How to remove adware from Macs

PUP Friday: Adware family EoRezo

EoRezo which is sometimes called Tuto4PC, is a family of software bundles that typically offers something useful for free and then makes money by bundling it with adware. The free stuff can be a tutorial or some software.

The name Tuto4PC comes from their home website www[dot]tuto4pc[dot]com where they offer tutorials for various software suites like Adobe Photoshop and Microsoft PowerPoint (all in French).

A typical side-offer for Tuto4PC is Search Protect, a browser hijacker.

searchprotect

The enterprise

Tuto4pc.com Group SA has a listing at the NYSE Alternext Stock Exchange in Paris (ALTUT.PA).

ABOUT

Tuto4pc.com Group SA is a France-based company, which provides commercial advertising services. The Company specializes in commercial advertising on the Internet through a service providing free downloadable software tutorials available to the user in exchange for agreeing to receive advertisements for its Internet browsing. In exchange for free installation of a software called Learning Tutorial, the user agrees to receive full-screen advertising displays, after confirming his entry in a database and accepting general conditions of the license application. Tuto4pc.com Group SA operates three subsidiaries: one wholly-owned Cloud4PC SAS, 99.95%-owned Tuto4pc.com SA and 90%-owned Tuto4pc.com International Srl.

The group was founded in 2004 and started delivering targeted advertisements in 2010 using their contextual analysis tool.

The adware

Where Tuto4PC focuses on the tutorials, EoRezo is the branch that usually comes with other software. Some examples from our collection of removal guides: maintenance software,  BrowseExtension, Desktop Improver, and DailyPCClean. This type of adware habitually opens a new window, or tab, of your default browser every 10 to 15 minutes, to fetch an advertisement or survey.

Some of them are of such a dubious nature that we deemed it better to block them using the Malicious Website Protection module that comes with Malwarebytes Anti-Malware Premium.

blocked

Prevention

Prevention is not too hard in these cases, since users install these themselves, even if it is by just clicking “I agree” or “OK” without reading.

  • If you get something for free on the internet, carefully check what the catch might be.
  • Download software from the publisher when possible.
  • Protect your computer against malware and PUPs.

Summary

EoRezo is a detection name that is in use for a big part of the adware family called Tuto4PC. The adware is bundled with other software and with tutorials (about software). The adware, although annoying, is usually harmless by itself, but that can’t be said about the advertisements and sites it opens on the victim’s computer. With advertising, there is always the possibility of malvertising and the scamming powers of surveys are a known force for the frequent readers of our blog.

Pieter Arntz

ABOUT THE AUTHOR

Pieter Arntz

Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.