» uninstall.browsersafeguard.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (2)
Downloads (1)

uninstall.browsersafeguard.exe

Distributed by Adknowledge's installers (Optimum/Fusion/Tiny), the trojan adware will proxy various web traffic and inject advertising in the browser. BrowserProtect was programmed by Danny Miller of Adknowledge. The software uses Fiddler, web debugging proxy, for capturing HTTP traffic and will install a root certificate named DO_NOT_TRUST_FiddlerRoot. The application uninstall.browsersafeguard.exe has been detected as adware by 2 anti-malware scanners. This is the uninstaller utility registered in the Windows Control Panel for the program BrowserSafeguard with RocketTab by Browsersafeguard. Additionally, the file is typically installed by a number of programs including BrowserSafeguard with RocketTab by Adknowledge, Inc. and BrowserSafeguard by Adknowledge, Inc., both potentially unwanted software.

File name:

Version:

1.0.0.0

MD5:

1708a99d8899a94e261945a8c40422a2

SHA-1:

f3ce84a5874e8d2d536ba60ca93a577325f1042e

SHA-256:

1847f7a8628bd44123a15507c586ce96ad3386cebab0a592d388630e2dd1e146

Scanner detections:

2 / 68

Status:

Adware

Explanation:

Part of an adware program delivered by Adknowledge that will modify the web browser's settings (preferred home page and default search settings) and install a local proxy to intercept and inject various forms of advertising.

Analysis date:

2/24/2025 10:33:10 PM UTC (today)

Scan engine

Detection

Engine version

Microsoft Security Essentials

BrowserModifier:MSIL/BrowserSafeGuard

1.10302

Reason Heuristics

PUP.BrowserSafeguard.Z

14.6.10.2

File size:

3.2 MB (3,321,856 bytes)

Product version:

1.0.0.0

Original file name:

Installer.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\browsersafeguard\uninstall.browsersafeguard.exe

File PE Metadata

Compilation timestamp:

1/10/2014 11:09:53 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

49152:6czITJPwLJVH9bmPPeib7CNLKwBUOv1SSa4Y927Q1Ub:6c8NoLPH9kP0NLfBDv1SSxY

Entry address:

0x31DEAE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.1595

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

3.1 MB (3,260,416 bytes)

Program Uninstaller

Program name:

BrowserSafeguard with RocketTab

Display publisher:

Browsersafeguard

Uninstall string:

"E:\Program Files\Browsersafeguard\uninstall.BrowserSafeguard.exe" /u /UserID=824e6c57-2c5a-482a-b464-eb6d017e61b8 /SourceID=google_fileopenerpro-display-topics-FR-300x250-downloadsprint.com-281370666

The file uninstall.browsersafeguard.exe has been discovered within the following programs.

BrowserSafeguard by Adknowledge, Inc.

RocketTab is licensed by Rich River Media but typically bundled with BrowserSafeguard, the software is distributed through numerous adware bundlers including optimum-installer, FUSION INSTALL and Tint Installer.

www.browsersafeguard.com

80% remove it

BrowserSafeguard with RocketTab by Adknowledge, Inc.

BrowserSafeguard is distributed through the company's OptimumInstaller / InstallIQ, a pay-per-install download bundler.

82% remove it

The file uninstall.browsersafeguard.exe has been seen being distributed by the following URL.

http://install.browsersafeguard.com/.../installer.exe

Remove uninstall.browsersafeguard.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.