uninstall.browsersafeguard.exe

Distributed by Adknowledge's installers (Optimum/Fusion/Tiny), the trojan adware will proxy various web traffic and inject advertising in the browser. BrowserProtect was programmed by Danny Miller of Adknowledge. The application uninstall.browsersafeguard.exe has been detected as adware by 3 anti-malware scanners. This is the uninstaller utility registered in the Windows Control Panel for the program BrowserSafeguard by Browsersafeguard. This file is typically installed with the program BrowserSafeguard by Adknowledge, Inc. which is a potentially unwanted software program.
Version:
1.0.0.0

MD5:
5244330dc68c1c58c4c7de6764dff074

SHA-1:
2bbf5b31ec445a0ce5cc6aeacee3047ada21a6a8

SHA-256:
40b1faeaa544a48b1fb128a944d10cae979ed226a903609ee6a5d4e09af11a80

Scanner detections:
3 / 68

Status:
Adware

Explanation:
Part of an adware program delivered by Adknowledge that will modify the web browser's settings (preferred home page and default search settings) and install a local proxy to intercept and inject various forms of advertising.

Analysis date:
12/25/2024 1:28:23 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic5
2015.0.3478

Reason Heuristics
PUP.BrowserSafeguard.Z
14.5.11.9

VIPRE Antivirus
Adware.Bsafeg
26956

File size:
2.3 MB (2,372,608 bytes)

Product version:
1.0.0.0

Original file name:
Installer.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\browsersafeguard\uninstall.browsersafeguard.exe

File PE Metadata
Compilation timestamp:
8/19/2013 11:26:29 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:1bPzaLOBv7auQwRBiRBwaSx97Jh26GH/PiIe1WUQqfRtNIvMKp5RgBtr/ki14Y9d:wsBuSXW1eYUQ0K0tsk4Y9JWCXY1SZ

Entry address:
0x2362A2

Entry point:
FF, 25, B0, 62, 63, 00, 00, 00, 00, 00, 00, 00, 00, 00, 84, 62, 23, 00, 00, 00, 00, 00, 00, 00, 00, 00, 35, 47, 12, 52, 00, 00, 00, 00, 02, 00, 00, 00, 79, 00, 00, 00, D4, 62, 23, 00, D4, 44, 23, 00, 52, 53, 44, 53, 15, 82, 4B, C3, 87, B0, 3D, 4B, B7, 7A, 02, 4F, FE, 94, 21, 5A, 01, 00, 00, 00, 43, 3A, 5C, 55, 73, 65, 72, 73, 5C, 64, 6D, 69, 6C, 6C, 65, 72, 5C, 44, 6F, 63, 75, 6D, 65, 6E, 74, 73, 5C, 50, 72, 6F, 6A, 65, 63, 74, 73, 5C, 49, 6E, 73, 74, 61, 6C, 6C, 65, 72, 73, 5C, 42, 72, 6F, 77, 73, 65, 72...
 
[+]

Entropy:
7.1206

Code size:
2.2 MB (2,311,168 bytes)

Program Uninstaller
Program name:
BrowserSafeguard

Display publisher:
Browsersafeguard

Uninstall string:
"C:\Program Files (x86)\Browsersafeguard\uninstall.browsersafeguard.exe" /u /UserID=72bd525e-0040-461a-aa63-71beb4482476 /SourceID=matomy_updatebrowser-us /ImplementationID=browsersafeguard-pitch


The file uninstall.browsersafeguard.exe has been discovered within the following program.

BrowserSafeguard  by Adknowledge, Inc.
RocketTab is licensed by Rich River Media but typically bundled with BrowserSafeguard, the software is distributed through numerous adware bundlers including optimum-installer, FUSION INSTALL and Tint Installer.
www.browsersafeguard.com
80% remove it
 
Powered by Should I Remove It?

The file uninstall.browsersafeguard.exe has been seen being distributed by the following URL.

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-243-203-185.compute-1.amazonaws.com  (54.243.203.185:80)

TCP (HTTP):
Connects to ec2-54-243-65-88.compute-1.amazonaws.com  (54.243.65.88:80)

TCP (HTTP):
Connects to ec2-23-23-240-140.compute-1.amazonaws.com  (23.23.240.140:80)

Remove uninstall.browsersafeguard.exe - Powered by Reason Core Security