Previously on my blog post dated October 17th , you saw me ranting about something I suspected as a malware that kept bugging me when I opened a window on my Mozilla Firefox web browser. I thought I had to reinstall the operating system to fix the problem but thank God I hadn’t done it since I’m not a person who backups my data on a regular basis.
So the notification read like this:
“The page at http://s87.mezdiat.com says:
Your computer may have virus!
The virus may corrupt your data!
Please follow the instructions to remove the virus.”
And when you click the OK button showed below the notification, you’d be directed to a web page which I strongly believe to be fake but resemble a lot like Java download page. They really want you to download and activate the God-knows-what software. When I read the web address (URL), it showed unusual names, which no reliable companies on earth would ever use. Something was off. I just knew it. It doesn’t take a geek to know this.
I went to Twitter to complain on this issue, cursing GoSave as this name was just what I found on the pop-out ads on my web browser. And this didn’t only happen on my Mozilla but also my Gogle Chrome. That explained why I was freaked out. Did my PC get infected? But how come, since my Microsoft Security Essentials is working and surely protecting me when I’m online and I always update it every single day?
Being so pissed off by the situation (because I had to do some live blogging on Monday when President Jokowi was appointed and the malware kept popping out), I was frustrated and consulted my geek coworker. He said I was browsing in a “dirty” way. I don’t now what that is supposed to mean but he showed me how to get rid of this issue by a few clicks without reinstalling the Windows.
If you’re using Windows like I do, go to ADDONS section on Mozilla and please do deactivate or unable all these addons:
SoftForum XecureWeb File Control Plug-in 126.96.36.199.
SoftForum XecureWeb Control Plug-in 188.8.131.52.
SoftForum XecureWeb Unified Plug-in 184.108.40.206
“Where did you get all these?”he asked me. How do I know? It just happened.
GoSave found my tweet, which said pretty much like:”Whoever invented GoSave, I wish he gets burned in the bowel of hell for good”. And they replied:”We hope they do too!this is somebody using our name to trick people into dowloading the adware. Were you able to uninstall?” I was glad I cursed because that way I would never have known what is going on.
So I asked @GoSave whether I could get in touch with their CEO or founder or whoever can explain me about this. And they provided me Dane McLeod‘s email address. McLeod serves as the founder and current CEO of GoSave, Inc., and former co-founder of Extrabux.com, wrote CrunchBase.com.
McLeod (whose name keeps reminding me of Duncan McLeod of “The Highlanders” in 1990’s) kindly returned my emails and explain the whole situation in his perspective. Here’s what he told me.
Me: “How and when did GoSave find its name being used by irresponsible culprits like now?”
McLeod: “To give you some background – we are a startup tech company based in Los Angeles, California.
The real GoSave is a loyalty platform that rewards consumers with virtual currency for the things they love to do online everyday – like shop, search the web, watch videos, discover special offers, and play games. You redeem your virtual currency for gift cards to popular retailers like Amazon.com
We are a hard-working team of 15 people. We work with 100s of advertisers. And dozens of mobile app developers integrate our rewards into their mobile apps and games.
We were just getting ready to launch our website, when we learned that beginning in September 2014, some company was distributing this malware under the name “GoSave.” We discovered that somebody was infringing on our brand name when we started receiving angry messages from people across the world telling us how much they “hated GoSave.” We were a bit shocked, and realized something was definitely wrong….
The “Fake GoSave” as we call it, claims to offer a free service that helps users save money by showing them the lowest prices on products from websites like Amazon.com. However, this software is really adware or malware in disguise, using our name. Once it installs itself on users computers, it is bombarding people with annoying popup ads and slowing down their computers.
You can find the fake GoSave at http://www.gosavenow.info. Interestingly, in our investigation, we have found other websites from the same creator, all of them promising to help “save money shopping.” They are all the sam spam / adware / malware. You can check them out here:
This fake GoSave has really killed our brand name in search engine results. Our name “GoSave” is now being associated with this virus / malware / adware. In fact, when you google “GoSave” – our website and mobile app no longer appear in the top results. In the last month, our real website and mobile app have been replaced by articles like “Remove Ads by GoSave” and “Remove GoSave Virus.” As you can imagine, this really hurts our reputation.
To fight back, we have decided to launch our website ASAP – even before it’s “finished.” Just so that we have a place to share our story. We will also be writing a blog post with details on the situation, and tips for how to remove this fake GoSave.
To restore our search engine credibility, we are kindly asking those authors of websites to remove the improper reference of our name “GoSave” from articles about the virus / malware / adware. Obviously, this is really hard – because there is some fake program out there called “GoSave” – and thousands of people are searching for “GoSave Virus” or “GoSave Adware.” It’s going to be a long battle, but we will win.
Me: Is there any effective way to get rid of the malware? Because it seems persistent even the PC is protected by an antivirus program.”
McLeod: “For now, the best source for removing it is here:
Me: “Are there any other efforts to explain the situation and clarify besides telling people on Twitter your company is victimized by this?”
McLeod: “We are fighting back to restore our good name. We are doing our best to track down the person responsible for this. Unfortunately, tracking people down on the internet is hard. Spammers like this deserve to be held accountable for their actions. We will find the people responsible for this – and we will document our story more on our blog.”
Me: “Are you taking any legal actions once the suspect(s) is found?”
McLeod: “We plan to pursue all legal remedies to protect our brand and our loyal community against the people responsible for distributing this malware under our name.
We’re also going to ask bloggers who have posted about the “GoSave” virus to kindly remove the post referencing our name “GoSave.” We will provide an in depth blog post on our website in the next 48 hours with instructions to remove the fake GoSave Virus. We hope these bloggers will understand, and we completely understand they are doing the right thing by helping people find resources go remove the GoSave Virus. We can work together to stop this mess.”