Remove land.pckeeper.software Pop Up Ads

Uncategorized

Did you just get interrupted by a pop-up ad from land.pckeeper.software? You are not alone. I also get the land.pckeeper.software pop-ups while browsing. Do the pop-ups also circumvent the pop-up blocker in Chrome, Firefox, Internet Explorer or Safari. Then read on…

Here’s a screenshot of the land.pckeeper.software pop-up ad when it showed up on my machine:land.pckeeper.software pop up

Does this sound like what you are seeing, you apparently have some adware installed on your system that pops up the land.pckeeper.software ads.

So, how do you remove the land.pckeeper.software pop-up ads? On the machine where I got the land.pckeeper.software ads I had CPUMiner, PineTree and GamesDesktop installed. These three programs are often referred to as “Potentially Unwanted”. I removed these three and that stopped the pop-ups.

The problem with pop-ups like this one is that it can be launched by many variants of adware. This makes it impossible to say exactly what you need to remove to stop the pop-ups.

Anyway, here’s my suggestion for the land.pckeeper.software ads removal:

The first thing I would do to remove the land.pckeeper.software pop-ups is to examine the programs installed on the machine, by opening the “Uninstall programs” dialog. You can reach this dialog from the Windows Control Panel. If you are using one of the more recent versions of Windows OS you can just type in “uninstall” in the Control Panel’s search field to find that dialog:
Uninstall a program search

Click on the “Uninstall a program” link and the Uninstall programs dialog will open up:
Uninstall a program dialog

Do you see something suspicious listed there or something that you don’t remember installing? Can you see GamesDesktop, PineTree or CpuMiner? Tip: Sort on the “Installed On” column to see if some program was installed approximately about the same time as you started getting the land.pckeeper.software pop-ups.

The next thing to check would be your browser’s add-ons. Adware often appear under the add-ons dialog in Chrome, Firefox, Internet Explorer or Safari. Is there something that looks suspicious? Something that you don’t remember installing? Can you see GamesDesktop, PineTree or CpuMiner?
Firefox add-ons manager

Did this blog post help you to remove the land.pckeeper.software pop-up ads? Please let me know or how I can improve this blog post.

Thank you!

LLC “B2B SOFT UA” – 14% Detection Rate

digital signature, ,

Hello readers! Just a short post before I call it a day. I found yet another file that bundled a bunch of unwanted programs, and the file was signed by LLC “B2B SOFT UA”.

LLC B2B SOFT UA publisher

You will also see LLC “B2B SOFT UA” listed as the verified publisher in the User Account Control dialog that pops up if you try to run the file: The certificate is issued by COMODO RSA Code Signing CA. The company is located in Kiev, Ukraine:

LLC B2B SOFT UA certificate

The VirusTotal report shows that the LLC “B2B SOFT UA” file should be avoided, since How I Met Your Mother S09E22 HDTV x264KILLERS[ettv]__15022_i1707449201_il379351.exe is detected as ADWARE/Amonetize.Gen by Avira, PE:Malware.RDM.15!5.15[F1] by Rising, HEUR/QVM10.1.Malware.Gen by Qihoo-360 and Trj/Genetic.gen by Panda.

LLC B2B SOFT UA virus report

Did you also find a LLC “B2B SOFT UA” file? What kind of download was it? If you remember the download link, please post it in the comments below.

Thanks for reading.

Pop Up Ads and Status Bar Messages – October 2015

browser status bar, pop-ups

If you have been following me on the blog for the last six months you know that I often write about how to remove pop up ads and how to remove unwanted sites showing up in the browser’s status bar. In those blog posts, I show how to track down and remove unwanted software by using the 1) Windows Control Panel, 2) the browser’s add-on dialog or 3) with the FreeFixer removal tool.

I often write a new blog post for each site that I find, which is quite time-consuming. The upcoming months I’ll be focusing on developing some back-end stuff for FreeFixer so I can’t be as active as I use to be on the blog. But I will at least summarise the finds that I do, with a screenshot, and post them here.

