» uninstall.browsersafeguard.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (3)
Downloads (1)

uninstall.browsersafeguard.exe

Distributed by Adknowledge's installers (Optimum/Fusion/Tiny), the trojan adware will proxy various web traffic and inject advertising in the browser. BrowserProtect was programmed by Danny Miller of Adknowledge. The software uses Fiddler, web debugging proxy, for capturing HTTP traffic and will install a root certificate named DO_NOT_TRUST_FiddlerRoot. The application uninstall.browsersafeguard.exe has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is the uninstaller utility registered in the Windows Control Panel for the program RocketTab by RocketTab. Additionally, the file is typically installed by a number of programs including BrowserSafeguard with RocketTab by Adknowledge, Inc. and BrowserSafeguard by Adknowledge, Inc., both potentially unwanted software.

File name:

Version:

1.0.5318.24522

MD5:

2e1c618e96f0a932d5e0c98a8a80cf8b

SHA-1:

f339d2ac4455986b6b9c141bf69bff7fac8bf6cf

SHA-256:

97e6ee22f0db9bbe956551c9953a5240462ac87fa76a501053bf89ff3816ebdb

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Part of an adware program delivered by Adknowledge that will modify the web browser's settings (preferred home page and default search settings) and install a local proxy to intercept and inject various forms of advertising.

Analysis date:

5/3/2024 4:25:22 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.BrowserSafeguard.Z

14.7.25.14

File size:

4.3 MB (4,472,320 bytes)

Product version:

1.0.5318.24522

Original file name:

Installer.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\browsersafeguard\uninstall.browsersafeguard.exe

File PE Metadata

Compilation timestamp:

7/24/2014 7:38:19 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

98304:AebGkKA/O58NoLPau+Uno7PztNlVBav1mY4Y:RRFophozztNpad

Entry address:

0x43A887

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.1928

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

4.2 MB (4,426,240 bytes)

Program Uninstaller

Program name:

RocketTab

Display publisher:

RocketTab

Uninstall string:

"C:\Program Files (x86)\BrowserSafeguard\uninstall.BrowserSafeguard.exe" /u=true /UserID=64097ff2-24e6-47f8-958a-77371fa925a4 /SourceID=nuste|7se_AdwCleaner /ImplementationID=browsersafeguard-rocketta

The file uninstall.browsersafeguard.exe has been discovered within the following programs.

BrowserSafeguard by Adknowledge, Inc.

RocketTab is licensed by Rich River Media but typically bundled with BrowserSafeguard, the software is distributed through numerous adware bundlers including optimum-installer, FUSION INSTALL and Tint Installer.

www.browsersafeguard.com

80% remove it

BrowserSafeguard with RocketTab by Adknowledge, Inc.

BrowserSafeguard is distributed through the company's OptimumInstaller / InstallIQ, a pay-per-install download bundler.

82% remove it

Rockettab by Rich River Media, LLC

RocketTab is an adware program that injects advertising in the user's web browser by creating a local proxy server and routing all Internet traffic through that proxy. By re-routing traffic the service will be able to include various ads in the HTML of the displaying web page.

rockettab.com

88% remove it

The file uninstall.browsersafeguard.exe has been seen being distributed by the following URL.

http://j.allfree-soft.net/inst/software/A09987D9-E248-412D-B5F6-77EB8B8B75C1/.../rtinstaller.exe

Remove uninstall.browsersafeguard.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.