Home / malware Adware:Win32/BrowserShop
First posted on 17 December 2014.
Source: MicrosoftAliases :
There are no other names known for Adware:Win32/BrowserShop.
Explanation :
Threat behavior
Installation
This threat can create files on your PC, including:
- %ProgramFiles%\birowser shop\z7eiujxtp.dll
- %ProgramFiles%\birowser shop\z7eiujxtp.x64.dll
\birowser shop\4uhfhavajm.exe
Payload
Displays ads that you can't control
This program can show you extra ads. These ads can appear:
- In your web browser: such as search helpers, hover links, and banner ads.
- Outside of your web browser: such as pop ups, balloon ads, and toast notifications.
These advertisements would not be shown if this program wasn't installed on your PC.
Creates an uninstaller
This threat can create an uninstaller by modifying the registry. For example:
In subkey: HKLM\software\microsoft\windows\currentversion\uninstall\{ad11dade-c597-45d9-d8c5-1d2eb0b89613}
Sets value: "UninstallString"
With data: ""\birowser shop\4uhfhavajm.exe" /s /n /i:"executecommands;uninstallcommands" "%ALLUSERSPROFILE%\application data\birowser shop\4uhfhavajm.exe""
Additional information
Creates a mutex
This threat can create a mutex on your PC. For example:
- Global\{60430AFC-AA55-41bd-94C6-E2020CE1C711}
It might use this mutex as an infection marker to prevent more than one copy of the threat running on your PC.
This malware description was published using automated analysis of file SHA1 18ac5fb8b8a5962d3af8d7a3e1936f4ac482a04e. Symptoms
The following can indicate that you have this threat on your PC:
- You see these files:
- %ProgramFiles%\birowser shop\z7eiujxtp.dll
- %ProgramFiles%\birowser shop\z7eiujxtp.x64.dll
\birowser shop\4uhfhavajm.exe
- You see registry modifications such as:
- In subkey: HKLM\software\microsoft\windows\currentversion\uninstall\{ad11dade-c597-45d9-d8c5-1d2eb0b89613}
Sets value: "UninstallString"
With data: ""\birowser shop\4uhfhavajm.exe" /s /n /i:"executecommands;uninstallcommands" "%ALLUSERSPROFILE%\application data\birowser shop\4uhfhavajm.exe""
- You see a mutex such as:
- Global\{60430AFC-AA55-41bd-94C6-E2020CE1C711}
Last update 17 December 2014