Tag Archives: WhoisGuard Inc

Remove yaa.blfyuefyset.com From Chrome, Firefox and Internet Explorer

This page shows how to remove yaa.blfyuefyset.com from Mozilla Firefox, Google Chrome and Internet Explorer.

Did you just see yaa.blfyuefyset.com in the status bar or the network log of your web browser and wonder where it came from? Or did yaa.blfyuefyset.com show up while you search for something on one of the major search engines, such as the Google search engine?

Here is how the yaa.blfyuefyset.com connection looked like on my machine when I examined the network log:

yaa.blfyuefyset.com connection

The connection was done while I did a Google search. I’ve noticed that other bloggers say that pop-ups are loaded from this domain, but I have not seen any yet when I tested it. However, there were lots of pop-ups from http://yxo.warmportrait.com.

The following are some of the statusbar messages you may see in your browser’s status bar:

  • Waiting for yaa.blfyuefyset.com…
  • Transferring data from yaa.blfyuefyset.com…
  • Looking up yaa.blfyuefyset.com…
  • Read yaa.blfyuefyset.com
  • Connected to yaa.blfyuefyset.com…

Does this sound like your experience, you probably have some adware installed on your system that makes the yaa.blfyuefyset.com domain appear in your browser. Contacting the site owner would be a waste of time. The yaa.blfyuefyset.com status bar messages are not coming from them. I’ll try help you with the yaa.blfyuefyset.com removal in this blog post.

For those that are new to the blog: Not long ago I dedicated a few of my lab computers and knowingly installed some adware programs on them. I have been monitoring the actions on these machines to see what kinds of advertisements that are displayed. I’m also looking on other interesting things such as if the adware auto-updates, or if it downloads and installs additional unwanted software on the machines. I first found the yaa.blfyuefyset.com in Mozilla Firefox’s status bar on one of these lab machines.

yaa.blfyuefyset.com was registered on 2015-01-05. yaa.blfyuefyset.com resolves to the 5.153.38.134 IP address. The domain is protected by WHOISGUARD, INC.

So, how do you remove yaa.blfyuefyset.com from your web browser? On the machine where yaa.blfyuefyset.com showed up in the status bar I had CheckMeUp installed. I removed it with FreeFixer and that stopped the browser from loading data from yaa.blfyuefyset.com.

The yaa.blfyuefyset.com domain is attracting quite a lot of traffic, just check out the Alexa traffic rank:

blfyuefyset.com traffic rank

The issue with this type of status bar message is that it can be caused by many variants of adware, not just the adware running on my computer. I think that adware such as SaferSurf, NewPlayer, BlockAndSurf and SpeedCheck can also be responsible for yaa.blfyuefyset.com appearing in the browser. And there are probably other variants too. This makes it impossible to say exactly what you need to remove to stop the status bar messages.

To remove yaa.blfyuefyset.com you need to examine your machine for adware or other types of unwanted software and uninstall it. Here’s my suggested removal procedure:

  1. What software do you have installed if you look in the Add/Remove programs dialog in the Windows Control Panel? Something that you don’t remember installing yourself or that was recently installed?
  2. You can also check the web browser add-ons. Same thing here, do you see something that you don’t remember installing?
  3. If that does not help, I’d recommend a scan with FreeFixer to manually track down the adware. FreeFixer is a freeware tool that I’m working on that scans your computer at lots of locations, such as web browser add-ons, processes, Windows services, recently modified files, etc. If you want to get additional details about a file in the scan result, you can click the More Info link for that file and a web page will open up with a VirusTotal report which will be very useful to determine if the file is safe or malware:

    FreeFixer More Info link example
    An example of FreeFixer’s “More Info” links. Click for full size.

Did you find any adware on your machine? Did that stop yaa.blfyuefyset.com? Please post the name of the adware you uninstalled from your machine in the comment below.

Thank you!

Remove guy.brifyghfytify.com from Firefox, Chrome and Internet Explorer

This page shows how to remove guy.brifyghfytify.com from Mozilla Firefox, Google Chrome and Internet Explorer.

Did you just see guy.brifyghfytify.com in the status bar of your browser and ask yourself where it came from? Or did guy.brifyghfytify.com show up while you search for something on one of the big search engines, such as the Google.com search engine?

