched by many variants of adware. This makes it impossible to say exactly what you need to remove to stop the pop-ups.
So, what can be done to solve the problem? To remove the offers.karamba.com pop-up ads you need to check your computer for adware or other types of unwanted software and uninstall it. Here’s my suggested removal procedure:
The first thing I would do to remove the offers.karamba.com pop-ups is to examine the software installed on the machine, by opening the “Uninstall programs” dialog. You can find this dialog from the Windows Control Panel. If you are using one of the more recent versions of Windows you can just type in “uninstall” in the Control Panel’s search field to find that dialog:
Click on the “Uninstall a program” link and the Uninstall programs dialog will open up:
Do you see something suspicious listed there or something that you don’t remember installing? Tip: Sort on the “Installed On” column to see if something was installed about the same time as you started getting the offers.karamba.com pop-ups.
Then I would check the browser add-ons. Adware often appear under the add-ons menu in Chrome, Firefox, Internet Explorer or Safari. Is there anything that looks suspicious? Something that you don’t remember installing?
I think most users will be able to find and uninstall the adware with the steps outlined above, but in case that did not work you can try the FreeFixer removal tool to identify and remove the adware. FreeFixer is a freeware tool that I’ve developed since 2006. It’s a tool designed to manually track down and uninstall unwanted software. When you’ve tracked down the unwanted files you can simply tick a checkbox and click on the Fix button to remove the unwanted file.
FreeFixer’s removal feature is not crippled like many other removal tools out there. It won’t require you to pay for the program just when you are about to remove the unwanted files.
And if you’re having problems deciding if a file is legit or malware in FreeFixer’s scan report, click on the More Info link for the file. That will open up your web browser with a page which contains more information about the file. On that web page, check out the VirusTotal report which can be very useful:
An example of FreeFixer’s “More Info” links. Click for full size.
Here’s a video guide showing how to remove pop-up ads with FreeFixer:
Did this blog post help you to remove the offers.karamba.com pop-up ads? Please let me know or how I can improve this blog post.
Hi there! Just wanted to give you the heads up on a file called Skype_Setup.exe that’s digitally signed by Alpha Apps (Fried Cookie Ltd.).
Here how Alpha Apps (Fried Cookie Ltd.) appears in the UAC dialog when running Skype_Setup.exe as admin:
The Alpha Apps (Fried Cookie Ltd.) certificate shows that the publisher is located in Tel-Aviv, Israel.
What caught my attention was that the download was called Skype_Setup.exe. This might look like an official Skype download, but it is not. If it was an official download, it would be digitally signed by Skype Software Sarl. Here’s how the authentic Skype looks like when you double click on it. Notice that the “Verified publisher” says “Skype Software Sarl”.
The problem with the Alpha Apps (Fried Cookie Ltd.) file is that it is detected by some of the antimalware scanners. Here are some of the detection names: Trojan.InstallCore.39, a variant of Win32/InstallCore.SX, Unwanted-Program ( 004b2d871 ) and InstallCore (fs).
Did you also find a Alpha Apps (Fried Cookie Ltd.) file?
Hello readers. Another day, another blog post. Today I wanted to talk about a Adware called UniSales and thought I should give you some removal instructions. UniSales appears to be a variant of BuyNSave that I wrote about previously. If UniSales is installed on your computer, you will see ads labeled Ads by unisales added into Google’s search results, new add-ons called “Unisales” installed into Firefox and Internet Explorer, pop-up windows labeled “Ads by unisales” and overlay ads, also tagged “Ads by unisales”.
I’ll show how to remove UniSales in this blog post with the FreeFixer removal tool.
UniSales is distributed by a tactic called bundling. Bundling means that a piece of software is included in other software’s installers. Here’s how it appeared in the installer:
Generally, you can avoid bundled software such as UniSales by being careful when installing software and declining the bundled offers in the installer.
When I stumble upon some new bundled software I always upload it to VirusTotal to verify if the anti-virus programs there detect something interesting. 29% of the anti-virus scanners detected the file. ESET-NOD32 names UniSales as a variant of Win32/AdWare.MultiPlug.BN, F-Secure calls it Gen:Variant.Adware.Graftor.153998, McAfee detects it as Artemis!7E61FEF6948F and McAfee-GW-Edition names it BehavesLike.Win32.Adware.hm.
I’m sure you’d like to remove UniSales, and that’s pretty straightforward with FreeFixer. Select the UniSales files, as shown in the screenshots below, click Fix, and restart your machine and the problem should be gone.
Hope this helped you remove the UniSales Adware.
I stumbled upon UniSales while testing out some downloads that are known to bundled lots of unwanted software. Any idea how you got UniSales on your computer? Please let me and the readers know by posting a comments. Thanks a bunch!
