Sambamedia SL Publisher - Don't run that file

If you've downloaded a file and the publisher field, or the digital signature tabs says Sambamedia SL, don't run the file. 

Why? The Sambamedia signed file is detected by some of the anti-virus programs. Here are the current detections:

• ESET-NOD32 a variant of Win32/SoftPulse.B 
• Sophos SoftPulse 
• VBA32 suspected of Trojan.Downloader.gen.h

Hope this posted saved you some adware cleaning ;)

EZ Software Updater - Removal Instructions

Do you see a process named EZ Software Updater.exe in the Task Manager or a EZ Software Updater version 1.0.0.0 listed in the uninstall list on your machine?

If you wonder where the EZ Software Updater came from, it is likely that you got it from a software bundled. That's where I found it, packaged with a free software download.

I've uploaded the EZ Software Updater.exe file to VirusTotal and only Symantec detects it, as WS.Reputation.1:

I'll follow up to see if any of the other anti-virus programs detects it later on. 

If you are looking for info on how to remove EZ Software Updater you can use the entry in the uninstall programs list, or if that for some reason did not work, you can remove the EZ Software Updater.exe file and the service by checking the two items in FreeFixer, as shown in the screenshot below.

Hope this helped you with the removal.

How did you get EZ Software Updater on your machine? Please share by posting a comment.

ReWinUpProtect.exe and ReWinUp.dll detected as Gen:Variant.Zusy and Trojan:MSIL/Spacekito

I'm in a hurry so this will be a short one. I just stumbled upon something called ReWinUp, which appears to have two main files: ReWinUpProtect.exe and ReWinUp.dll. You might spot ReWinUpProtect.exe in the Windows Task Manager:

The anti-virus scanners at VirusTotal reports ReWinUpProtect.exe as Gen:Variant.Zusy.91801 and  Trojan:MSIL/Spacekito.C.

I'll try to follow up with more info as soon as possible. If you'd like to remove ReWinUpProtect.exe and ReWinUp.dll you can just check them in FreeFixer for removal. You might need to restart your machine to complete the removal.

Tuguu S.L Digital Signature - Don't Run The File

Another publisher that often appear when I browse the web for unwanted programs is Tuguu S.L. If you have downloaded one of the Tuguu S.L signed file I'd strongly advise against running it. The VirusTotal scan result for the Tuguu signed file I found, named player.exe, should convince you:

The anti-virus programs at VirusTotal detects the file as APPL/DomainIQ.Gen and "a variant of Win32.DomainIQ.BB". Bad news for your workstation or laptop.

How did you come across the Tuguu S.L file? Please share by posting a comment.

consoleguard.exe is Trojan.Siggen6.16089 and WS.Reputation.1 - How To Remove

I just found a new process running in the Windows Task Manager named consoleguard.exe. Sounds pretty suspicious, don't you think?

I ran consoleguard.exe through the scanners over at VirusTotal, and it was detected as Trojan.Siggen6.16089 and WS.Reputation.1 by DrWeb and Symantec:

It will be interesting to see if the other anti-virus programs start picking up the consoleguard.exe file.

Since I'm convinced you want to remove consoleguard.exe, you can do so by checking consoleguard.exe in FreeFixer's scan result for removal. You can find it under Processes and Registry Startups in the scan result.

Any idea how you got consoleguard.exe on your computer? Please let us know by posting a comment?

bservice.exe and wd.exe in C:\Program Files\Bench\ - Removal Instructions

I was playing around with another software download that bundles lots of unwanted application. This time I discovered a new folder called "Bench" under "C:\Program Files\" or "C:\Program Files (x86)\" when installed on a 64-bit machine. I also found a new process running named bservice.exe:

There was also a file called wd.exe added as an automatic startup which caught my attention. It turned out that wd.exe is detected by many of the anti-virus program under names such as Adware, Ransom.dx, Trojan.Crossrider and Trojan.Win32.Generic!BT. Ouch!

You can remove the "Bench" software by checking bservice.exe, wd.exe and updater.exe in FreeFixer:

Hope this helped you with the removal.

How did you get bservice.exe and wd.exe on your machine? Please share by posting a comment.

ConstaSurf - Removal Instructions

A common tactic these days to get users to uninstall some unwanted software is to offer a download that claims to install some well-known software with a good reputation. For example, the download show in the screenshot below, which is digitally signed by Outbrowse LTD, claims to install VLC Player, which it also does. But, during the installation process there are also a large number of bundled offers.

One of these offers is the ConstaSurf adware. It will add itself in Internet Explorer and Mozilla Firefox:

ConstaSurf is detected by many of the anti-virus programs under names such as BrowseFox and AltBrowse.

If you'd like to remove ConstaSurf, you can easily do so by downloading FreeFixer and checking the ConstaSurfBho.dll file and the ConstaSurf Firefox extension for removal, as shown in the screenshots below.

I've created a short video clip which shows FreeFixer in action when deleting ConstaSurf:




You can also remove the ContraSurf software from the Programs and Features dialog, from the Windows Control Panel.



How did you get ConstaSurf on your computer? Please share by posting a comment.