Virus Profile: Adware-BrowseFox

Threat Search
Print
   
Virus Profile information details
Risk Assessment: Home N/A | Corporate N/A
Date Discovered: 6/11/2014
Date Added: 6/11/2014
Origin: Unknown
Length: Varies
Type: PUP
Subtype: Adware
DAT Required: 7466
Removal Instructions
   
 
 
   

Description

This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them.

Aliases –
  • Nod32        -    a variant of Win32/BrowseFox.H

Indication of Infection

Presence of above mentioned activities.   

Methods of Infection

This is not a virus or Trojan. PUPs do not "infect" systems. They may be installed by a user individually or possibly as a part of a software package (in a bundle, for example).
   

Virus Characteristics


---------Updated on December 26th 2014 -------------------------

"Adware-BrowseFo
x” is detection for adware which changes user’s typical search behavior and popup advertising for third party in browsers like Google Chrome, Mozilla Firefox and Internet Explorer

Upon execution, it tries to connect to following URL’s & IP’s through remote port 80

  • hxxp://api[Removed]ihelp.info/rs
  • 70.[Removed].80
  • 23.[Removed].163
  • 70.[Removed].118

Upon execution, the following files have been added to the system.

  • %Temp%\~nsu.tmp\Au_.exe
  • %Temp%\nslEB.tmp\UserInfo.dll
  • %Temp%\nslEB.tmp\nsDialogs.dll
  • %Temp%\Cab2C.tmp
  • %Temp%\Tar2D.tmp
  • %Temp%\TarD2.tmp
  • %Temp%\CabD1.tmp
  • %Temp%\CabD3.tmp


----------------------------------Updated on September 3rd 2014 -----------------------------

Aliases –

  • kaspersky    -    not-a-virus:HEUR:AdWare.MSIL.Kranet.heur
  • Ikarus        -    PUA.MSIL.BrowseFox
  • Nod32        -    MSIL/BrowseFox.G application

“Adware-BrowseFox” is detection for adware which changes user’s typical search behavior and popup advertising for third party in browsers like Google Chrome, Mozilla Firefox and Internet Explorer

Upon execution the file tries to connect to following IP’s.

  • api.bro[Removed]art.net
  • 70. [Removed].155
  • 23. [Removed].163
  • 8. [Removed].125
  • 70.[Removed].9

The following files have been added to the system.

  • %Temp%/Tar31.tmp
  • %Temp%/Cab30.tmp

The following register keys have been added to the system

  • HKEY_USERS\S-1-5-21-[Varies]\Software\albrechto

The following register keys Values have been added to the system

  • HEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%USERPROFILE%\Desktop\albrechto.BRT.Helper.exe: "%USERPROFILE%\Desktop\albrechto.BRT.Helper.exe:*:Enabled: "
--------------------------------------------------------------------------------------------------------------
“Adware-BrowseFox”
is detection for adware which changes user’s typical search behavior and popup advertising for third party in browsers like Google Chrome, Mozilla Firefox and Internet Explorer

Upon execution the file tries to connect to following IP’s.
  • api.bro[Removed]art.net
  • 70. [Removed].155
  • 23. [Removed].163
  • 8. [Removed].125
The following files have been added to the system.
  • %Temp%Cab2C.tmp
  • %Temp%Tar2D.tmp
   
Use current engine and DAT files for detection and removal. Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).
   

PC Infected? Get Expert Help

McAfee
Virus Removal Service

Connect to one of our Security Experts by phone. Have your PC fixed remotely - while you watch!

$89.95