A pop up from se-arlig-undersokning.xyz:

se-arlig-undersokning.xyz

spartoo.se pop up:

spartoo.se pop up

barnebys.se pop up:

barnebys.se pop up

us.fps-pb.com pop up:

us.fps-pb.com pop up

and a pop up ad from luxuryslotonline.com:

luxuryslotonline.com pop up

A pop up from d31f5ec245utk2.cloudfront.net:

d31f5ec245utk2.cloudfront.net pop up

go.leguide.com pop up:

go.leguide.com pop up

dream-marriage.com pop up:

dream-marriage.com pop up

tracking.tfxiq.net in the status bar:

tracking.tfxiq.net

Pop up from machine.billionoptions.net:

machine.billionoptions.net

Pop up from aftonbladet.se.05b.xyz:

aftonbladet.se.05b.xyz pop up

kds.adspirit.de pop up:

kds.adspirit.de pop up

A pop up from chachagong23.com:

chachagong23.com pop up

dry.papaerleaf.com in the status bar:

dry.papaerleaf.com

super-promo.guqu.info pop up:

super-promo.guqu.info

rqf.receptorirrigated.com in the status bar:

rqf.receptorirrigated.com

A pop up ad from 123mymovies.com:

123mymovies.com pop up

adss.comeadvertisewithus.com in Firefox’ status bar:

adss.comeadvertisewithus.com

A pop up from static.millionairetruth.com:

static.millionairetruth.com pop up

gets.attracteffectclub.info in the status bar:

gets.attracteffectclub.info

A pop-up ad from super-promo.gufu.info:

super-promo.gufu.info pop up

While doing at search at Google, ads.egrana.com.br showed up in the status bar:

ads.egrana.com.br status bar

pinsght.com in the status bar:

pinsght.com

super-promo.goas.info pop up:

super-promo.goas.info pop up

A pop-up from cnn.officialreport.info:cnn.officialreport.info pop up

While searching at Google’s search engine, cdn1.clktag.com popped up in the status bar:

cdn1.clktag.com status bar

karriar-magazine.com pop up ad:

karriar-magazine.com pop up

Pop-up ad from super-promo.gipi.info:

super-promo.gipi.info

api.pixelcloudhit.com  in the status bar:

api.pixelcloudhit.com status bar

And a pop up from scanscasino.com:

scanscasino.com pop up

Pop up ad from super-promo.giiy.info:

super-promo.giiy.info

swf.chequebooksbruising.com in the browser’s status bar:

swf.chequebooksbruising.com

A pop up from super-promo.giip.info:

super-promo.giip.info

and cdn3.org showed up in the network log:

cdn3.org

bcp.crwdcntrl.net loaded from google:

bcp.crwdcntrl.net

anddogen.com in the status bar:

anddogen.com

A pop up from super-promo.gurs.info.

A pop up ad about oil-trading from preg.conquer-media.com:

preg.conquer-media.com pop up

i_sbitinbsjs_info.tlscdn.com showed up in the status bar of Mozilla Firefox while searching at Google. Here’s a dump from the network log.

i_sbitinbsjs_info.tlscdn.com

technologiestuart.com also showed up in the status bar while doing the Google search:

www.technologiestuart.com

The Wajam adware is responsible for that connection.

A bunch of netdna-ssl.com domains showing up in the Firefox status bar, while searching at Google. The domains were:

  • 4x3zy4ql-l8bu4n1j.netdna-ssl.com
  • 5k9v3bc1-enehfzfv.netdna-ssl.com
  • d13j8bqw-l8bu4n1j.netdna-ssl.com
  • j9bruvxk-l8bu4n1j.netdna-ssl.com

4x3zy4ql-l8bu4n1j.netdna-ssl.com   5k9v3bc1-enehfzfv.netdna-ssl.com

A pop-up ad from super-promo.gazy.info:

super-promo.gazy.info pop up

A survey pop-up ad from super-promo.gaol.info:

super-promo.gaol.info pop up

jscdnbox.com loading while searching at Google:

jscdnbox.com

s.tlscdn.com in Firefox’ status bar:

s.tlscdn.com

Here’s isi.envelopspunnet.com in the status bar:

isi.envelopspunnet.com

Pop up ad from super-promo.gaah.info:

super-promo.gaah.info pop up

stat.vidcore.tv in the status bar:

stat.vidcore.tv

A pop-up from nordicslabel.com:

nordicslabel.com pop up

Adsvids.com in the status bar:

adsvids.com

A pop-up ad from super-promo.fuvu.info:

super-promo.fuvu.info pop up

The 8casino-x.com pop up ad:

