5/5 - (1 votes)

BOBROWSER, ADVERTISING SOFTWARE (ADWARE)

The BoBrowser program belongs to a family of Advertising Software (Adware). More precisely it presents the characteristics of adware Boxore.

It can display ads in the form of coupons and banner ads in the form of popups. These ads are generally signed with the words “Powered by”, “Brought to you by” or “Ads by”, followed by the name of the adware. Some security solutions, such as Malwarebytes, classify this software as Potentially Unwanted Optional Software (PUP/LPI).

This program is classified in the category of advertising software (Adware), from the English "ADS" short for the English Advertissement (Promotional poster). Adware usually installs as a program or browser extension and is loaded every time the system starts. They can launch services, start scheduled tasks, and create shortcuts on your Desktop. All these operations are done with or without your consent according to the terms of its user contract. Once installed, adware can modify certain settings of your browsers such as search pages, the start page or even your "404" error page. Adware can collect your browsing habits and communicate them to a server using the tracking method because it is most often a marketing solution aimed at retaining customers.

While browsing, it generally displays ads in the form of coupons and advertising banners in the form of popups. These ads are generally signed with the words "Powered by", "Brought to you by" or "Ads by", followed by the name of the adware. But some adware exaggerates the size and frequency of displaying ads, which can harm the speed of Internet browsing and the visibility of the content of the pages consulted. Please also note that the advertising publisher may decline any responsibility for the content of the links targeted by its advertisements. Ultimately, the goal of these programs is to make money by driving web traffic to sponsored sites. Some adware is installed via packaged software and are not necessarily wanted by the user and antiviruses generally classify them as Potentially Unwanted Software (LPI/PUP).
[the_ad id = "33969"]

Potentially unwanted software (LPI) or Potentialy Unwanted Programs (PUP) are the cause of many infections. The most common example is adware. InstallCore, Crossrider, Graftor ou Boxore which pollute the Registry and your data storage units. They are usually installed without your knowledge by downloading freeware. Indeed some sites use the repackaging method, an operation which consists of redoing the software installation module by adding download options. These options allow you to add other software such as browser toolbars, adware, potentially unwanted software, intrusive advertising software, or even browser hijackers.

Spyware (spyware) and adware (adwares) unwanted files, just like malware, can use the writing flaws of legitimate software or those of operating systems. It is therefore essential to have official software and that it has automatic updating. Likewise, your Windows operating system must be programmed in automatic update mode and activated, so that you can have the latest updates for critical security vulnerabilities.

TECHNICAL ELEMENTS

Features

– It installs as a process launched at system startup (RP),
– It installs an extension program for the Google Chrome (G2) browser,
- It installs a Mozilla Firefox (P2) browser plugin,
- It is installed in the Registry Base in order to be launched each time the system starts (O4),
- Substitution of Winsock keys with a malware resource (O10),
- It is installed as a service to be launched each time the system starts (O23), (SS/SR),
- It starts a scheduled task automatically (O38),
- It installs as a program (O42)
- It creates a ShareTools MSconfig StartupReg (O53) registry key,
– It creates “Software” registry keys,
– Adds additional folders (O43),
– It creates multiple user files (O61),
– It creates a Legacy key in the Registry pointing to a malware service (O64),
– It creates multiple files (O43)(O88)
– It places an MSI package file in the Installer system folder (O93)

Preview in reports

Recorded on 10/11/2014
[MD5.1B7263F59C7AEB95664B338846BC5F3E] – (.The BoBrowser Authors – BoBrowser.) — C:\Users\JIMMY\AppData\Local\BoBrowser\Application\bobrowser.exe [7353992] [PID.17592]
O4 – HKCU\..\Run: [BoBrowser] . (.The BoBrowser Authors – BoBrowser.) — C:\Users\Coolman\AppData\Local\BoBrowser\Application\bobrowser.exe
O4 – HKUS\S-1-5-21-1769541153-1675505367-3705700697-1001\..\Run: [BoBrowser] . (.The BoBrowser Authors – BoBrowser.) — C:\Users\Coolman\AppData\Local\BoBrowser\Application\bobrowser.exe
[HKCU\Software\BoBrowser]
O43 – CFD: 04/11/2014 – 11:08:18 – [] —-DC:\Users\Coolman\AppData\Local\BoBrowser
[MD5.05AD6DFEC9D08F7B95A2B35C47A02F5B] – (.The BoBrowser Authors – BoBrowser.) — C:\Users\Coolman\AppData\Local\BoBrowser\Application\bobrowser.exe [7348224] [PID.396]
O68 – StartMenuInternet: [HKLM\..\Shell\open\Command] (.The BoBrowser Authors – BoBrowser.) — C:\Users\Coolman\AppData\Local\BoBrowser\Application\bobrowser.exe
HKLM\SOFTWARE\MICROSOFT\MEDIAPLAYER\SHIMINCLUSIONLIST\bobrowser.exe

Recorded on 31/10/2017
O38 – TASK: {5005EE11-E429-410D-80DB-83FE30A03D32} [64Bits][\{2CE1CCC3-12E4-4FAA-8E82-17326D69DF5D}] – (.SkypeSetup – .) — c:\users\Coolman\appdata\local\bobrowser\application\bobrowser.exe
O38 – TASK: {58D11EDA-EBD8-4129-A76A-D21AF44BEF5D} [64Bits][\{70AEFE6B-9ECE-4A42-AB65-DE94277A5368}] – (.SkypeSetup – .) — c:\users\Coolman\appdata\local \bobrowser\application\bobrowser.exe
C:\WINDOWS\System32\Tasks\{2CE1CCC3-12E4-4FAA-8E82-17326D69DF5D}
C:\WINDOWS\System32\Tasks\{70AEFE6B-9ECE-4A42-AB65-DE94277A5368}