omesuperv.exe – Help me find who distributes this file

I was browsing some logs at the malware removal forums an found omesuperv.exe. Unfortunately I can’t find how the omesuperv.exe file is distributed and I’m wonder if you can help me out.

Do you have the omesuperv.exe file on your computer? Do you know how it got installed? Perhaps you downloaded some free software and omesuperv.exe appeared?

The detection rate for omesuperv.exe is pretty low. Two AVs detected it as “NSIS:OfferMosquito-A” and “PUP.Optional.OfferMosquito.A“.

Please post a comment if you have some info that will help me understand how this file is distributed.

Thanks a bunch!

Advertisements

What’s CrExtP4z.exe and How To Remove It

If you see CrExtP4z.exe, signed by Mindspark Interactive Network, running in the Task Manager you’ve probably installed a “Video Toolbar”.

Avast detects it as “Win32:Mindspark-A [PUP]”, KingSoft as “Win32.Troj.Undef.(kcloud)” and Vipre as “MyWebSearch.J (v) (not malicious)”.

Looking for removal instructions? Easy, just remove it from the Add/Remove programs dialog in the Window Control Panel.

GOOBZO YouTube Accelerator – Removal instructions

GOOBZO YouTube Accelerator is bundled with free downloads, such as uTorrent. It will install in “C:\Program Files\YouTube Accelerator\”, and uses files such as ytalsp.dll, engine.dll, xmldb.dll, ipc.dll and helper.dll. The VIPRE anti-virus detects it as “Goobzo (fs)” 

So what’s the problem? Well, GOOBZO may show ads on your computer according to the EULA:

The use of the Software may cause additional ads to appear when browsing certain websites. These may include, price comparison ads, coupons, pop-unders/ups, banner, inline text or transitional ads, etc…

If you want to uninstall GOOBZO YouTube Accelerator you can remove it from the Windows Control Panel.

How did you get GOOBZO on your system? Were you aware that it could show ads on your computer?

LyricsBuddy-1-bho.dll

Just a quick post today, I played around with some “free” zip program downloads and found something called LyricsBuddy-1-bho.dll. These are the anti-virus scanner results:

  • Kingsoft Win32.Troj.Generic.a.(kcloud)
  • Malwarebytes PUP.Optional.Lyrics.A
  • VIPRE Crossrider (fs)
  • McAfee Artemis!629DC76B3338
  • McAfee-GW-Edition Artemis!629DC76B3338
  • ESET-NOD32 a variant of Win32/Toolbar.CrossRider.H

OKitSpace by Vittalia – What is it?

Another quick post, I was downloading some software today to see if I could find something interesting. And something called OKitSpace by Vittalia was installed into Mozilla and Internet Explorer. Only one (BKav) of the 48 scanners at VirusTotal detected the OKitSpace.dll file. Detection name was “HW32.Laneul.vuga”

This quote from OKItSpace describes the software features:

“When visiting any web site, the advanced software Okitspace turns irrelevant and annoying advertising into specifically advertising aimed at you and your needs.”

Whilokii Ads and Deals Removal Instructions

If you see ads or floating pop-up deals tagged as “Whilokii” when browsing sites such as eBay or Amazon, you probably have the Whilokii Adware installed on your computer. If you look in the Windows Task Manager, you might also see a process called updatewhilokii.exe. If you examine your system carefully you will also see Whilokiibho.dll loaded into Internet Explorer.

You probably came to my site looking for a removal guide for Whilokii, so here we go:

Whilokii Removal Guide

1. Open the Add/Remove programs dialog from the Windows Control Panel.

2. Search for Whilooki in the list and uninstall it.

Easy, wasn’t it? Please let me know this work out for you by posting a comment. If not, I’ll provide some alternative uninstall instructions.

Here are the detections results when I uploaded one of the Whilooki files to Virustotal:

  • VIPRE Yontoo (fs)
  • Kingsoft Win32.Troj.Generic.a.(kcloud)
  • TrendMicro-HouseCall TROJ_GEN.F47V0927
  • McAfee Artemis!BAD42B9D0F36
  • McAfee-GW-Edition Artemis!BAD42B9D0F36
  • DrWeb Adware.Plugin.100
  • ESET-NOD32 a variant of MSIL/BrowseFox.A

What is SuperLyrics-1-bho.dll?

Just a quick post, before I’m heading off to some friends. I just ran into a file named SuperLyrics-1-bho.dll which is installed as a Browser Helper Object in Internet Explorer. A few of the anti-virus programs are picking up this file, under the following names:

  • Malwarebytes PUP.Optional.Lyrics.A
  • VIPRE Crossrider (fs)
  • ESET-NOD32 a variant of Win32/Toolbar.CrossRider.H