uninstall.browsersafeguard.exe

Distributed by Adknowledge's installers (Optimum/Fusion/Tiny), the trojan adware will proxy various web traffic and inject advertising in the browser. BrowserProtect was programmed by Danny Miller of Adknowledge. The software uses Fiddler, web debugging proxy, for capturing HTTP traffic and will install a root certificate named DO_NOT_TRUST_FiddlerRoot. The application uninstall.browsersafeguard.exe has been detected as adware by 5 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. This is the uninstaller utility registered in the Windows Control Panel for the program BrowserSafeguard by Browsersafeguard. This file is typically installed with the program BrowserSafeguard by Adknowledge, Inc. which is a potentially unwanted software program.
Version:
1.0.0.0

MD5:
6e7adb4655bbb9f25f0bc7db050a4c8b

SHA-1:
b22b4076877f5e70bc488fddf8b255266b2e3c33

SHA-256:
e4f3b513d8a85f52fc64e462781c3dfc5eeef7fced9adf73fe322661e9e33c8e

Scanner detections:
5 / 68

Status:
Adware

Explanation:
Part of an adware program delivered by Adknowledge that will modify the web browser's settings (preferred home page and default search settings) and install a local proxy to intercept and inject various forms of advertising.

Analysis date:
12/25/2024 1:31:00 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic5
2014.0.3616

Comodo Security
ApplicUnwnt
17457

McAfee
Adware-Bsafeg!6E7ADB4655BB
5600.7272

Reason Heuristics
PUP.BrowserSafeguard.Task.Z
14.5.8.11

Trend Micro House Call
TROJ_GEN.R0C1H06L513
7.2.358

File size:
3.3 MB (3,420,672 bytes)

Product version:
1.0.0.0

Original file name:
Installer.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\browsersafeguard\uninstall.browsersafeguard.exe

File PE Metadata
Compilation timestamp:
10/1/2013 9:51:46 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
49152:jbyW5zITJPwLJVHOcMTb+qQM3rB2i2HSa4Y9xXCxYgSxM:HyW58NoLPHHMPbN3r8lHSxYB

Entry address:
0x3360A2

Entry point:
FF, 25, B0, 60, 73, 00, 00, 00, 00, 00, 00, 00, 00, 00, 84, 60, 33, 00, 00, 00, 00, 00, 00, 00, 00, 00, 82, E1, 4A, 52, 00, 00, 00, 00, 02, 00, 00, 00, 79, 00, 00, 00, D4, 60, 33, 00, D4, 42, 33, 00, 52, 53, 44, 53, 6F, 4A, DD, 68, 02, 88, 8B, 44, 81, 1E, 81, 24, F8, 30, 12, 8C, 01, 00, 00, 00, 43, 3A, 5C, 55, 73, 65, 72, 73, 5C, 64, 6D, 69, 6C, 6C, 65, 72, 5C, 44, 6F, 63, 75, 6D, 65, 6E, 74, 73, 5C, 50, 72, 6F, 6A, 65, 63, 74, 73, 5C, 49, 6E, 73, 74, 61, 6C, 6C, 65, 72, 73, 5C, 42, 72, 6F, 77, 73, 65, 72...
 
[+]

Entropy:
7.1011

Code size:
3.2 MB (3,359,232 bytes)

Program Uninstaller
Program name:
BrowserSafeguard

Display publisher:
Browsersafeguard

Uninstall string:
"C:\Program Files\Browsersafeguard\uninstall.browsersafeguard.exe" /u /UserID=00c2c4c1-e8d4-40d8-af44-efb5eb4420c2 /SourceID=cpa_ie10 /ImplementationID=browsersafeguard-open


Scheduled Task
Task name:
BrowserSafeguard Update Task

Trigger:
Daily (Runs daily at 6:57 PM)


The file uninstall.browsersafeguard.exe has been discovered within the following program.

BrowserSafeguard  by Adknowledge, Inc.
RocketTab is licensed by Rich River Media but typically bundled with BrowserSafeguard, the software is distributed through numerous adware bundlers including optimum-installer, FUSION INSTALL and Tint Installer.
www.browsersafeguard.com
80% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-243-65-88.compute-1.amazonaws.com  (54.243.65.88:80)

TCP (HTTP):
Connects to ec2-54-243-203-185.compute-1.amazonaws.com  (54.243.203.185:80)

TCP (HTTP):
Connects to ec2-23-23-240-140.compute-1.amazonaws.com  (23.23.240.140:80)

Remove uninstall.browsersafeguard.exe - Powered by Reason Core Security