Home / malwarePDF  

Adware:Win32/BetterSurf


First posted on 07 December 2013.
Source: Microsoft

Aliases :

There are no other names known for Adware:Win32/BetterSurf.

Explanation :

Threat behavior

Installation

Adware:Win32/BetterSurf usually arrives with software bundlers that offer free applications or games.

When run, the installer for BetterSurf adds a plugin to Internet Explorer, Firefox, and Chrome. An example of the plugin installed into Internet Explorer is as follows:



The program installs itself into one of these folders:

  • %ProgramFiles% \bettersurf
  • %ProgramFiles% \better-surf


And the following files will be created in one of those folders mentioned above:

  • \ch\Chrome.crx
  • \ff\Better-Surf.xpi
  • \ff\build.cmd
  • \ff\chrome\content\better-surf.js
  • \ff\chrome\content\firefox.js
  • \ff\chrome\content\overlay.xul
  • \ff\chrome.manifest
  • \ff\install.rdf
  • \ie\BetterSrf.dll


Once the Chrome plugin is installed, it creates the following folder on your PC:

  • %LOCALAPPDATA% \Google\Chrome\User Data\Default\Extensions\poheodfamflhhhdcmjfeggbgigeefaco


Execution

BetterSurf displays ads to you as you browse the Internet, both in websites and on search engine results, as in the following examples; the ads in the red box are the ones from BetterSurf:





It may also sometimes redirect you from where you wanted to go, and instead ask you to install software on your PC or ask you to complete surveys. An example of a redirection to a website that is designed to look similar to Windows to convince the user to download additional software is as follows:



Downloading and running this update will may install more potentially unwanted applications on your PC.

Recommendations

Do not install applications from untrusted sources. We recommended you download applications directly from the vendor. Downloading free applications online like video players, video codecs, and free games can expose you to a large risk of installing potentially unwanted software at the same time.



Analysis by Geoff McDonald

Symptoms

The following could indicate that you have this program on your PC:

  • You have one of these folders:
    • %ProgramFiles%\bettersurf
    • %ProgramFiles%\better-surf
  • You see these pop-up ads:





  • You see this add-on in Internet Explorer:



Last update 07 December 2013

 

TOP

Malware :