Home / malwarePDF  

BrowserModifier:Win32/AskToolbarNotifier


First posted on 09 June 2015.
Source: Microsoft

Aliases :

There are no other names known for BrowserModifier:Win32/AskToolbarNotifier.

Explanation :

Threat behavior

Installation

This browser modifier is offered to the user when bundled with other programs.

Upon installation, you are prompted to install Search App by Ask
:





When another program attempts to change the home page, default search, or new tabs setting, the browser modifier displays the following warning that there have been changes in the Internet Explorer settings and attempts to revert you back to the Ask
home page:






File Changes

This browser modifier also adds the following folders:

  • %ProgramFiles% \AskPartnerNetwork
  • %ProgramFiles% \AskPartnerNetwork\Toolbar
  • %ALLUSERSPROFILE% \AskPartnerNetwork
  • %ALLUSERSPROFILE% \AskPartnerNetwork\Toolbar
  • %ALLUSERSPROFILE% \AskPartnerNetwork\Toolbar\ORJ-SPE
  • %ALLUSERSPROFILE% \AskPartnerNetwork\Toolbar\ORJ-SPE\CRX
  • %ALLUSERSPROFILE% \AskPartnerNetwork\Toolbar\ORJ-SPE\CRX\108.3
  • %ALLUSERSPROFILE% \AskPartnerNetwork\Toolbar\ORJ-SPE\Updater
  • %ALLUSERSPROFILE% \AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Config
  • %ALLUSERSPROFILE% \AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Response


It also adds the following files:

  • %ProgramFiles% \AskPartnerNetwork\Toolbar\apnmcp.exe
  • %ProgramFiles% \AskPartnerNetwork\Toolbar\APNSetup.exe
  • %ProgramFiles% \AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll
  • %ProgramFiles% \AskPartnerNetwork\Toolbar\ORJ-SPE\Source\1031.mst
  • %LOCALAPPDATA% \AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe
  • %LOCALAPPDATA% \AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll
  • %ALLUSERSPROFILE% \AskPartnerNetwork\Toolbar\ORJ-SPE\CRX\108.3\Toolbar.crx
  • %ALLUSERSPROFILE% \AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Config\Config.31.15.1.0-5.xml
  • %ALLUSERSPROFILE% \AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Config\Config.31.18.0.0-5.xml
  • %ALLUSERSPROFILE% \AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Response\Response.31.18.0.0-0.xml


Related information
  • A timeline of consent and control provides an overview of Microsoft's BrowserModifier detection criteria.
  • Detection changes: search protection code provides an overview of Microsoft's detection criteria update for browser search protection functionality.




Analysis by Karthleen Mae Notario

Symptoms

The following can indicate that you have this program on your PC:

  • You might have a browser extension, toolbar, or add-on installed and enabled without your consent. See the section Threat behavior
    above for examples of these prompts.

Last update 09 June 2015

 

TOP

Malware :