Home / malware PUA:Win32/Findwide
First posted on 01 July 2016.
Source: MicrosoftAliases :
There are no other names known for PUA:Win32/Findwide.
Explanation :
Installation
This application can be downloaded from websites that offer third-party software downloads. For example, we have seen it downloaded from:
- mirror.downloadnet306.com
We have seen this application use the following file names:
- ResetBrowsers.exe
- FindWide-TB10418.exe
It can be digitally signed by the following vendors:
- eShield
- FindWide
- Freshy
- Search.us.com
- Cornbread Media
We have seen this application using product names such as:
- Eshield
- Findwide Toolbar
- Freshy.com Toolbar
- Search.Us.com Toolbar
- Eshield Toolbar
This application communicates with domains such as:
- f.services.eshield.com
- eshield.com
- staging.admin.eshield.com
For example:
- f.services.eshield.com/toolbar-files/search_eng.bin
- eshield.com/assets/eshield-logo.png
- eshield.com/uninstall/
Payload
Exhibits suspicious behaviors
We have observed this application exhibit the following potentially unwanted behavior on PCs:
- Injects into other processes on your system
- Changes your browser's default homepage settings
- Changes your browser's default new tab page settings
- Changes your browser's default search provider settings
- Installs extensions into your browsers - often this is used to inject ads, add toolbars, or change how your browser works
Installs other programs
We have seen this application install other software on your PC. Some of these applications might be bundled during the installation process and not intended to be installed. We have seen it installing programs such as:
- eShield Browser Security
- TNT2-11433 Toolbar
- eShield Toolbar for IE
- Findwide Toolbar
This description was published using automated analysis.Last update 01 July 2016