8casino-x.com pop up

omq.relievingdungeons.com may show up in your browser’s status bar:

omq.relievingdungeons.com

go.herdailyvideos.com in Firefox’ status bar:

go.herdailyvideos.com

bit-search.com in the status bar:

bit-search.com

search.smartshopping.com also in the status bar:

search.smartshopping.com

tracking.audience.media in the status bar, while searching at Google:

tracking.audience.media

And here’s a pop up from super-promo.grav.info:super-promo.grav.info pop up

cf.vsavr.com in the network log:

cf.vsavr.com

prod.vsearchr.com, also in the network log:

prod.vsearchr.com

A popup ad from super-promo.geew.info:

super-promo.geew.info pop up

A pop up from financialsecrets.info.

Other sites that showed up in the network log while doing a search at Google:

  • uhl.outspokentameness.com
  • foi.slynessduplicating.com
  • duu.ragsmarmoset.com
  • opl.speculationsanorak.com
  • vrr.unfamiliarcartographer.com
  • nex.encirclelargish.com
  • hev.sedentaryprosecutor.com
  • drm.polysyllabicsurrounds.com
  • ryz.affiliatedstammer.com
  • monetserv.info
  • nwv.vicescappuccino.com
  • a.global-cdn.co
  • pki.dowagersinimitable.com
  • vmx.pukingtwirled.com
  • yqg.employscitrate.com
  • hzm.maximumfireplaces.com
  • app.keymaxbit.com
  • logs.keymaxbit.com
  • ezl.allegesmourns.com
  • tki.chimpanzeepooling.com
  • www.unionismstream.com
  • eam.duchessestallying.com
  • ech.parallaxindecision.com
  • www.physicianapologises.com
  • www.decomposeselbows.com
  • www.centrifugescompletions.com
  • www.riderdismantled.com
  • vsb.tatlocalisation.com
  • yfv.humpstows.com
  • dfe.contributorymethods.com
  • hql.flirtationafricans.com
  • sgn.egyptianobservably.com
  • arj.keelconjectured.com
  • t1.extreme-dm.com
  • xhd.handbagoverturn.com
  • yze.farcataclysm.com
  • app.pricemoon.co
  • jsgnr.pricemoon.co
  • cwbl.pricemoon.co
  • horusjs.s3.amazonaws.com
  • i_crbfmcjs_info.tlscdn.com
  • cdn.gosignserv.com
  • c.crbsjs.info
  • q.megainbsjs.info
  • r6.kelkoo.com
  • r.kelkoo.com
  • m.megainbsjs.info
  • adsroute.adk2x.com
  • connect.facebook.net
  • d2nq0f8d9ofdwv.cloudfront.net
  • cdn.adpdx.com
  • p.adpdx.com
  • wcp.commonwealthprussia.com
  • qzd.haemophiliacontextualisation.com

A few other sites that appeared in my network log:

  • js.bitgenmax.com
  • app.newcloudrack.com
  • logs.newcloudrack.com
  • js.newcloudrack.com
  • js.keymaxbit.com
  • m2.macutnova.com
  • app.bitgenmax.com
  • logs.bitgenmax.com
  • c.megainbsjs.info
  • f.asdfzxcv1312.com
  • s.megainbsjs.info
  • f.megainbsjs.info
  • app.cloudmaxbox.com
  • logs.cloudmaxbox.com
  • d2avx7g1ttwebd.cloudfront.net
  • d21r4q0rdzodf.cloudfront.net
  • js.cloudmaxbox.com
  • app.devgokey.com
  • logs.devgokey.com
  • js.devgokey.com
  • danv01ao0kdr2.cloudfront.net
  • portal.brandlock.io

Ran into a file signed by BoxI DJV.

BoxI DJV file

Ran into a file signed by Media Theory (Fried Cookie Ltd):

Media Theory (Fried Cookie Ltd)

Somewhat unrelated, but I’ve also run into a add-on called FirefixTab 0.1.13:

FirefixTab 0.1.13

 

Remove ert.fearfromnone.com From Your Browser

browser status bar

This page shows how to remove ert.fearfromnone.com from Mozilla Firefox, Google Chrome and Internet Explorer.

