» uninstall.browsersafeguard.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Downloads (1)

uninstall.browsersafeguard.exe

Distributed by Adknowledge's installers (Optimum/Fusion/Tiny), the trojan adware will proxy various web traffic and inject advertising in the browser. BrowserProtect was programmed by Danny Miller of Adknowledge. The software uses Fiddler, web debugging proxy, for capturing HTTP traffic and will install a root certificate named DO_NOT_TRUST_FiddlerRoot. The application uninstall.browsersafeguard.exe has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. This is the uninstaller utility registered in the Windows Control Panel for the program BrowserSafeguard by Browsersafeguard. This file is typically installed with the program BrowserSafeguard by Adknowledge, Inc. which is a potentially unwanted software program.

File name:

Version:

1.0.0.0

MD5:

9370d38428a14abddaec24551498eaab

SHA-1:

8b233229f65451a09119597ab6dbb0f3002d422e

SHA-256:

4df376493264b121b5df856f4f69490f99cf753efc7495c9acf20afd832e5e3d

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Part of an adware program delivered by Adknowledge that will modify the web browser's settings (preferred home page and default search settings) and install a local proxy to intercept and inject various forms of advertising.

Analysis date:

5/19/2024 10:33:21 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.BrowserSafeguard.Z

14.5.8.11

File size:

3.2 MB (3,353,088 bytes)

Product version:

1.0.0.0

Original file name:

Installer.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\browsersafeguard\uninstall.browsersafeguard.exe

File PE Metadata

Compilation timestamp:

2/24/2014 4:41:55 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

49152:XhvWx61f0qtXhgmq1b+qQM0rt2i27IlzITJPwLJVmd4Y9:XdWSWmqxbN0rAl7Il8NoLPmWY

Entry address:

0x325958

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

3.1 MB (3,291,648 bytes)

Program Uninstaller

Program name:

BrowserSafeguard

Display publisher:

Browsersafeguard

Uninstall string:

"C:\Program Files (x86)\Browsersafeguard\uninstall.BrowserSafeguard.exe" /u /UserID=872cbab8-7f75-412f-9ba8-0647e4db102a /SourceID=google_groovestream-display-FR-300x250-mp3download-songs-33349138883

The file uninstall.browsersafeguard.exe has been discovered within the following program.

BrowserSafeguard by Adknowledge, Inc.

RocketTab is licensed by Rich River Media but typically bundled with BrowserSafeguard, the software is distributed through numerous adware bundlers including optimum-installer, FUSION INSTALL and Tint Installer.

www.browsersafeguard.com

80% remove it

The file uninstall.browsersafeguard.exe has been seen being distributed by the following URL.

http://d890t4wyanc8w.cloudfront.net/.../installer.exe

Remove uninstall.browsersafeguard.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.