Tag Archives: OutBrowse

Bon Don Jov – Anti-Virus Detection: 18% – OutBrowse Revenyou

Welcome! Did you just find a file that’s digitally signed by Bon Don Jov and came here to find more about it? You will see Bon Don Jov listed as the verified publisher in the User Account Control dialog that pops up if you try to run the file:

Bon Don Jov in the User Account Control dialog

To get more details on the publisher, you can view the embedded certificate by right-clicking on the file, and looking under the Digital Signatures tab. According to the certificate we can see that Bon Don Jov seems to be located in Dublin, Ireland and that the certificate is issued by GlobalSign CodeSigning CA – G2.

Bon Don Jov certificate - States that the publisher is located in Dublin, Ireland

10 of the scanners at VirusTotal detected the file. Win32:OutBrowse-X [PUP], APPL/Downloader.Gen, Trojan.OutBrowse.54, Win32/OutBrowse.BU potentially unwanted, OutBrowse Revenyou and OutBrowse (fs) were the detection names.

Bon Don Jov anti virus report. 18% Detection Rate. Detection name: OutBrowse

Did you also find a Bon Don Jov file? What kind of download was it? If you remember the download link, please post it in the comments below.

Thanks for reading.

Yes Apps – 36% Detection Rate – OutBrowse

Welcome! Short on time today, but I just wanted to give you the heads up on a publisher called Yes Apps.Yes Apps UAC

Typically you’d see the Yes Apps publisher name appear when double-clicking on the installer_jdownloader_English.exe file: You can also look at the Yes Apps certificate and digital signature by looking under the Digital Signatures tab on the file’s properties. According to the certificate, Yes Apps is located in Dublin, Ireland.

Yes Apps certificate

After uploading the Yes Apps file – installer_jdownloader_English.exe – to VirusTotal, it was clear that it’s probably better to delete the file than running it. The detection rate was 36% and some of the detection names were: Downloader.DGR, APPL/Downloader.Gen, PUP.Optional.OutBrowse, Adware-OutBrowse.e and Trojan.Win32.Generic!BT.

Yes Apps virustotal

Did you also find a file signed by Yes Apps? What kind of download was it and where did you find it?

Thank you for reading.

Mari Mara – 20% Detection Rate – PUP.Optional.Maru / OutBrowse Revenyou

Hello! Just wanted to let you know about a publisher called Mari Mara that I found earlier today. Here’s how the UAC dialog looks like when running the file:

Mari Mara publisher

You can also check the digital signature under the file’s properties. According to the certificate we can see that Mari Mara appears to be located in Dublin, Ireland and that the certificate is issued by GlobalSign CodeSigning CA – G2.

Mari Mara certificate

The VirusTotal report shows that the Mari Mara file should probably be avoided, since setup.exe is detected as Win-PUP/OutBrowse by AhnLab-V3, Mari.668 by AVG, PUA.OutBrowse by Ikarus, PUP.Optional.Maru by Malwarebytes and OutBrowse Revenyou by Sophos.

Mari Mara virustotal

Did you also find a Mari Mara file? What kind of download was it? If you remember the download link, please post it in the comments below.

Thank you for reading.

Click Yes – 6% Detection Rate at VirusTotal

Hi there! If you’ve been following my recent posts here on the FreeFixer blog, you know that I’ve been looking at files that have a valid digital signature and bundle various types of potentially unwanted programs. This morning I found another publisher named Click Yes. The following screenshot shows the User Account Control dialog when running the Click Yes file:

Click Yes publisher in the uac dialog

By looking at the certificate we can see that Click Yes appears to be located in Dublin, Ireland. The certificate is quite new. It’s validity period started yesterday, on the 21st of October.

Click Yes certificate

The VirusTotal report shows that the Click Yes file should probably be avoided, since setup.exe is detected as APPL/Downloader.Gen by Avira, Trojan.Packed.29192 by DrWeb and Win32/OutBrowse.AY by ESET-NOD32. The detection rate is only 6% which is quite low.

Click Yes virus total report - 6% detection rate

Did you also find a Click Yes file? What kind of download was it? If you remember the download link, please post it in the comments below and I’ll upload it to VirusTotal to see if the detection rate is improved.

Hope this blog post helped you avoid some unwanted software on your machine.

Thanks for reading.

Remove Ads by CheckMeUp

Hello there and welcome to the FreeFixer blog. Just a short post on an adware called CheckMeUp. If the CheckMeUp adware is installed on your machine, you’ll find ads labeled “Ads by CheckMeUp”, a new add-on named CheckMeUp added into Internet Explorer and Firefox and a process called CheckMeUp.exe running in the Windows Task Manager. I’ll show how to remove CheckMeUp in this blog post with the FreeFixer removal tool.

Ads by CheckMeUp pop-up Ads by CheckMeUp mouse over pop-up Ads by CheckMeUp banner

checkmeup.exe in the Windows Task Manager

Here’s how CheckMeUp shows up in Firefox and Internet Explorer:

CheckMeUp Internet Explorer CheckMeUp 1.179 firefox add-on

CheckMeUp is distributed by a tactic called bundling. Bundling means that a piece of software – in this case CheckMeUp – is included in other software’s installers. When I first found CheckMeUp, it was bundled with a download called FLV Player by OutBrowse.

OutBrowse LTD

Generally, you can avoid bundled software such as CheckMeUp by being careful when installing software and declining the bundled offers in the installer.

When I find some new bundled software I usually upload it to VirusTotal to see if the anti-malware tools there detect something. 3 of the 55 anti-virus scanners detected the file. The CheckMeUp.exe file is detected as AddLyrics by Sophos and Revizer (fs) by VIPRE.

CheckMeUp.exe virus total report

Since you probably want to remove CheckMeUp, these are the items you should check for removal if you want to remove it with FreeFixer. You might have to restart your machine to complete the removal. Problem taken care of.

CheckMeUp scheduled task CheckMeUp firefox freefixer CheckMeUp browser helper object

Hope that helped you to figure out how to do the removal.

Any idea how CheckMeUp was installed on your computer? Please let me and the readers know by posting a comments. Thank you!

Thanks for reading. Welcome back!

Update 2014-12-06: CheckMeUp is now using files named webinstrNewH.sys184_x64.dll and 184.dll.