FREESOFTTODAY! New virus!

(Removal near bottom.) I usually never get viruses on my computer but today. I got one. Some quick searches revealed that this new virus has a bunch of deception behind it already.


First I noticed that pop ups were actually passing through google. First thing I noticed. Then ESET went off blocking a bunch of random websites. They were all CGI profile websites. Apparently this little virus automatically fills out information on several websites in the background fairly quickly.

So I quickly look into the first sign... The website that was getting constantly blocked was something like this: Prof.Eorozero. /profile_cgi(or something like that). This is the biggest sign for this virus is the blockage of this website right here. Later I find that there are a bunch of weird anti virus websites popping up with fake removal options for that website. like Anivil? what ever.

So I checked my Control Panel, and clicked on the date of which things were installed AND BAM! !!!???FREESOFTTODAY Installed: 7-14-2014 @ 21:51!!!??? With a picture of a little pink piggy on a blue and yellow backdrop. Like WTF?

I didn't even see a window pop up, or nothing for this clever installer.

I think this will be the last time I go onto an un-trusted website for a news article.

+++++++++++++

Go to bleeping computer's page on the removal instructions. Takes about 30 minutes total on a fast machine. Three different EXE's will be ran but it will obliterate the freesofttoday virus.

This is the page I used.

www.bleepingcomputer.com... oday-has-taken-over-my-laptop/

NOKNOJON has the answer.

Its not a virus it just adaware, it seems super easy to remove.

Removal from Internet Explorer:
1. Open the Tools menu and go to Manage add-ons.
2. You should be on Toolbars and Extensions. Find Bonanza Deals and disable it.
3. Save changes and close window.

Removal from Google Chrome:
1. Press Alt+F. A menu should appear.
2. Go to Tools and then to Extensions. Remove Bonanza Deals using the trash can icon.
3. Close the tab.
4. Restart the browser.

Removal from Mozilla Firefox:
1. Open the Tools menu and click on Add-ons.
2. Select the Extensions menu and disable Bonanza Deals.
3. Close the tab.

Removal from Windows:
1. Open the Start menu and go to Control Panel.
2. Open the Uninstall a Program (Add/Remove Programs) tool. Uninstall all unwanted applications.
3. Download SpyHunter.
4. Install the tool and perform a full system scan to locate any intruders on your computer and remove them.

www.xp-vista.com...

As it is not a virus you will almost certainly had to have installed this program yourself at some point. It might have come bundled with another program.

At the time of research FreeSOFTtoday adware was distributed using deceptive download clients and fake downloads (fake Java updates, fake browser updates, etc.). In most cases Internet users install this program without their consent. FreeSOFTtoday is similar other potentially unwanted applications which infiltrate user's computers using freeware downloads, for example Zombie Alert, SaveNet, and buzz-it. To avoid installation of such potentially unwanted programs, computer users should be very attentive when downloading and installing free software.

If your download is managed by some download client, be sure to decline installation of advertised browser plug-ins and applications. When installing the already downloaded free program always choose "advanced" or "custom" installation options, this step could reveal installation of any bundled adware. Internet users who have already installed FreeSOFTtoday should use this removal guide to eliminate it from their computers.

www.pcrisk.com...

The last thing I installed on this computer was dated back on.... May 28th 2014.

I did not install anything else on my computer. I just play on Steam and that's it. Not hacked either.

The time that it installed itself was at a time where I was in the middle of a match in counter strike. I have been playing it all night. I never installed anything. At all. The time stamp of its installation compared to when I was playing proves it. I don't know how it happened. Also it isn't that easy to remove. It puts in reg edits in several areas as proven by its removal cache:

Successfully deleted: [Folder] "C:Users*appdatalocallowboost_interprocess"
Successfully deleted: [Folder] "C:Windowssyswow64ai_recyclebin"
Successfully deleted: [Empty Folder] C:Users*appdatalocal[059CDD5D-07EF-4FE1-B7C9-FC3E9C7CF2A5]
Successfully deleted: [Empty Folder] C:Users*appdatalocal[32B0AFBE-29CC-45C2-BDC3-3B0BA2D7EB6D]
Successfully deleted: [Empty Folder] C:Users*appdatalocal[3A6DD1C0-797F-4FCC-BD82-2E706D58B61E]
Successfully deleted: [Empty Folder] C:Users*appdatalocal[54DA4D31-0DF6-4A85-BE03-59F041B1DB3B]
Successfully deleted: [Empty Folder] C:Users*appdatalocal[7E4BF48E-C8DA-4AF5-B5F8-AD2723F881B6]
Successfully deleted: [Empty Folder] C:Users*appdatalocal[9AA34BFE-9B7E-4504-BCFA-0748AF15F9AC]
Successfully deleted: [Empty Folder] C:Users*appdatalocal[ABF09C38-60B8-4790-B6C8-490DA630537D]
Successfully deleted: [Empty Folder] C:Users*appdatalocal[C4815346-E438-45B7-899F-94B36F34B11D]
Successfully deleted: [Empty Folder] C:Users*appdatalocal[C7F8759C-4E7C-4F2F-8935-E78E3CB834D6]
Successfully deleted: [Empty Folder] C:Users*appdatalocal[DF18258A-79C2-4979-802B-1B74328C60C3]

I can't find the other report.... But in the removal of it I saw how many Reg edits it had latched onto itself and where it infected another file.

The uninstall button reinstalls the application. The reg edits on it make it almost nearly impossible to delete it without a malware removal program as shown in the tech support forum response I posted up. I instantly received spam mail from fake individuals pretending to be some of my contacts.

There were around 15 Reg edits with that name latched onto it. Freesofttoday.

Sure it is just a small adware but it allows for other viruses to enter. What took me by surprise is the fact that I didn't install anything new on this computer today at all. Not even in the past week. I also don't play facebook games or any other FTP games. Just steam. That is what took me by surprize.

a reply to: GiulXainx

Judging by the list you put up you are using windows 7 64bit. Unless you have specifically gone out of your way to change your "user account control settings" to the lowest setting (never notify) there is no way a program can install itself (and end up in your programs and features list in control panel) on your system without you initiating the action.

You must have been tricked into it somehow, there are many sneaky ways to do this, some of them are disguised as updates or video codecs etc

That removal cache list as you call it is just a list of folders that were deleted, some of them might not have even been to do with the adware. They are not reg edits.

It totally not a virus can legitimate download FreeSoftToday from their website www.freesofttoday.com...

I'm trying to tell you that the other report that I can't find on my pc noted several registry entries that came up with the name for that adware program.

And again. I didn't install any updates, install any new programs, or even browse the web for more than a few minutes. Then I played csgo for 6 hours. The pop up from eset blocked my match and killed the ram. Made me lag terribly bad... wait...


I did join a server that required some rather huge files in game. Maybe that is where it snuck in. I will have to re enter that server again to debunk tjis.

When csgo downloads map packs it auto installs them. I wasn't on a regular server for this map so it must have been that third party server that did it.

a reply to: GiulXainx

Sometimes on cs:go servers they have a webpage displayed when you enter the map/server that has adverts all over it. I know ive clicked on stuff on those pages that i didnt mean to, so It might have been that.

a reply to: GiulXainx

It very unlikely to be downloaded game files as they are just data not executable's.