Here is a screen capture on guy.brifyghfytify.com from my machine when it appeared in my network log, while I did a search at the Google search engine:

guy.brifyghfytify.com connection

Here are some of the status bar messages you may see in your browser’s status bar:

  • Waiting for guy.brifyghfytify.com…
  • Transferring data from guy.brifyghfytify.com…
  • Looking up guy.brifyghfytify.com…
  • Read guy.brifyghfytify.com
  • Connected to guy.brifyghfytify.com…

If you also see this on your computer, you probably have some potentially unwanted program installed on your machine that makes the guy.brifyghfytify.com domain appear in your browser. So there’s no use contacting the owner of the site you were browsing. The guy.brifyghfytify.com status bar messages are not coming from them. I’ll do my best to help you with the guy.brifyghfytify.com removal in this blog post.

I found guy.brifyghfytify.com on one of the lab computers where I have some potentially unwanted programs running. I’ve talked about this in some of the previous blog posts. The potentially unwanted programs was installed on purpose, and from time to time I check if something new has appeared, such as pop-up windows, new tabs in the browsers, injected ads on website that usually don’t show ads, or if some new files have been saved to the hard-drive.

guy.brifyghfytify.com resolves to the 5.153.38.134 IP address. guy.brifyghfytify.com was created on 2015-01-05. The domain is protected by WhoisGuard INC.

So, how do you remove guy.brifyghfytify.com from your browser? On the machine where guy.brifyghfytify.com showed up in the status bar I had TinyWallet, BrowserWarden and BlockAndSurf installed. I removed them with FreeFixer and that stopped the browser from loading data from guy.brifyghfytify.com.

The bad news with this type of status bar message is that it can be caused by many variants of potentially unwanted programs, not just the potentially unwanted program on my system. This makes it impossible to say exactly what you need to remove to stop the statusbar messages.

So, what can be done to solve the problem? To remove guy.brifyghfytify.com you need to review your system for potentially unwanted programs and uninstall them. Here’s my suggested removal procedure:

The first thing I would do to remove guy.brifyghfytify.com is to examine the programs installed on the machine, by opening the “Uninstall programs” dialog. You can reach this dialog from the Windows Control Panel. If you are using one of the more recent versions of Windows you can just type in “uninstall” in the Control Panel’s search field to find that dialog:
Uninstall a program search

Click on the “Uninstall a program” link and the Uninstall programs dialog will open up:
Uninstall a program dialog

Do you see something dubious listed there or something that you don’t remember installing? Tip: Sort on the “Installed On” column to see if something was installed about the same time as you started seeing the guy.brifyghfytify.com status bar messages.

The next thing to check would be your web browser’s add-ons. Potentially unwanted program often appear under the add-ons menu in Mozilla Firefox, Google Chrome, Internet Explorer or Safari. Is there anything that looks suspicious? Anything that you don’t remember installing?
Firefox add-ons manager

I think most users will be able to find and uninstall the potentially unwanted program with the steps outlined above, but in case that did not work you can try the FreeFixer removal tool to identify and remove the potentially unwanted program. FreeFixer is a freeware tool that I started develop about 8 years ago. It’s a tool built to manually find and remove unwanted software. When you’ve identified the unwanted files you can simply tick a checkbox and click on the Fix button to remove the unwanted file.

FreeFixer’s removal feature is not locked down like many other removal tools out there. It will not require you to pay a fee just when you are about to remove the unwanted files.

And if you’re having a hard time determining if a file is clean or potentially unwanted in FreeFixer’s scan result, click on the More Info link for the file. That will open up a web page which contains more details about the file. On that web page, check out the VirusTotal report which can be quite useful:

FreeFixer More Info link example
An example of FreeFixer’s “More Info” links. Click for full size.

Did you find any potentially unwanted program on your machine? Did that stop guy.brifyghfytify.com? Please post the name of the potentially unwanted program you uninstalled from your machine in the comment below.

Thank you!

Remove gal.adviceoncarsse.com from Firefox, Google Chrome and Internet Explorer

This page shows how to remove gal.adviceoncarsse.com from Mozilla Firefox, Google Chrome and Internet Explorer.

Did you just see gal.adviceoncarsse.com in the status bar of your web browser and wonder where it came from? Or did gal.adviceoncarsse.com show up while you search for something on one of the major search engines, such as the Google search engine?

Here’s a screen capture of gal.adviceoncarsse.com when it showed up on my computer, in the network log, while I did a search at Google.se:

gal.adviceoncarsse.com connection

The following are some of the statusbar messages you may see in your browser’s status bar:

  • Waiting for gal.adviceoncarsse.com…
  • Transferring data from gal.adviceoncarsse.com…
  • Looking up gal.adviceoncarsse.com…
  • Read gal.adviceoncarsse.com
  • Connected to gal.adviceoncarsse.com…

If this description sounds like your computer, you probably have some potentially unwanted program installed on your machine that makes the gal.adviceoncarsse.com domain appear in your browser. Contacting the owner of the website you were browsing would be a waste of time. They are not responsible for the gal.adviceoncarsse.com status bar messages. I’ll do my best to help you remove the gal.adviceoncarsse.com message in this blog post.

