» uninstall.browsersafeguard.exe
Overview
Analysis
File Details
Programs (2)

uninstall.browsersafeguard.exe

Distributed by Adknowledge's installers (Optimum/Fusion/Tiny), the trojan adware will proxy various web traffic and inject advertising in the browser. BrowserProtect was programmed by Danny Miller of Adknowledge. The software uses Fiddler, web debugging proxy, for capturing HTTP traffic and will install a root certificate named DO_NOT_TRUST_FiddlerRoot. The application uninstall.browsersafeguard.exe has been detected as adware by 25 anti-malware scanners. Additionally, the file is typically installed by a number of programs including BrowserSafeguard by Adknowledge, Inc. and "Rockettab" by Adknowledge, Inc., both potentially unwanted software. According to AVG, this software downloads additional adware offers during setup.

File name:

MD5:

0edb6614a108a0f0308f790260509a10

SHA-1:

fee74936c7ab88608bc639e1a816226f820b368b

SHA-256:

a987cbe747563412590aefaf1a0690db3b04e62607d7b32e9c3437fc1847ecf5

Scanner detections:

25 / 68

Status:

Adware

Explanation:

Part of an adware program delivered by Adknowledge that will modify the web browser's settings (preferred home page and default search settings) and install a local proxy to intercept and inject various forms of advertising.

Analysis date:

4/27/2024 1:41:56 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.1731590

431

Agnitum Outpost

PUA.Agent

7.1.1

Avira AntiVirus

TR/Rogue.5030432

7.11.214.2

avast!

Win32:Malware-gen

2014.9-151201

AVG

Downloader

2016.0.2909

Baidu Antivirus

Adware.MSIL.iBryte

4.0.3.15121

Bitdefender

Trojan.GenericKD.1731590

1.0.20.1675

Clam AntiVirus

Win.Trojan.Agent-760138

0.98/21511

Comodo Security

ApplicUnwnt

21304

Emsisoft Anti-Malware

Trojan.GenericKD.1731590

8.15.12.01.05

ESET NOD32

MSIL/Adware.iBryte

9.11275

Fortinet FortiGate

Adware/IBryte

12/1/2015

F-Secure

Trojan.GenericKD.1731590

11.2015-01-12_3

G Data

Trojan.GenericKD.1731590

15.12.25

IKARUS anti.virus

PUA.MSIL.Cellbi

t3scan.1.8.6.0

McAfee

Artemis!0EDB6614A108

5600.6565

MicroWorld eScan

Trojan.GenericKD.1731590

16.0.0.1005

NANO AntiVirus

Trojan.Win32.Graftor.dcjdmt

0.30.0.296

nProtect

Trojan.GenericKD.1731590

15.03.05.01

Panda Antivirus

Trj/Chgt.D

15.12.01.05

Qihoo 360 Security

Win32/Trojan.9bd

1.0.0.1015

Reason Heuristics

PUP.BrowserSafeguard (M)

15.12.1.5

Sophos

Generic PUA PO

4.98

VIPRE Antivirus

iBryte

38152

Zillya! Antivirus

Adware.iBryte.Win32.1598

2.0.0.2089

File size:

4.8 MB (5,030,432 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\browsersafeguard\uninstall.browsersafeguard.exe

File PE Metadata

Compilation timestamp:

5/5/2014 10:52:17 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

98304:sR1DwqChvHjnciDUbYuqNgiuD6KYeSpUD3FHlTvWcxe+509f5kQzRnbttQ2i76Sv:8InNgIMzezZtyg3iv

Entry address:

0x2EAC

Entry point:

E8, 07, 43, 00, 00, E9, 89, FE, FF, FF, 6A, 0C, 68, 08, 0A, 41, 00, E8, AE, 2D, 00, 00, 6A, 0E, E8, 04, 45, 00, 00, 59, 83, 65, FC, 00, 8B, 75, 08, 8B, 4E, 04, 85, C9, 74, 2F, A1, 48, 32, 43, 00, BA, 44, 32, 43, 00, 89, 45, E4, 85, C0, 74, 11, 39, 08, 75, 2C, 8B, 48, 04, 89, 4A, 04, 50, E8, 0B, F3, FF, FF, 59, FF, 76, 04, E8, 02, F3, FF, FF, 59, 83, 66, 04, 00, C7, 45, FC, FE, FF, FF, FF, E8, 0A, 00, 00, 00, E8, 9D, 2D, 00, 00, C3, 8B, D0, EB, C5, 6A, 0E, E8, D0, 43, 00, 00, 59, C3, CC, CC, CC, CC, CC, CC... 
[+]

Entropy:

6.6126

Code size:

52 KB (53,248 bytes)

The file uninstall.browsersafeguard.exe has been discovered within the following programs.

"Rockettab" by Adknowledge, Inc.

RocketTab is an adware (advertising support) web browser application that is designed to display banner ads as well as contextual link ads (such as hyperlinks the user will see underlined).

www.adknowledge.com

86% remove it

BrowserSafeguard by Adknowledge, Inc.

RocketTab is licensed by Rich River Media but typically bundled with BrowserSafeguard, the software is distributed through numerous adware bundlers including optimum-installer, FUSION INSTALL and Tint Installer.

www.browsersafeguard.com

80% remove it

Remove uninstall.browsersafeguard.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.