Does this sound like your story? You see ert.fearfromnone.com in your browser’s status bar while browsing on sites that usually don’t load any content from third party domains. Maybe the ert.fearfromnone.com domain show up when performing a search at the Google search engine?

Here’s a screenshot of ert.fearfromnone.com when it showed up on my system:

ert.fearfromnone.com

(Sorry for the large number of watermarks. If I don’t add them, the screenshot will be used without attribution at some other blogs)

Here are some of the status bar messages you may see in your browser’s status bar:

  • Waiting for ert.fearfromnone.com…
  • Transferring data from ert.fearfromnone.com…
  • Looking up ert.fearfromnone.com…
  • Read ert.fearfromnone.com
  • Connected to ert.fearfromnone.com…

If this description sounds like your machine, you probably have some potentially unwanted program installed on your computer that makes the ert.fearfromnone.com domain appear in your web browser. So there’s no idea contacting the owner of the website you were browsing. The ert.fearfromnone.com status bar messages are not coming from them. I’ll try help you with the ert.fearfromnone.com removal in this blog post.

For those that are new to the blog: Not long ago I dedicated some of my lab computers and intentionally installed some potentially unwanted programs on them. I have been monitoring the behaviour on these computers to see what kinds of advertisements, if any, that are displayed. I’m also looking on other interesting things such as if the potentially unwanted program updates itself automatically, or if it downloads additional software on the computers. I first spotted ert.fearfromnone.com in Mozilla Firefox’s statusbar on one of these lab machines.

ert.fearfromnone.com resolves to the 8.34.112.226 IP address. ert.fearfromnone.com was registered on 2015-01-05.

So, how do you remove ert.fearfromnone.com from your browser? On the machine where ert.fearfromnone.com showed up in the status bar I had WNet, CashReminder, PlainSavings and ActSys installed. I removed them with FreeFixer and that stopped the web browser from loading data from ert.fearfromnone.com.

If you are wondering if there are many others out seeing ert.fearfromnone.com in the browser, the answer is probably yes. Check out the traffic rank from Alexa:

The problem with status bar messages like this one is that it can be caused by many variants of potentially unwanted programs, not just the potentially unwanted program that’s installed on my machine. This makes it impossible to say exactly what you need to remove to stop the status bar messages.

Anyway, here’s my suggestion for the ert.fearfromnone.com removal:

  1. What software do you have installed if you look in the Add/Remove programs dialog in the Windows Control Panel? Something that you don’t remember installing yourself or that was recently installed?
  2. How about your add-ons you have in your web browsers. Anything in the list that you don’t remember installing?
  3. If that didn’t help, I’d recommend a scan with FreeFixer to manually track down the potentially unwanted program. FreeFixer is a freeware tool that I’m working on that scans your computer at lots of locations, such as browser add-ons, processes, Windows services, recently modified files, etc. If you want to get additional details about a file in the scan result, you can click the More Info link for that file and a web page will open up with a VirusTotal report which will be very useful to determine if the file is safe or malware:

    FreeFixer More Info link example
    An example of FreeFixer’s “More Info” links. Click for full size.

Did you find any potentially unwanted program on your machine? Did that stop ert.fearfromnone.com? Please post the name of the potentially unwanted program you uninstalled from your machine in the comment below.

Thank you!

Remove tradeadexchange.com from Firefox, Chrome and Internet Explorer.

browser status bar

This page shows how to remove tradeadexchange.com from Mozilla Firefox, Google Chrome and Internet Explorer.

Did you just see tradeadexchange.com in the status bar of your web browser and wonder where it came from? Or did tradeadexchange.com show up while you searched for something on one of the major search engines, such as the Google search engine?

Here is how the tradeadexchange.com status bar message looked like on my computer:

tradeadexchange.com

The following are some of the status bar messages you may see in your browser’s statusbar:

  • Waiting for tradeadexchange.com…
  • Transferring data from tradeadexchange.com…
  • Looking up tradeadexchange.com…
  • Read tradeadexchange.com
  • Connected to tradeadexchange.com…

If this sounds like what you are seeing on your computer, you almost certainly have some potentially unwanted program installed on your system that makes the tradeadexchange.com domain appear in your browser. Don’t write angry emails to the site you were browsing, they are most likely not responsible for the tradeadexchange.com status bar messages. The potentially unwanted program on your system is. I’ll do my best to help you remove the tradeadexchange.com message in this blog post.