For those that are new to the blog: Not long ago I dedicated a few of my lab computers and intentionally installed a few potentially unwanted programs on them. Since then I’ve been observing the behaviour on these machines to see what kinds of advertisements that are displayed. I’m also looking on other interesting things such as if the potentially unwanted program updates itself automatically, or if it downloads and installs additional potentially unwanted programs on the machines. I first noticed the gal.adviceoncarsse.com in Mozilla Firefox’s statusbar on one of these lab systems.

gal.adviceoncarsse.com was created on 2014-12-02. gal.adviceoncarsse.com resolves to 50.22.215.30. A Whois query does not offer much information, since the domain is protected by by WhoisGuard INC.

So, how do you remove gal.adviceoncarsse.com from your browser? On the machine where gal.adviceoncarsse.com showed up in the status bar I had PriceFountain, YTDownloader, WebWaltz and SpeedChecker installed. I removed them with FreeFixer and that stopped the browser from loading data from gal.adviceoncarsse.com.

Most likely, WebWaltz was responsible for the gal.adviceoncarsse.com connection, since the loaded URL mentions “web waltz”, as shown in the screenshot above.

The issue with status bar messages such as this one is that it can be caused by many variants of potentially unwanted programs, not just the potentially unwanted program running on my system. This makes it impossible to say exactly what you need to remove to stop the status bar messages.

Anyway, here’s my suggestion for the gal.adviceoncarsse.com removal:

The first thing I would do to remove gal.adviceoncarsse.com is to examine the software installed on the machine, by opening the “Uninstall programs” dialog. You can reach this dialog from the Windows Control Panel. If you are using one of the more recent versions of Windows OS you can just type in “uninstall” in the Control Panel’s search field to find that dialog:
Uninstall a program search

Click on the “Uninstall a program” link and the Uninstall programs dialog will open up:
Uninstall a program dialog

Do you see something suspicious in there or something that you don’t remember installing? Tip: Sort on the “Installed On” column to see if something was installed approximately about the same time as you started seeing the gal.adviceoncarsse.com status bar messages.

The next thing to check would be your browser’s add-ons. Potentially unwanted program often appear under the add-ons menu in Chrome, Firefox, Internet Explorer or Safari. Is there anything that looks suspicious? Anything that you don’t remember installing?
Firefox add-ons manager

I think most users will be able to track down and uninstall the potentially unwanted program with the steps outlined above, but in case that did not work you can try the FreeFixer removal tool to identify and remove the potentially unwanted program. FreeFixer is a freeware tool that I started develop many years ago. It’s a tool designed to manually track down and remove unwanted software. When you’ve identified the unwanted files you can simply tick a checkbox and click on the Fix button to remove the unwanted file.

FreeFixer’s removal feature is not locked like many other removal tools out there. It won’t require you to pay a fee just when you are about to remove the unwanted files.

And if you’re having issues deciding if a file is clean or potentially unwanted in FreeFixer’s scan report, click on the More Info link for the file. That will open up a web page which contains additional information about the file. On that web page, check out the VirusTotal report which can be very useful:

FreeFixer More Info link example
An example of FreeFixer’s “More Info” links. Click for full size.

Did this blog post help you to remove gal.adviceoncarsse.com? Please let me know or how I can improve this blog post.

Thank you!

Remove ply.wayreview.com From Your Browser

This page shows how to remove ply.wayreview.com from Mozilla Firefox, Google Chrome and Internet Explorer.

Sound familiar? You see ply.wayreview.com in your web browser’s status bar while browsing sites that generally don’t load any content from third party domains. Maybe the ply.wayreview.com domain show up when performing a search at the Google.com search engine?

Here is how the ply.wayreview.com statusbar message looked like on my computer. It appeared while searching on Google:

ply.wayreview.com statusbar

Here are some of the status bar messages you may see in your browser’s status bar:

  • Waiting for ply.wayreview.com…
  • Transferring data from ply.wayreview.com…
  • Looking up ply.wayreview.com…
  • Read ply.wayreview.com
  • Connected to ply.wayreview.com…

If you also see this on your machine, you presumably have some potentially unwanted program installed on your system that makes the ply.wayreview.com domain appear in your browser. So there’s no use contacting the owner of the site you were browsing. The ply.wayreview.com status bar messages are not coming from them. I’ll do my best to help you with the ply.wayreview.com removal in this blog post.

