Wisen Wizard - Removal Instructions

If you recently started seeing more ads while you browse the web, or a sidebar that opens up on many web sites, you might have an adware called Wisen Wizard installed on your machine. Here's an example of how the ads and sidebar may look like:

The screenshot above shows the Wisen Wizard "Related Searches" and an ad that claims that I've won something and mention Coop, ICA and Willys, which are retails stores that operates in Sweden and other countries.

WisenWizard will add itself into Internet Explorer as a browser helper object and as a Mozilla Firefox Add-on. Here's how it appears in the Firefox Add-ons list:

When I found Wisen Wizard it was disclosed in the installer that Wisen Wizard was bundled, and that it

"enables multi-site searching, related search results, offers and coupons and much more"

To avoid getting this type of unwanted software, please be careful when downloading software and take the time to actually read licenses shown in the installers before pressing the Next, Accept, or Install buttons.

Some of the anti-virus programs detect Wisen Wizard, under names such as Application.Win32.Altbrowse.AK, Adware.BrowseFox/Variant and Adware.Agent. Some of the anti-virus programs also detects Wisen Wizard as a trojan.

To remove Wizen Wizard, you can just check the WisenWizardBho.dll file and the Wizen Wizard Mozilla Extension in FreeFixer for removal.

There's also an entry in the Add/Remove programs dialog, which should remove Wisen Wizard:

Hope this helped you figure what Wisen Wizard is a how to remove it.

How did you get Wisen Wizard on your machine? Please share your story by posting a comment.

Math Problem Solver, Solve.exe and Optimize.exe - Removal Instructions

While testing a free compression program I found a bundled program called Math Problem Solver. The installation screen shows the following information:

Clicking on the Privacy Policy links brings up the BOINC privacy policy. Since BOINC is a legitimate project  that uses idle time on computers to study global warming many other types of scientific research computations, you might be tempted to install Math Problem Solver. The problem is, if you choose to install Math Problem Solver you will get something completely different: A Bitcoin miner.

The following scheduled tasks will appear on your machine:

Here's some of the detection names for Solve.exe:

You can remove the Bitcoin miner by selecting Solve.exe and Optimize.exe in FreeFixer as shown above. There's also an entry in the Add/Remove programs dialog, but I haven't tried it.

Hope this helped you remove Math Problem Solver.

Files signed by Kantida Chanudrum

I'm currently looking into the ads displayed on some of the torrent sites out there. While browsing around I found an executable file, claiming to be a download for Game of Thrones, digitally signed by Kantida Chanudrum.

If you also run into a Kantida Chanudrum signed file, I would be very careful. The file is currently detected as PUP.Optional.OneClickDownloader.A by MalwareBytes.

Did you also find a file digitally signed by Kantida Chanudrum? On what site did you find it and did any of the scanners at VirusTotal detect it?

What is Optimizer Elite Max - Removal Instructions

If you see a program called Optimizer Elite Max, published by a company called Viracure, running on your machine and you don't know where it came from, it was most likely bundled with some free download that you recently installed. This is how Optimizer Elite Max's main dialog looks like:

Usually I don't bother to write about this type of bundled program, since I'm more interested in the various adwares out there. But appearantly Optimizer Elite Max is detected by some of the anti-virus programs as shown in the screenshot below:

Since some of the anti-virus programs are detecting it, you might want to remove Optimizer Elite Max. You can do so, either by checking Optimizer Elite Max.exe, OptimizerEliteMax.exe and Optimizer_Pro.exe in FreeFixer, or by using the Programs and Features dialog in the Windows Control Panel as shown in the screenshots:

How To Remove Web Internet Security

I was testing a few free downloads this morning and stumbled upon a new adware called Web Internet Security. This is how the installer looks like:

The Web Internet Security software may not immediately appear as adware, but looking more in detail in the Terms of Service the following appears:

some services and/or software provided by Web Internet Security contain advertising. Additionally, we may supply advertising from time to time on websites that you visit.

Usually I show how to remove unwanted software with the FreeFixer tool, but since Web Internet Security modifies your proxy settings, you are probably better off uninstalling Web Internet Security using the Add/Remove programs dialog:

 Hope this helped you figure out what WebInternetSecurity is and how to remove it.

What is FreeFixer?

FreeFixer is a free tool that assists you identifying and removing unwanted software. Here's a screenshot of the scan result:

The scan results will lists a large number of files and settings on your computer. The entries that appear in green are legitimate files, based on the file's digital signature. The files that appear with a white background are unknown to FreeFixer. Most likely they are also legitimate, but in some cases it can be some sort of unwanted software that you are better off without.

To help you to determine if a file is legit or bad, you can click on the more info link in the scan result. That will open up a web page at www.freefixer.com with information about the file. It will show if the file was detected when scanning it with VirusTotals 50+ anti-virus scanners, comments from other users and other useful information. Here's an example of some of the information displayed when clicking the more info links:

You can download FreeFixer on the official web site. It's fully functional and free.

If you would like to support my anti-malware work and the continued development of the FreeFixer tool, there's also a Pro version of FreeFixer available for a small amount.

Happy malware hunting!

Experimenting with a blog on a different domain

I've been blogging for a while over at www.freefixer.com, but I'm not entirely happy with the results. Many of the blog posts seems to rank pretty poorly in the Google search results. So, I'm going to try to publish some of the blog posts here on Blogger and compare how it performs.