» uninstall.browsersafeguard.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

uninstall.browsersafeguard.exe

Distributed by Adknowledge's installers (Optimum/Fusion/Tiny), the trojan adware will proxy various web traffic and inject advertising in the browser. BrowserProtect was programmed by Danny Miller of Adknowledge. The software uses Fiddler, web debugging proxy, for capturing HTTP traffic and will install a root certificate named DO_NOT_TRUST_FiddlerRoot. The application uninstall.browsersafeguard.exe has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is the uninstaller utility registered in the Windows Control Panel for the program BrowserSafeguard with Rockettab by Browsersafeguard. This file is typically installed with the program BrowserSafeguard with RocketTab by Adknowledge, Inc. which is a potentially unwanted software program.

File name:

Version:

1.0.0.0

MD5:

a65f184bd1eaf263da5a264732ee62f0

SHA-1:

7fc959c32092236ea5de20124ffe3f4ecd066646

SHA-256:

2c4538df9b4500f1ccc9a5175f2a16219a57903f67c70a8d4b84b4d11baecba4

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Part of an adware program delivered by Adknowledge that will modify the web browser's settings (preferred home page and default search settings) and install a local proxy to intercept and inject various forms of advertising.

Analysis date:

4/25/2024 9:08:56 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.BrowserSafeguard.Z

14.9.20.22

File size:

3.2 MB (3,341,312 bytes)

Product version:

1.0.0.0

Original file name:

Installer.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\browsersafeguard\uninstall.browsersafeguard.exe

File PE Metadata

Compilation timestamp:

1/22/2014 5:55:11 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

49152:LFdRI3n1fqv6tzITJPwLJVHsv9zlWZb3lkN9wNNkvwXIE4Y9:nReRt8NoLPH29zQ5lsaYoIzY

Entry address:

0x322AEE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.2701

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

3.1 MB (3,279,872 bytes)

Program Uninstaller

Program name:

BrowserSafeguard with Rockettab

Display publisher:

Browsersafeguard

Uninstall string:

"C:\Program Files (x86)\Browsersafeguard\uninstall.BrowserSafeguard.exe" /u /UserID=8ef80f6c-3788-4c1b-bb1d-68e8b8f21706 /SourceID=browsersafeguard-rockettab-tightrope /ImplementationID=browsersafegua

The file uninstall.browsersafeguard.exe has been discovered within the following program.

BrowserSafeguard with RocketTab by Adknowledge, Inc.

BrowserSafeguard is distributed through the company's OptimumInstaller / InstallIQ, a pay-per-install download bundler.

www.browsersafeguard.com

82% remove it

Remove uninstall.browsersafeguard.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.