I found ply.wayreview.com on one of the lab machines where I have some potentially unwanted programs running. I’ve talked about this in some of the previous blog posts. The potentially unwanted programs was installed on purpose, and from time to time I check if anything new has appeared, such as pop-up windows, new tabs in the browsers, injected ads on website that usually don’t show ads, or if some new files have been saved to the hard-drive.

ply.wayreview.com was created on 2014-07-29. ply.wayreview.com resolves to the 50.22.215.24 IP address and wayreview.com to 162.255.119.154. The domain is protected by WhoisGuard INC.

So, how do you remove ply.wayreview.com from your browser? On the machine where ply.wayreview.com showed up in the status bar I had WebWaltz, YTDownloader, SpeedChecker and PriceFountain installed. I removed them with FreeFixer and that stopped the browser from loading data from ply.wayreview.com.

The issue with status bar messages like the one described in this blog post is that it can be caused by many variants of potentially unwanted programs. This makes it impossible to say exactly what you need to remove to stop the status bar messages.

Anyway, here’s my suggestion for the ply.wayreview.com removal:

  1. What software do you have installed if you look in the Add/Remove programs dialog in the Windows Control Panel? Something that you don’t remember installing yourself or that was recently installed?
  2. How about your browser add-ons. Anything in the list that you don’t remember installing?
  3. If that did not help, you can give FreeFixer a try. FreeFixer is built to assist users when manually tracking down potentially unwanted programs. It is a freeware utility that I’ve been working since 2006 and it scans your computer at lots of locations where unwanted software is known to hook into your computer. If you would like to get additional details about a file in FreeFixer’s scan result, you can just click the More Info link for that file and a web page with a VirusTotal report will open up, which can be very useful to determine if the file is safe or malware:

    FreeFixer More Info link example
    An example of FreeFixer’s “More Info” links. Click for full size.

Did you find any potentially unwanted program on your machine? Did that stop ply.wayreview.com? Please post the name of the potentially unwanted program you uninstalled from your machine in the comment below.

Thank you!

Remove cr.install-daddy.com from Firefox, Chrome and Internet Explorer

This page shows how to remove cr.install-daddy.com from Mozilla Firefox, Google Chrome and Internet Explorer.

Does this sound like your story? You see cr.install-daddy.com in your browser’s status bar or in your network log while browsing at websites that mostly don’t load any content from third party domains. Perhaps the cr.install-daddy.com domain show up when performing a search at the Google.com search engine?

Here’s a screen capture of cr.install-daddy.com when it showed up on my system:

cr.install-daddy.com connection

The following are some of the status bar notifications you may see in your browser’s status bar:

  • Waiting for cr.install-daddy.com…
  • Transferring data from cr.install-daddy.com…
  • Looking up cr.install-daddy.com…
  • Read cr.install-daddy.com
  • Connected to cr.install-daddy.com…

If this sounds like what you are seeing on your machine, you almost certainly have some adware installed on your machine that makes the cr.install-daddy.com domain appear in your browser. So there’s no use contacting the owner of the site you were browsing. The cr.install-daddy.com statusbar messages are not coming from them. I’ll do my best to help you remove the cr.install-daddy.com message in this blog post.

If you have been reading this blog already know this, but if you are new: Some time ago I dedicated a few of my lab machines and knowingly installed a few adware programs on them. Since then I have been monitoring the behaviour on these machines to see what kinds of advertisements that are displayed. I’m also looking on other interesting things such as if the adware updates itself automatically, or if it downloads additional unwanted software on the machines. I first noticed the cr.install-daddy.com in Mozilla Firefox’s statusbar on one of these lab computers.

install-daddy.com resolves to 192.31.186.37 and cr.install-daddy.com to the 69.16.175.10 IP address. cr.install-daddy.com was registered on 2013-06-13. Unfortunately I cannot see the WHOIS info, since it is protected by WHOISGUARD, INC.

So, how do you remove cr.install-daddy.com from your web browser? On the machine where cr.install-daddy.com showed up in the status bar I had TornTV installed. I removed it with FreeFixer and that stopped the web browser from loading data from cr.install-daddy.com.

The problem with this type of status bar message is that, or at least I think so, it can be caused by many variants of adware, not just TornTV. This makes it impossible to say exactly what you need to remove to stop the status bar messages.

