Home / malware BrowserModifier:Win32/AskToolbarNotifier
First posted on 09 June 2015.
Source: MicrosoftAliases :
There are no other names known for BrowserModifier:Win32/AskToolbarNotifier.
Explanation :
Threat behavior
Installation
This browser modifier is offered to the user when bundled with other programs.
Upon installation, you are prompted to install Search App by Ask
:
When another program attempts to change the home page, default search, or new tabs setting, the browser modifier displays the following warning that there have been changes in the Internet Explorer settings and attempts to revert you back to the Ask
home page:
File Changes
This browser modifier also adds the following folders:
- %ProgramFiles% \AskPartnerNetwork
- %ProgramFiles% \AskPartnerNetwork\Toolbar
- %ALLUSERSPROFILE% \AskPartnerNetwork
- %ALLUSERSPROFILE% \AskPartnerNetwork\Toolbar
- %ALLUSERSPROFILE% \AskPartnerNetwork\Toolbar\ORJ-SPE
- %ALLUSERSPROFILE% \AskPartnerNetwork\Toolbar\ORJ-SPE\CRX
- %ALLUSERSPROFILE% \AskPartnerNetwork\Toolbar\ORJ-SPE\CRX\108.3
- %ALLUSERSPROFILE% \AskPartnerNetwork\Toolbar\ORJ-SPE\Updater
- %ALLUSERSPROFILE% \AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Config
- %ALLUSERSPROFILE% \AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Response
It also adds the following files:
- %ProgramFiles% \AskPartnerNetwork\Toolbar\apnmcp.exe
- %ProgramFiles% \AskPartnerNetwork\Toolbar\APNSetup.exe
- %ProgramFiles% \AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll
- %ProgramFiles% \AskPartnerNetwork\Toolbar\ORJ-SPE\Source\1031.mst
- %LOCALAPPDATA% \AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe
- %LOCALAPPDATA% \AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll
- %ALLUSERSPROFILE% \AskPartnerNetwork\Toolbar\ORJ-SPE\CRX\108.3\Toolbar.crx
- %ALLUSERSPROFILE% \AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Config\Config.31.15.1.0-5.xml
- %ALLUSERSPROFILE% \AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Config\Config.31.18.0.0-5.xml
- %ALLUSERSPROFILE% \AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Response\Response.31.18.0.0-0.xml
Related information
- A timeline of consent and control provides an overview of Microsoft's BrowserModifier detection criteria.
- Detection changes: search protection code provides an overview of Microsoft's detection criteria update for browser search protection functionality.
Analysis by Karthleen Mae Notario
Symptoms
The following can indicate that you have this program on your PC:
- You might have a browser extension, toolbar, or add-on installed and enabled without your consent. See the section Threat behavior
above for examples of these prompts.Last update 09 June 2015