Sep 29

Remove Ads by SupraSavings virus. Supra Savings removal for IE, Firefox and Chrome

It’s a must-read article for the users who keep seeing popups that say Ads by SupraSavings, because there’s a problem description and removal tips included.

Whereas advertisements on the Internet are certainly a convenience to users and a motivator to service providers as well as product manufacturers, the fringe between the normal and too much is really thin. Legitimate delivery of ads is within the reasonable limits in terms of intrusiveness, but for malicious applications like adware these regulations are an empty sound. The makers of these potentially unwanted programs do not take into account things like user experience and consent, which gets them flagged by security software across the board.

SupraSavings is but one of the many such unethical programs. Its malicious nature is exhibited all the way through its lifecycle, starting with installation peculiarities and being topped off by super-obnoxious activity on the compromised computer. It is claimed to be a tool tailored for showing information on hottest prices, discounts, coupons, and best deals on shopping sites; but its factual activity is way more than that, in the bad way.

Ads by SupraSavings Read the rest of this entry »

Sep 24

Remove WebsSearches: Uninstall istart.webssearches.com in web browser

Results of the analysis of potentially unwanted program called WebsSearches are covered in this article, including easy-to-follow removal instructions.

One of the perils that stem from downloading free software is getting a drive-by, that is, some application which is not said to be included in the install pack. What is more, these unheralded extras are rarely something good. As an illustration, a spoof Flash update, PDF creator, streaming video recording utility, which you download and install without being charged, may quite likely add a malicious browser helper object (toolbar or extension) to the web navigation software being used on your computer, including Internet Explorer, Mozilla Firefox, Chrome, etc. WebsSearches, also known as Web Searches, is a cross-browser adware that spreads via this exact tactic. It messes up the web browsing preferences on a compromised PC in order to implement traffic redistribution activity.

Screenshot of istart.webssearches.com Read the rest of this entry »

Aug 06

Remove AdChoices: AdChoices ads removal for Google Chrome, Firefox, IE

Get a detailed description of the AdChoices adware program as per in-depth security analysis thereof, and learn how to remove it from a PC that got compromised.

When it comes to software and the Internet, separating the wheat from the chaff may be a problematic task to carry out, in particular advertising-wise. Users have gotten accustomed to sponsored information appearing on search results pages, social networks, in emails and a variety of other places online, because that’s largely what allows keeping the use of these services free of charge. Unfortunately, there’s a lot of room for manipulation and hoax in this field, the AdChoices app being an instance of this. The entity mentioned denotes a potentially unwanted program affecting the web browsers used on an arbitrary computer. It spreads with other software, predominantly free multimedia utilities, codec packs, video converters and the like, with the respective installer being covertly incorporated in these downloads.

Ads by AdChoices Read the rest of this entry »

Aug 06

Remove OpenCandy: PUP.Optional.OpenCandy malware removal

This entry is meant to assist the users infected with OpenCandy adware in treating this computer threat, providing a description and removal recommendations.

Owing to the dubious OpenCandy plug-in, free app developers get the chance to monetize their hard software creation work, but the computer users who become unknowingly involved in this promotional campaign suffer the consequences of potentially unwanted objects affecting their machines. This sort of duality is a fairly widespread feature of the contemporary Internet marketing, but no one canceled respect for positive user experience, really.

The modus operandi for the OpenCandy network is about establishing mutually beneficial relationship between the company and the people who develop software and distribute it on a free basis. The respective plug-in gets incorporated in the setup for such apps, and whenever a user downloads it the plug-in reaches out to the cloud to find complementary utilities matching this particular situation based on the PC configuration and the objectives of the main software being installed. This way, an additional application gets promoted onto the computer alongside the one that the user was downloading in the first place. So much for the relatively good side of this process.

OpenCandy website Read the rest of this entry »

Jul 28

Remove Pirrit Suggestor: Pirritdesktop.exe and Pirritservice.exe processes removal

Read a comprehensive overview of the Pirrit Suggestor adware to learn how it works and what must be done on the user’s end to remove it from infected computer.

Online distribution, promotion and monetization of software being developers’ predominant objective, different companies offer outsourced opportunities to get this nontrivial job done. While some of these firms treat the application author and the customer with equal respect, others disregard things like user experience and create overly intrusive products. Pirrit Suggestor, also known as PirritSuggestor, definitely inclines towards moneymaking at the expense of users’ peace of mind.