Those that have been spending some time on this blog already know this, but here we go: Not long ago I dedicated a few of my lab machines and intentionally installed a few potentially unwanted programs on them. I have been tracking the behaviour on these systems to see what kinds of advertisements, if any, that are displayed. I’m also looking on other interesting things such as if the potentially unwanted program auto-updates, or if it installs additional software on the machines. I first found tradeadexchange.com in Mozilla Firefox’s statusbar on one of these lab computers.

tradeadexchange.com was registered on 2015-04-27. www.tradeadexchange.com resolves to the 104.197.47.161 IP address and tradeadexchange.com to 104.197.47.161. It seems the site is getting quite a lot of traffic:

tradeadexchange.com traffic

So, how do you remove tradeadexchange.com from your browser? On the machine where tradeadexchange.com showed up in the status bar I had WNet, ActSys, PlainSavings and CashReminder installed. I removed them with FreeFixer and that stopped the browser from loading data from tradeadexchange.com.

The issue with status bar messages like this one is that it can be caused by many variants of potentially unwanted programs. This makes it impossible to say exactly what you need to remove to stop the status bar messages.

So, what can be done to solve the problem? To remove tradeadexchange.com you need to review your machine for potentially unwanted programs and uninstall them. Here’s my suggested removal procedure:

  1. Review what programs you have installed in the Add/Remove programs dialog in the Windows Control Panel. Do you see something that you don’t remember installing or that was recently installed?
  2. How about your add-ons you have in your browsers. Anything in the list that you don’t remember installing?
  3. If that didn’t solve the problem, I’d recommend a scan with FreeFixer to manually track down the potentially unwanted program. FreeFixer is a freeware tool that I’m working on that scans your computer at lots of locations, such as browser add-ons, processes, Windows services, recently modified files, etc. If you want to get additional details about a file in the scan result, you can click the More Info link for that file and a web page will open up with a VirusTotal report which will be very useful to determine if the file is safe or malware:

    FreeFixer More Info link example
    An example of FreeFixer’s “More Info” links. Click for full size.

Did you find any potentially unwanted program on your machine? Did that stop tradeadexchange.com? Please post the name of the potentially unwanted program you uninstalled from your machine in the comment below.

Thank you!

Arkhigrad Proekt, TOV – 9% Detection Rate

digital signature, , ,

Hello readers! Just wanted to give you the heads up on a publisher called Arkhigrad Proekt, TOV. Here how Arkhigrad Proekt, TOV appears in the UAC dialog when double-clicking on the Download__15022_i1683705761_il3.exe file:

Arkhigrad Proekt, TOV publisher

You can also view the certificate by right-clicking on the file, and looking under the Digital Signature tab: According to the embedded certificate we can see that Arkhigrad Proekt, TOV is located in Simferopol, Ukraine/Russia and that the certificate is issued by COMODO RSA Code Signing CA.

Arkhigrad Proekt, TOV certificate

Generic.3ED, ADWARE/Amonetize.Gen and PUP.Optional.Amonetize are some detection names according to VirusTotal:

Arkhigrad Proekt, TOV anti-virus report

Did you also find a file digitally signed by Arkhigrad Proekt, TOV? Where did you find it and are the anti-virus programs detecting it? Please share in the comments below.

Thank you for reading.

Registry Reviver (RegistryReviver.exe) Bundled With Software Downloads

Uncategorized

Just a short note on a piece of software called Registry Reviver:

Registry Reviver

If this showed up unexpected on your machine, or you noticed a new process called RegistryReviver.exe in the Task Manager, it may have been bundled with a software download. I found Registry Reviver in a film-clip downloader installation package:

registry reviver bundled

I uploaded the RegistryReviver.exe file to VirusTotal, and 2 of the 56 scanners detected the file:

RegistryReviver.exe anti-virus report

In FreeFixer, the registryreviver.exe file shows up as listed in green since Corel Corporation, the company that digitally signed the file, is tagged as trusted.

Should I reconsider?

