» uninstall.browsersafeguard.exe
Overview
Analysis
File Details
Programs (1)
Downloads (1)

uninstall.browsersafeguard.exe

Distributed by Adknowledge's installers (Optimum/Fusion/Tiny), the trojan adware will proxy various web traffic and inject advertising in the browser. BrowserProtect was programmed by Danny Miller of Adknowledge. The application uninstall.browsersafeguard.exe has been detected as adware by 5 anti-malware scanners. This file is typically installed with the program BrowserSafeguard by Adknowledge, Inc. which is a potentially unwanted software program. The file has been seen being downloaded from install.browsersafeguard.com.

File name:

Version:

1.0.0.0

MD5:

fa4264fe10de482b87583bf194627f5d

SHA-1:

53b2ca99e9427cbeb32065ffb8b7101bdcb80f56

SHA-256:

8257cceab3469bc141522ad89e26f60824ac6117912dae4bc3733727e576cb5e

Scanner detections:

5 / 68

Status:

Adware

Explanation:

Part of an adware program delivered by Adknowledge that will modify the web browser's settings (preferred home page and default search settings) and install a local proxy to intercept and inject various forms of advertising.

Analysis date:

4/20/2024 1:53:39 PM UTC (today)

Scan engine

Detection

Engine version

Bkav FE

W32.Clodee3.Trojan

1.3.0.4562

McAfee

Adware-Bsafeg!FA4264FE10DE

5600.7238

Panda Antivirus

Suspicious file

14.01.26.06

Reason Heuristics

PUP.BrowserSafeguard.Z

14.5.8.11

Trend Micro House Call

TROJ_GEN.F47V1102

7.2.26

File size:

3.3 MB (3,447,296 bytes)

Product version:

1.0.0.0

Original file name:

Installer.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\browsersafeguard\uninstall.browsersafeguard.exe

File PE Metadata

Compilation timestamp:

10/29/2013 1:49:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

49152:NKF4zITJPwLJVH1SNQSzpNRb3dkN9wNNEvwtSa4Y9vnCQ+XSz:sF48NoLPH1MDhdsaocSxY

Entry address:

0x33C7DE

Entry point:

FF, 25, EC, C7, 73, 00, 00, 00, 00, 00, 00, 00, 00, 00, C0, C7, 33, 00, 00, 00, 00, 00, 00, 00, 00, 00, 1D, F5, 6F, 52, 00, 00, 00, 00, 02, 00, 00, 00, 79, 00, 00, 00, 10, C8, 33, 00, 10, AA, 33, 00, 52, 53, 44, 53, 7F, B7, 66, 85, 8E, A1, A2, 40, 8D, 62, D9, 48, C1, F4, 61, 1A, 01, 00, 00, 00, 43, 3A, 5C, 55, 73, 65, 72, 73, 5C, 64, 6D, 69, 6C, 6C, 65, 72, 5C, 44, 6F, 63, 75, 6D, 65, 6E, 74, 73, 5C, 50, 72, 6F, 6A, 65, 63, 74, 73, 5C, 49, 6E, 73, 74, 61, 6C, 6C, 65, 72, 73, 5C, 42, 72, 6F, 77, 73, 65, 72... 
[+]

Entropy:

7.0957

Code size:

3.2 MB (3,385,856 bytes)

The file uninstall.browsersafeguard.exe has been discovered within the following program.

BrowserSafeguard by Adknowledge, Inc.

RocketTab is licensed by Rich River Media but typically bundled with BrowserSafeguard, the software is distributed through numerous adware bundlers including optimum-installer, FUSION INSTALL and Tint Installer.

www.browsersafeguard.com

80% remove it

The file uninstall.browsersafeguard.exe has been seen being distributed by the following URL.

http://install.browsersafeguard.com/.../installer.exe

Remove uninstall.browsersafeguard.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.