Home / malware PUA:Win32/RelevantKnowledge
First posted on 24 March 2019.
Source: MicrosoftAliases :
PUA:Win32/RelevantKnowledge is also known as not-a-virus:AdWare.Win32.Agent.hajq, Proxy-OSS, a variant of Win32/Adware.RK.AE application, Generic Proxy-OSS Application, ADW_RELEKNOW, Backdoor.Farfri!4943, Gen:Variant.Adware.Graftor.172424, Spyware.Marketscore.
Explanation :
Installation
This application can be downloaded from websites that offer third-party software downloads. For example, we have seen it downloaded from:
www.opinionsquare.com www.digitalreflectionpanel.com www.permissionresearch.com www.ipsos-mori.com
We have seen this application use the following file names:
JRT.exe JRT (1).exe OSSetup.exe JRT(1).exe JRT (2).exe PRSetup.exe InstallCert.exe JRT_6.1.4.exe
It can be digitally signed by the following vendors:
TMRG Inc. VoiceFive Networks, Inc. TMRG, Inc. VoiceFive, Inc. VASSANA KONGSOONGNERN
We have seen this application using product names such as:
Relevant-Knowledge PremierOpinion OpinionSquare PermissionResearch rkverify
This application communicates with domains such as:
oss-content.securestudies.com rules.securestudies.com oss-survey.securestudies.com hawk.securestudies.com www.relevantknowledge.com
For example:
oss-content.securestudies.com/cidpost oss-content.securestudies.com/cidpost rules.securestudies.com/oss/rule1.asp? Payload
Exhibits suspicious behaviors
We have observed this application exhibit the following potentially unwanted behavior on PCs:
Injects into other processes on your system Changes your browser's shortcuts - often this can be used to take over your homepage by adding command-line arguments that change how the page is loaded Installs extensions into your browsers - often this is used to inject ads, add toolbars, or change how your browser works Modifies your browser proxy settings to local host - this is commonly used to inject ads into your browsers
Installs other programs
We have seen this application install other software on your PC. Some of these applications might be bundled during the installation process and not intended to be installed. We have seen it installing programs such as:
PremierOpinion RelevantKnowledge Internet Download Manager HTML5 Video Player 1.2.5 NVIDIA Virtual Audio 1.2.40
This description was published using automated analysis.Last update 24 March 2019