This dubious browser helper object assists developers in gaining targeted traffic and application installs as per contractual relationship with software makers who seek rapid distribution. On the other hand, the people who have Pirrit Suggestor installed on their machines experience a harsh influx of redundant ads while searching stuff online and visiting random websites. The browser extension is tailored to analyze user preferences and interests in order to display the respective advertising links which are embedded in SERPs (search engine results pages) as well as web pages.

PirritSuggestor – a blessing to its makers but a pain to users Read the rest of this entry »

Feb 02

Disk Antivirus Professional

Disk Antivirus Professional is a rogue of the WinWeb Security Family.

Disk Antivirus Professional like so many of today’s rogues, block the running of all other applications and the constant pop ups and re-directs to scare messages designed to scare those infected into buying the rogue.

Disk Antivirus Professional GUI

Files and Locations:

%APPDATA%\<random named> .exe

%APPDATA% is a token path that relates to the following:

XP OS:
<Drive>:\Documents and Settings\Users\Application Data

Vista and Windows 7:
<Drive> \USERS\<USER>\AppData\ROAMING

The Disk Antivirus Professional rogue can be removed with manually, however, because of blocking apps and possible infections by other malware that may have been included, it is best to use our Antivirus removal tool, VIPRE Antivirus.

You can download a free trial to remove the Disk Antivirus Professional rogue by clicking on the link below:

http://www.vipreantivirus.com/Antivirus-Trial/VIPRE-Antivirus/

 If you are unable to download and install our malware removal tool because the rogue has infected your computer and is not allowing you to install the program, you can use our VIPRE Rescue Disc here:

http://live.sunbeltsoftware.com

Nov 02

Windows Protection Maintenance Rogue

The Windows Protection Maintenance is referred to as a rogue because it is designed to look like a real Antispyware program that uses fake online scan sites users are re-directed to make the user think their computer is infected and need download and install the rogue.

The Windows Protection Maintenance creates pop-up messages designed to make the user think they have been infected by blocking all applications used in the fake alert messages as a way to scare users into purchasing the rogue application in order to clean their computers.

The Windows Protection Maintenance includes in the registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Image File Execution Options, with hundreds of entries of the different legitimate Antivirus companies’ executable files to block them from being able to be ran.

Windows Protection Maintenance GUI

Files and Locations:
XP
<Drive>:\DOCUMENTS AND SETTINGS\<USER>\APPLICATION DATA\Protector-<random Names>.exe
Win7
<Drive>:\USERS\<USER>\AppData\ROAMING\Protector-<Random Names>.exe

The Windows Protection Maintenance rogue can be removed manually, however, because of blocking apps and possible infections by other malware that could have been included, it is best to use our Antivirus removal tool, VIPRE Antivirus.

You can download a free trial to remove the rogue by clicking on the link below:

http://www.vipreantivirus.com/Antivirus-Trial/VIPRE-Antivirus/

 If you are unable to download and install our malware removal tool because the rogue has infected your computer and is not allowing you to  install the program, you can use our VIPRE Rescue Disc here:

http://live.sunbeltsoftware.com

Oct 29

Rogue using name Micorsoft Essential Security Pro 2013

Rogue using name Micorsoft Essential Security Pro 2013

This fake Antivirus comes down from fake flash Update scam sites and immediately runs from where it is dropped to. It doesn’t show fake alerts but it does hijack the .exe file associations in the registry.

Micorsoft Essential Security Pro 2013 GUI

Rogue made a transmission to site used for the payment page:
john.denebasendtoend(DOT)pro/users/?ch=1&id=75ab7c06-9dc6-4bbf-b5b9-72b7511a12c3

