home

uninstall.exe

QuestBrowse.com

The application uninstall.exe by QuestBrowse.com has been detected as adware by 18 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This is the uninstaller utility registered in the Windows Control Panel for the program QuestBrowse 1.0 build 117.
Publisher:
QuestBrowse.com  (signed and verified)

MD5:
6e91d2a93b7207121aedea8b80d90829

SHA-1:
ac0725bd6d1eb2949339f671b8d0e3610e1d8299

Scanner detections:
18 / 68

Status:
Adware

Analysis date:
4/18/2024 11:16:38 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Avira AntiVirus
Adware/Zwunzi3.A.696
7.11.120.88

avast!
NSIS:Zwangi-D [Drp]
2014.9-140724

Bkav FE
W32.BardiscoMT.Trojan
1.3.0.4613

Comodo Security
UnclassifiedMalware
17457

Dr.Web
Trojan.Searcher.211
9.0.1.0205

Fortinet FortiGate
Adware/OneStep
7/24/2014

Malwarebytes
Adware.QuestBrowse
v2014.07.24.01

McAfee
Adware-OneStep.l
5600.7060

Microsoft Security Essentials
BrowserModifier:Win32/Zwangi
1.165.247.01

NANO AntiVirus
Trojan.Win32.Searcher.egtqk
0.28.0.56692

nProtect
Trojan-Clicker/W32.QueryBrowser.85232
13.12.17.03

Panda Antivirus
Adware/OneStep
14.07.24.01

Reason Heuristics
PUP.QuestBrowse.J
14.7.24.1

Sophos
Zwangi
4.96

SUPERAntiSpyware
Adware.Zwangi
10465

Trend Micro House Call
TROJ_GEN.RCBCEB7
7.2.205

Trend Micro
TROJ_GEN.RCBCEB7
10.465.24

VIPRE Antivirus
Onestepsearch
24466

File size:
83.2 KB (85,232 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\Program Files\questbrowse\uninstall.exe

Digital Signature
Signed by:
QuestBrowse.com

Authority:
The USERTRUST Network

Valid from:
7/7/2010 7:00:00 AM

Valid to:
7/7/2012 6:59:59 AM

Subject:
CN=QuestBrowse.com, O=QuestBrowse.com, STREET=2141 Rosecrans Ave, STREET=Suite 2020, L=El Segundo, S=CA, PostalCode=90245, C=US

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
00E4373D3806C6A390387CD443CAFF15A0

File PE Metadata
Compilation timestamp:
2/17/2007 7:48:48 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:YEkjY1zy214Qay0DGkJ7qAELVigJQcmRcpNJ/dhYqqLxJ2/DxT:XkjAJ4dDGkJ+AI0e5zJ/dOq5/t

Entry address:
0x3154

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 14, 40, 92, 40, 00, 33, F6, C6, 44, 24, 10, 20, FF, 15, 30, 70, 40, 00, 53, FF, 15, 74, 72, 40, 00, A3, F0, F4, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 60, 98, 42, 00, FF, 15, 5C, 71, 40, 00, 68, 30, 92, 40, 00, 68, 40, EC, 42, 00, E8, 31, 28, 00, 00, FF, 15, B4, 70, 40, 00, BF, 00, 50, 43, 00, 50, 57, E8, 1F, 28, 00, 00, 53, FF, 15, 0C, 71, 40, 00, 80, 3D, 00, 50, 43, 00, 22, A3, 40, F4, 42, 00, 8B, C7, 75, 0A...
 
[+]

Entropy:
7.3013

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

Program Uninstaller
Program name:
QuestBrowse 1.0 build 117

Uninstall string:
C:\Program Files\QuestBrowse\uninstall.exe


Remove uninstall.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.