Remove adnetworkperformance.com Pop Up Ads

pop-ups,

Did you just get a popup from adnetworkperformance.com and wonder where it came from? Did the adnetworkperformance.com ad appear to have been launched from a web site that under normal circumstances don’t use advertising such as pop-up windows? Or did the adnetworkperformance.com pop-up show up while you clicked a link on one of the big search engines, such as Google, Bing or Yahoo?

Here’s how the adnetworkperformance.com pop-up looked like when I got it on my computer:

adnetworkperformance.com pop up

(Sorry for the watermarks. Need to add them to prevent the most blatant attempts of other bloggers using my screenshots without attribution)

I’m not sure I remember this correctly, but I think I noticed reduxmediia.com in the address bar before adnetworkperformance.com loaded.

Does this sound like what you see your computer, you most likely have some adware installed on your computer that pops up the adnetworkperformance.com ads. So there’s no use contacting the site owner. The ads are not coming from them. I’ll do my best to help you with the adnetworkperformance.com removal in this blog post.

I found the adnetworkperformance.com pop-up on one of the lab machines where I have some adware running. I’ve talked about this in some of the previous blog posts. The adware was installed on purpose, and from time to time I check if something new has appeared, such as pop-up windows, new tabs in the browsers, injected ads on site that usually don’t show advertisements, or if some new files have been saved to the hard-drive.

adnetworkperformance.com was created on 2015-04-27. adnetworkperformance.com resolves to 130.211.186.109. The domain is protected by Domains By Proxy, LLC.

So, how do you remove the adnetworkperformance.com pop-up ads? On the machine where I got the adnetworkperformance.com ads I had Windows Menager, SmartComp Safe Network, gosearch.me and Live Malware Protection installed. I removed them with FreeFixer and that stopped the adnetworkperformance.com pop-ups and all the other ads I was getting in Mozilla Firefox.

If you are wonder if there are many others out there also getting the adnetworkperformance.com ads, the answer is probably yes. Check out the traffic rank from Alexa:

adnetworkperformance.com

Rank 222 means the adnetworkperformance.com web site is getting a crazy amount of traffic.

The issue with pop-ups such as this one is that it can be initiated by many variants of adware, not just the adware that’s installed on my machine. This makes it impossible to say exactly what you need to remove to stop the pop-ups.

So, what can be done? To remove the adnetworkperformance.com pop-up ads you need to examine your system for adware or other types of unwanted software and uninstall it. Here’s my suggested removal procedure:

The first thing I would do to remove the adnetworkperformance.com pop-ups is to examine the software installed on the machine, by opening the “Uninstall programs” dialog. You can reach this dialog from the Windows Control Panel. If you are using one of the more recent versions of Windows you can just type in “uninstall” in the Control Panel’s search field to find that dialog:
Uninstall a program search

Click on the “Uninstall a program” link and the Uninstall programs dialog will open up:
Uninstall a program dialog

Do you see something strange-looking listed there or something that you don’t remember installing? Tip: Sort on the “Installed On” column to see if some program was installed about the same time as you started seeing the adnetworkperformance.com pop-ups.

Then you can examine you browser add-ons. Adware often appear under the add-ons menu in Chrome, Firefox, Internet Explorer or Safari. Is there anything that looks suspicious? Something that you don’t remember installing?
Firefox add-ons manager

I think you will be able to find and uninstall the adware with the steps outlined above, but in case that did not work you can try the FreeFixer removal tool to identify and remove the adware. FreeFixer is a freeware tool that I started develop about 8 years ago. It’s a tool designed to manually find and uninstall unwanted software. When you’ve found the unwanted files you can simply tick a checkbox and click on the Fix button to remove the unwanted file.

FreeFixer’s removal feature is not locked like many other removal tools out there. It won’t require you to pay for the program just when you are about to remove the unwanted files.

And if you’re having difficulties figuring out if a file is clean or malware in FreeFixer’s scan result, click on the More Info link for the file. That will open up your browser with a page which contains more details about the file. On that web page, check out the VirusTotal report which can be very useful:

FreeFixer More Info link example
An example of FreeFixer’s “More Info” links. Click for full size.

Here’s a video tutorial on how to remove the pop-ups with FreeFixer:

Did you find any adware on your machine? Did that stop the adnetworkperformance.com ads? Please post the name of the adware you uninstalled from your machine in the comment below.

