uninstall.browsersafeguard.exe

Distributed by Adknowledge's installers (Optimum/Fusion/Tiny), the trojan adware will proxy various web traffic and inject advertising in the browser. BrowserProtect was programmed by Danny Miller of Adknowledge. The application uninstall.browsersafeguard.exe has been detected as adware by 2 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. Additionally, the file is typically installed by a number of programs including BrowserSafeguard by Adknowledge, Inc. and BrowserSafeguard with RocketTab by Adknowledge, Inc., both potentially unwanted software.
Version:
1.0.0.0

MD5:
129867452cbfa4cf949527772828e87f

SHA-1:
a6849b188b35419bee9d3a952cb93947f5d27d66

SHA-256:
46cceb52a1052b0f391c49fdff575e75f770ed8e8561901ae4f565e773d1a1a4

Scanner detections:
2 / 68

Status:
Adware

Explanation:
Part of an adware program delivered by Adknowledge that will modify the web browser's settings (preferred home page and default search settings) and install a local proxy to intercept and inject various forms of advertising.

Analysis date:
12/25/2024 1:13:33 AM UTC  (today)

Scan engine
Detection
Engine version

Qihoo 360 Security
HEUR/Malware.QVM03.Gen
1.0.0.1015

Reason Heuristics
PUP.BrowserSafeguard.Task.Z
14.5.8.11

File size:
3.2 MB (3,350,528 bytes)

Product version:
1.0.0.0

Original file name:
Installer.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\browsersafeguard\uninstall.browsersafeguard.exe

File PE Metadata
Compilation timestamp:
2/5/2014 7:06:55 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
49152:VFXAKcc1f0TGDj+FT91b+qQM0rt2i2WIlzITJPwLJVmd4Y9:VFQKz+Z9xbN0rAlWIl8NoLPmWY

Entry address:
0x324E29

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.2690

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
3.1 MB (3,289,088 bytes)

Scheduled Task
Task name:
BrowserSafeguard Update Task

Trigger:
Daily (Runs daily at 9:36 PM)

Action:
uninstall.browsersafeguard.exe \checkupdate=true

Description:
Updates your BrowserSafeguard software. If this task is disabled or deleted, your software will not be kept up to date and may be succeptible to addi


The file uninstall.browsersafeguard.exe has been discovered within the following programs.

BrowserSafeguard  by Adknowledge, Inc.
RocketTab is licensed by Rich River Media but typically bundled with BrowserSafeguard, the software is distributed through numerous adware bundlers including optimum-installer, FUSION INSTALL and Tint Installer.
www.browsersafeguard.com
80% remove it
BrowserSafeguard with RocketTab  by Adknowledge, Inc.
BrowserSafeguard is distributed through the company's OptimumInstaller / InstallIQ, a pay-per-install download bundler.
82% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-243-65-88.compute-1.amazonaws.com  (54.243.65.88:80)

TCP (HTTP):
Connects to ec2-54-243-203-185.compute-1.amazonaws.com  (54.243.203.185:80)

TCP (HTTP):
Connects to ec2-23-23-240-140.compute-1.amazonaws.com  (23.23.240.140:80)

Remove uninstall.browsersafeguard.exe - Powered by Reason Core Security