Home / malware Adware:Win32/BrowseToSave
First posted on 01 November 2013.
Source: MicrosoftAliases :
There are no other names known for Adware:Win32/BrowseToSave.
Explanation :
Threat behavior
Adware:Win32/BrowseToSave is a program that injects ads into websites.
Installation
When Adware:Win32/BrowseToSave is installed, the following files are also created in your PC:
- %ProgramFiles% \BrowseToSave\<random file name>.dat
- %ProgramFiles% \BrowseToSave\<random file name>.exe
- %ProgramFiles% \BrowseToSave\<random file name>.tlb
Note that this program might create more than one DAT and EXE file in this folder.
This program also creates registry subkeys and entries so that it runs as a browser add-on:
- HKLM\Software\Classes\clsid\{36156EA0-791C-9E79-F53F-C665CBABA50C} and all its associated subkeys and entries
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{36156EA0-791C-9E79-F53F-C665CBABA50C} and all its associated subkeys and entries
- HKLM\Software\Classes\BrowseToSave.BrowseToSave and all its associated subkeys and entries
- HKLM\Software\Classes\BrowseToSave.BrowseToSave.4.0 and all its associated subkeys and entries
You can see this add-on in Internet Explorer by clicking the gear icon and clicking Manage add-ons:
The installer might add this program to the list of programs in your PC as "BrowseToSave". It also creates an uninstall entry with the same name in your Add or remove programs list.
Behavior
Once installed, this program injects ads into websites, as in this example:
Analysis by Aaron Hulett
Symptoms
The following could indicate that you have this program on your PC:
- You see ads pop up on your browser with small print saying "Ads not by this Site"
- You have the program "BrowseToSave" in your list of programs installed in your PC:
Last update 01 November 2013
