Adware.BrowserSafer is Malwarebytes’ detection name for adware from browsersafer.com, which claims it will protect users while browsing the web but really serves up advertisements.
Adware.BrowserSafer shows the user advertisements in every conceivable form, such as pop-up windows, banners, and on-site ad replacement. It uses a proxy and a service to accomplish control over the content.
This adware is often seen in bundlers but is also offered for download on the company’s website.
Malwarebytes blocks the install of Adware.BrowserSafer by using real-time protection.
Malwarebytes blocks Adware.Browsersafer
Malwarebytes can detect and remove Adware.BrowserSafer without further user interaction.
A Malwarebytes log of removal will look similar to this:
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 4/20/18
Scan Time: 9:01 AM
Log File: af5ae79a-4468-11e8-aefd-080027235d76.json
Administrator: Yes
-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.4808
License: Premium
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {computername}\{username}
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 246055
Threats Detected: 10
Threats Quarantined: 10
Time Elapsed: 3 min, 5 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 2
PUP.Optional.SpecialSearchOffer, C:\PROGRAM FILES (X86)\BROWSESAFER\BROWSERSAFER.EXE, Quarantined, [1679], [512255],1.0.4808
PUP.Optional.BrowserSafer, C:\PROGRAM FILES (X86)\BROWSESAFER\BROWSERSAFERMNGR.EXE, Quarantined, [12681], [512678],1.0.4808
Module: 2
PUP.Optional.SpecialSearchOffer, C:\PROGRAM FILES (X86)\BROWSESAFER\BROWSERSAFER.EXE, Quarantined, [1679], [512255],1.0.4808
PUP.Optional.BrowserSafer, C:\PROGRAM FILES (X86)\BROWSESAFER\BROWSERSAFERMNGR.EXE, Quarantined, [12681], [512678],1.0.4808
Registry Key: 0
(No malicious items detected)
Registry Value: 1
PUP.Optional.BrowserSafer, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|BrowseSafer, Quarantined, [12681], [512678],1.0.4808
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 1
Adware.BrowserSafer, C:\PROGRAMDATA\BROWSERSAFER, Quarantined, [754], [432146],1.0.4808
File: 4
Adware.BrowserSafer, C:\ProgramData\BrowserSafer\Backup.dat, Quarantined, [754], [432146],1.0.4808
PUP.Optional.SpecialSearchOffer, C:\PROGRAM FILES (X86)\BROWSESAFER\BROWSERSAFER.EXE, Quarantined, [1679], [512255],1.0.4808
PUP.Optional.BrowserSafer, C:\PROGRAM FILES (X86)\BROWSESAFER\BROWSERSAFERMNGR.EXE, Quarantined, [12681], [512678],1.0.4808
PUP.Optional.BrowserSafer, C:\DOWNLOADS\CPPINSTALLER.EXE, Quarantined, [12681], [512676],1.0.4808
Physical Sector: 0
(No malicious items detected)
(end)
You may see these entries in FRST logs:
() C:\Program Files (x86)\BrowseSafer\BrowserSafer.exe (InstallerTech Co.) C:\Program Files (x86)\BrowseSafer\BrowserSaferMngr.exe HKLM\...\Run: [BrowseSafer] => "C:\Program Files\BrowseSafer\BrowserSaferMngr.exe" HKLM-x32\...\Run: [BrowseSafer] => C:\Program Files (x86)\BrowseSafer\BrowserSaferMngr.exe [3008928 2018-03-09] (InstallerTech Co.) ProxyEnable: [.DEFAULT] => Proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:13101 ProxyEnable: [S-1-5-21-1350903546-318028887-1286703239-1003] => Proxy is enabled. ProxyServer: [S-1-5-21-1350903546-318028887-1286703239-1003] => http=127.0.0.1:13101 ManualProxies: 1http=127.0.0.1:13101 R2 BrowserSafer; C:\Program Files (x86)\BrowseSafer\BrowserSafer.exe [4137376 2018-03-09] () [File not signed] C:\ProgramData\boost_interprocess C:\ProgramData\BrowserSafer C:\Program Files (x86)\BrowseSafer BrowserSafer (HKLM-x32\...\BrowserSafer) (Version: 2.0.2.4 - BrowserSafer Co ©)
Associated files and folders:
BrowserSaferMngr.exe
%APPDATA%\BrowserSafer
%PROGRAMFILES%\BrowserSafer
Select your language