Thank you!

Remove reduxmediia.com Pop Up Ads

pop-ups,

Having difficulties with pop-ups from reduxmediia.com? If so, you may have adware installed on your computer. I got the reduxmediia.com pop-ups in Firefox, but they can turn up if you are using Chrome, Internet Explorer, Safari or Opera too.

Here is how the reduxmediia.com ad looked like on my system:

reduxmediia.com pop up

After a while, I was redirected to another site.

Does this sound like your experience, you almost certainly have some adware installed on your computer that pops up the reduxmediia.com ads. Contacting the site owner would be a waste of time. The ads are not coming from them. I’ll try help you to remove the reduxmediia.com pop-ups in this blog post.

For those that are new to the blog: A little while back I dedicated a few of my lab computers and purposely installed some adware programs on them. Since then I’ve been observing the actions on these systems to see what kinds of advertisements that are displayed. I’m also looking on other interesting things such as if the adware updates itself automatically, or if it downloads additional unwanted software on the computers. I first found the reduxmediia.com pop-up on one of these lab machines.

reduxmediia.com was created on 2012-06-21. The domain is protected by WHOIS PRIVACY PROTECTION SERVICE, INC. reduxmediia.com resolves to the 78.140.181.189 address. According to DomainTools is admngronline.com hosted on the same server. I also noticed a few other pop-ups, such as one from app.pckeeper.com.

app.pckeeper.com pop up

So, how do you remove the reduxmediia.com pop-up ads? On the machine where I got the reduxmediia.com ads I had Windows Menager, SmartComp Safe Network, gosearch.me and Live Malware Protection installed. I removed them with FreeFixer and that stopped the reduxmediia.com pop-ups and all the other ads I was getting in Mozilla Firefox.

Judging from Alexa’s traffic rank, reduxmediia.com is getting quite a lot of traffic:

reduxmediia.com

The problem with pop-ups like this one is that it can be launched by many variants of adware. This makes it impossible to say exactly what you need to remove to stop the pop-ups.

Anyway, here’s my suggestion for the reduxmediia.com ads removal:

The first thing I would do to remove the reduxmediia.com pop-ups is to examine the software installed on the machine, by opening the “Uninstall programs” dialog. You can find this dialog from the Windows Control Panel. If you are using one of the more recent versions of Windows you can just type in “uninstall” in the Control Panel’s search field to find that dialog:
Uninstall a program search

Click on the “Uninstall a program” link and the Uninstall programs dialog will open up:
Uninstall a program dialog

Do you see something dubious listed there or something that you don’t remember installing? Tip: Sort on the “Installed On” column to see if something was installed about the same time as you started observing the reduxmediia.com pop-ups.

Then you can examine you browser add-ons. Adware often appear under the add-ons menu in Chrome, Firefox, Internet Explorer or Safari. Is there anything that looks suspicious? Something that you don’t remember installing?
Firefox add-ons manager

I think you will be able to identify and uninstall the adware with the steps outlined above, but in case that did not work you can try the FreeFixer removal tool to identify and remove the adware. FreeFixer is a freeware tool that I started develop many years ago. Freefixer is a tool built to manually track down and remove unwanted software. When you’ve identified the unwanted files you can simply tick a checkbox and click on the Fix button to remove the unwanted file.

FreeFixer’s removal feature is not locked down like many other removal tools out there. It won’t require you to pay a fee just when you are about to remove the unwanted files.

And if you’re having issues figuring out if a file is clean or malware in the FreeFixer scan report, click on the More Info link for the file. That will open up a web page which contains more details about the file. On that web page, check out the VirusTotal report which can be very useful:

FreeFixer More Info link example
An example of FreeFixer’s “More Info” links. Click for full size.

Here’s a video tutorial which shows FreeFixer in action removing adware that caused pop-up ads:

Did this blog post help you to remove the reduxmediia.com pop-up ads? Please let me know or how I can improve this blog post.

Thank you!

Remove static.planet49.com Pop Up Survey Ads

pop-ups, survey

Did you just get a pop-up from static.planet49.com and wonder where it came from? Did the static.planet49.com ad appear to have been popped up from a web site that under normal circumstances don’t use advertising such as pop-up windows? Or did the static.planet49.com pop-up show up while you clicked a link on one of the major search engines, such as Google, Bing or Yahoo?