Anyway, here’s my suggestion for the cr.install-daddy.com removal:

The first thing I would do to remove cr.install-daddy.com is to examine the software installed on the machine, by opening the “Uninstall programs” dialog. You can open this dialog from the Windows Control Panel. If you are using one of the more recent versions of Windows you can just type in “uninstall” in the Control Panel’s search field to find that dialog:
Uninstall a program search

Click on the “Uninstall a program” link and the Uninstall programs dialog will open up:
Uninstall a program dialog

Do you see something strange-looking in there or something that you don’t remember installing? Tip: Sort on the “Installed On” column to see if some program was installed about the same time as you started observing the cr.install-daddy.com status bar messages. Do you see TornTV listed there?

Then I would check the browser add-ons. Adware often appear under the add-ons dialog in Google Chrome, Mozilla Firefox, Internet Explorer, Safari or Opera. Is there anything that looks suspicious? Something that you don’t remember installing? TornTV in the list?
Firefox add-ons manager

I think you will be able to track down and uninstall the adware with the steps outlined above, but in case that did not work you can try the FreeFixer removal tool to identify and remove the adware. FreeFixer is a freeware tool that I’ve developed since 2006. Freefixer is a tool designed to manually identify and remove unwanted software. When you’ve tracked down the unwanted files you can simply tick a checkbox and click on the Fix button to remove the unwanted file.

FreeFixer’s removal feature is not locked down like many other removal tools out there. It will not require you to pay for the program just when you are about to remove the unwanted files.

And if you’re having problems determining if a file is legitimate or adware in the FreeFixer scan result, click on the More Info link for the file. That will open up a web page which contains additional information about the file. On that web page, check out the VirusTotal report which can be very useful:

FreeFixer More Info link example
An example of FreeFixer’s “More Info” links. Click for full size.

Did this blog post help you to remove cr.install-daddy.com? Please let me know or how I can improve this blog post.

Thank you!

Remove icf.unbentdilativecutpurse.com Pop-Up Ads

Hello folks, just a quick post before dinner. Are you getting pop-up ads from icf.unbentdilativecutpurse.com? I’m sorry to say this, but you may have some adware installed on your machine. Here’s how the pop-up looked like when I was browsing with Mozilla Firefox. The pop-up can probably appear in Chrome and Internet Explorer too.

icf.unbentdilativecutpurse.com pop-up

Anyway, the icf.unbentdilativecutpurse.com removal is pretty straightforward, I scanned the computer with FreeFixer and uninstalled an adware called Salus and the icf.unbentdilativecutpurse.com pop-ups were gone. It’s possible that these pop-up ads can be launched by variants of Salus or by other types of unwanted software on your machine. Did you have to remove something else than Salus? Please share in the comments below.

Hope this helped you remove icf.unbentdilativecutpurse.com.

Thanks for reading.

Now, dinner..

Back again.. I checked the WHOIS database hoping to find some useful stuff about unbentdilativecutpurse.com, but the unbentdilativecutpurse.com domain is protected by WhoisGuard, Inc. company. The domain was created 2014-08-14, and the whois record was updated today.unbentdilativecutpurse.com whois

icf.unbentdilativecutpurse.com resolves to the following IP addresses:

  • 37.58.101.200
  • 37.58.101.203
  • 37.58.101.204
  • 37.58.101.205

Update 2014-10-23: I noticed the same pop-up while testing some other bundled software. One of them is responsible for the pop-up. My guess is Safer-Surf:

Update 2 2014-10-23: I just noticed that some of the pop-up ads were labeled “Ads by BlockAndSurf“. If your pop-up is labeled like this, removing BlockAndSurf will probably solve the problem.

icf.unbentdilativecutpurse.com pop-up ad labeled "Ads by BlockAndSurf"

Update 2014-10-24: Found the same pop-up, but this time labelled “Ads by SpeedCheck“. Uninstalling SpeedCheck may solve the problem.

Ads by SpeedCheck

Update 2014-10-25: Tested to load the BlockAndSurf adware on my lab machine again, and it’s still popping up the icf.unbentdilativecutpurse.com web site. Are you finding a way to stop the icf.unbentdilativecutpurse.com pop-ups? Please share in the comments below.

Update 2 2014-10-25: Found another icf.unbentdilativecutpurse.com pop-up. This time labeled “Ads by salus“. If you have the Salus Adware installed on your machine, uninstall it. That might solve the problem.

Ads by salus - icf.unbentdilativecutpurse.com pop-up

Update 2014-10-27: I’m no longer getting this pop-up, instead it is loaded from enh.guzzlepraxiscommune.com.