Registry of file associations hijacking

HKEY_USERS\S-1-5-21-484763869-1844823847-839522115-1003_Classes\.exe
HKEY_USERS\S-1-5-21-484763869-1844823847-839522115-1003_Classes\.exe\DefaultIcon
HKEY_USERS\S-1-5-21-484763869-1844823847-839522115-1003_Classes\.exe\shell
HKEY_USERS\S-1-5-21-484763869-1844823847-839522115-1003_Classes\.exe\shell\open
HKEY_USERS\S-1-5-21-484763869-1844823847-839522115-1003_Classes\.exe\shell\open\command
HKEY_USERS\S-1-5-21-484763869-1844823847-839522115-1003_Classes\.exe\shell\runas
HKEY_USERS\S-1-5-21-484763869-1844823847-839522115-1003_Classes\.exe\shell\runas\command
HKEY_USERS\S-1-5-21-484763869-1844823847-839522115-1003_Classes\exefile
HKEY_USERS\S-1-5-21-484763869-1844823847-839522115-1003_Classes\exefile\DefaultIcon
HKEY_USERS\S-1-5-21-484763869-1844823847-839522115-1003_Classes\exefile\shell
HKEY_USERS\S-1-5-21-484763869-1844823847-839522115-1003_Classes\exefile\shell\open
HKEY_USERS\S-1-5-21-484763869-1844823847-839522115-1003_Classes\exefile\shell\open\command
HKEY_USERS\S-1-5-21-484763869-1844823847-839522115-1003_Classes\exefile\shell\runas
HKEY_USERS\S-1-5-21-484763869-1844823847-839522115-1003_Classes\exefile\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\exefile
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\exefile\shell
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command
HKEY_CLASSES_ROOT\.exe\DefaultIcon
HKEY_CLASSES_ROOT\.exe\shell
HKEY_CLASSES_ROOT\.exe\shell\open
HKEY_CLASSES_ROOT\.exe\shell\open\command
HKEY_CLASSES_ROOT\.exe\shell\runas
HKEY_CLASSES_ROOT\.exe\shell\runas\command

The rogue can be removed with manually, however, because of file associations Hijacking and possible infections by other malware that may have been included, it is best to use our Antivirus removal tool, VIPRE Antivirus.

You can download a free trial of Vipre to remove the rogue by clicking on the link below:

http://www.vipreantivirus.com/Antivirus-Trial/VIPRE-Antivirus/

 If you are unable to download and install our malware removal tool because the rogue has infected your computer and is not allowing you to  install the program, you can use our VIPRE Rescue Disc here:

http://live.sunbeltsoftware.com

Sep 27

System Progressive Protection of the WinWeb Security Family Rogues

System Progressive Protection is a rogue of the WinWeb Security Family

System Progressive Protection  blocks the running of all other applications and the constant pop ups and re-directs to scare messages designed to scare those infected into purchasing the rogue.

System Progressive Protection GUI

Files and Locations:

%APPDATA%\<random named> .exe

%APPDATA% is a token path that relates to the following:

XP OS:
<Drive>:\Documents and Settings\Users\Application Data

Vista and Windows 7:
<Drive> \USERS\<USER>\AppData\ROAMING

The System Progressive Protection rogue can be removed with manually, however, because of blocking apps and possible infections by other malware that may have been included, it is best to use our Antivirus removal tool, VIPRE Antivirus.

You can download a free trial of Vipre to remove the System Progressive Protection rogue by clicking on the link below:

http://www.vipreantivirus.com/Antivirus-Trial/VIPRE-Antivirus/

 If you are unable to download and install our malware removal tool because the rogue has infected your computer and is not allowing you to  install the program, you can use our VIPRE Rescue Disc here:

http://live.sunbeltsoftware.com

Aug 14

Windows Safety Series Rogue

The Windows Safety Series is referred to as a rogue because it is designed to look like a real Antispyware program that uses fake online scan sites users are re-directed to make the user think their computer is infected and need download and install the rogue.

The Windows Safety Series creates pop-up messages that are fake and designed to make the user think they have been infected by blocking all applications used in the fake alert messages as a way to scare users into purchasing the rogue application in order to clean their computers.

The Windows Safety Series includes in the registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Image File Execution Options, with hundreds of entries of the different legitimate Antivirus companies’ executable files to block them from being able to be ran.

Windows Safety Series GUI

Files and Locations:
XP
<Drive>:\DOCUMENTS AND SETTINGS\<USER>\APPLICATION DATA\Protector-<random Names>.exe
Win7
<Drive>:\USERS\<USER>\AppData\ROAMING\Protector-<Random Names>.exe

The Windows Safety Series rogue can be removed manually, however, because of blocking apps and possible infections by other malware that could have been included, it is best to use our Antivirus removal tool, VIPRE Antivirus.

You can download a free trial to remove the rogue by clicking on the link below:

http://www.vipreantivirus.com/Antivirus-Trial/VIPRE-Antivirus/

 If you are unable to download and install our malware removal tool because the rogue has infected your computer and is not allowing you to  install the program, you can use our VIPRE Rescue Disc here:

http://live.sunbeltsoftware.com

Older posts «