Here’s a screenshot of the static.planet49.com pop-up ad when it showed up on my machine:

static.planet49.com pop up

(I know, lots of watermarks. Have to do it to stop the copy-cats.) It’s a survey that claims that I could win a Volvo S60 car.

If this sounds like what you are seeing on your machine, you presumably have some adware installed on your system that pops up the static.planet49.com ads. Contacting the owner of the site would be a waste of time. They are not responsible for the ads. I’ll do my best to help you remove the static.planet49.com pop-up in this blog post.

I found the static.planet49.com pop-up on one of the lab systems where I have some adware running. I’ve talked about this in some of the previous blog posts. The adware was installed on purpose, and from time to time I check if anything new has appeared, such as pop-up windows, new tabs in the browsers, injected ads on web site that usually don’t show ads, or if some new files have been saved to the hard-drive.

static.planet49.com was registered on 2000-08-23. se.static.planet49.com resolves to 62.24.27.100. According to YouGetSignal, there’s a bunch of other domains located on the same IP:

  • ar.static.planet49.com
  • au.static.planet49.com
  • au.static.yourturn-au.com
  • be.static.planet49.com
  • br.static.planet49.com
  • de.static.planet49.com
  • fi.static.planet49.com
  • fr.static.planet49.com
  • it.static.planet49.com
  • no.static.planet49.com
  • nz.static.planet49.com
  • pl.static.planet49.com
  • pt.static.planet49.com
  • ru.static.planet49.com
  • se.static.planet49.com
  • sg.static.planet49.com
  • uk.static.planet49.com
  • us.static.big-giveaways.com
  • us.static.planet49.com
  • www.lowes.com

So, how do you remove the static.planet49.com pop-up ads? On the machine where I got the static.planet49.com ads I had istartsurf, MedPlayerNewVersion and Movie Wizard installed. I removed them with FreeFixer and that stopped the static.planet49.com pop-ups and all the other ads I was getting in Mozilla Firefox.

Judging from Alexa’s traffic rank, static.planet49.com is getting quite a lot of traffic:

planet49.com traffic

The bad news with pop-ups such as this one is that it can be popped up by many variants of adware, not just the adware that’s installed on my system. This makes it impossible to say exactly what you need to remove to stop the pop-ups.

Anyway, here’s my suggestion for the static.planet49.com ads removal:

The first thing I would do to remove the static.planet49.com pop-ups is to examine the programs installed on the machine, by opening the “Uninstall programs” dialog. You can find this dialog from the Windows Control Panel. If you are using one of the more recent versions of Windows Operating System you can just type in “uninstall” in the Control Panel’s search field to find that dialog:
Uninstall a program search

Click on the “Uninstall a program” link and the Uninstall programs dialog will open up:
Uninstall a program dialog

Do you see something strange-looking in there or something that you don’t remember installing? Tip: Sort on the “Installed On” column to see if something was installed about the same time as you started getting the static.planet49.com pop-ups.

The next thing to check would be your browser’s add-ons. Adware often appear under the add-ons dialog in Chrome, Firefox, Internet Explorer or Safari. Is there something that looks suspicious? Something that you don’t remember installing?
Firefox add-ons manager

I think most users will be able to find and uninstall the adware with the steps outlined above, but in case that did not work you can try the FreeFixer removal tool to identify and remove the adware. FreeFixer is a freeware tool that I started develop about 8 years ago. It’s a tool built to manually find and uninstall unwanted software. When you’ve found the unwanted files you can simply tick a checkbox and click on the Fix button to remove the unwanted file.

FreeFixer’s removal feature is not locked down like many other removal tools out there. It will not require you to pay for the program just when you are about to remove the unwanted files.

And if you’re having a mess figuring out if a file is safe or malware in the FreeFixer scan result, click on the More Info link for the file. That will open up a web page which contains additional details about the file. On that web page, check out the VirusTotal report which can be quite useful:

FreeFixer More Info link example
An example of FreeFixer’s “More Info” links. Click for full size.

Here’s a video tutorial which shows FreeFixer in action removing adware that caused pop-up ads:

Did this blog post help you to remove the static.planet49.com pop-up ads? Please let me know or how I can improve this blog post.

Thank you!