You are reading 0 threads
  • Author
    Messages
    • #27593
      Nicholas Coolman
      Key Master

      The programme VeriBrowse falls into the category of Potentially Unwanted Optional Software (LPI/PUP).

      LPIs, or PUPs, typically install as a program or browser extension and are loaded each time the operating system is started.


      Potentially Unwanted Software (PUP/LPI) can launch services, start scheduled tasks, and create shortcuts on your Desktop. All these operations are done with or without your consent according to the terms of its user contract. Once installed, an LPI can modify certain parameters of your browsers such as search pages, the start page or even your error page. It can collect your browsing habits and communicate them to a server using the tracking method. While browsing, it may display advertisements (coupons) and advertising banners (popups). The goal of this program is often to make money by generating web traffic to sponsored sites.


      Potentially unwanted software (LPI) or Potentialy Unwanted Programs (PUP) are the cause of many infections.
      The most common example is adware. InstallCore, Crossrider, Graftor ou Boxore which pollute the Registry and your data storage units. They are usually installed without your knowledge by downloading freeware. Indeed some sites use the repackaging method, an operation which consists of redoing the software installation module by adding download options. These options allow you to add other software such as browser toolbars, adware, potentially unwanted software, intrusive advertising software, or even browser hijackers.


      Spyware (spyware) and adware (adwares) unwanted files, just like malware, can use the writing flaws of legitimate software or those of operating systems. It is therefore essential to have official software and that it has automatic updating. Likewise, your Windows operating system must be programmed in automatic update mode and activated, so that you can have the latest updates for critical security vulnerabilities.

      Main actions:
      - It is installed as Browser Helper Object (BHO) of Internet Browser (O2),
      - It is installed in the Registry Base in order to be launched each time the system starts (O4),
      - It is installed as a service to be launched each time the system starts (O23), (SS/SR),
      - It installs as a program (O42)
      - Adds additional folders (O43),
      – It creates multiple files and folders (O88),

      ZHPDiag overview:
      [MD5.9BD97CFE375B3BF741768E4C0B311C56] – (…) — C:\Program Files\di3VeriBrowse\di4VeriBrowseD.exe [98304] [PID.2032]
      O2 – BHO: VeriBrowse – {203567BE-8826-2295-90A9-F5D404EB2523}. (…) — C:\Program Files\di3VeriBrowse\175.dll
      O23 – Service: VeriBrowse (VeriBrowse). (…) – C:\Program Files\di3VeriBrowse\di0VeriBrowselt175.exe
      [MD5.3A42F4019831396F51726EDFBB41672C] [APT] [VeriBrowse Update] (…) — C:\Program Files\di3VeriBrowse\di3VeriBrowseT83.exe [405504]
      [MD5.9BD97CFE375B3BF741768E4C0B311C56] [APT] [VeriBrowse_wd] (…) — C:\Program Files\di3VeriBrowse\di4VeriBrowseD.exe [98304]
      O39 – APT: VeriBrowse Update – (…) — C:\Windows\Tasks\VeriBrowse Update.job [380]
      O39 – APT: VeriBrowse Update – (…) — C:\Windows\System32\Tasks\VeriBrowse Update [380]
      O39 – APT: VeriBrowse_wd – (…) — C:\Windows\Tasks\VeriBrowse_wd.job [360]
      O39 – APT: VeriBrowse_wd – (…) — C:\Windows\System32\Tasks\VeriBrowse_wd [360]
      O42 – Software: VeriBrowse – (.VeriBrowse-software.) [HKLM] — 4FEF0052-74F2-99D9-2024-C6216DB55976
      O43 – CFD: 11/07/2014 – 11:48:27 – [] —-D C:\Program Files\di3VeriBrowse
      SR – | Auto 11/07/2014 158208 | (VeriBrowse). (…) – C:\Program Files\di3VeriBrowse\di0VeriBrowselt175.exe
      [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{203567BE-8826-2295-90A9-F5D404EB2523}]
      [HKLM\Software\Classes\CLSID\{203567BE-8826-2295-90A9-F5D404EB2523}]
      [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{203567BE-8826-2295-90A9-F5D404EB2523}]
      [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{203567BE-8826-2295-90A9-F5D404EB2523}]
      [HKLM\SYSTEM\CurrentControlSet\Services\VeriBrowse]
      C:\Program Files\di3VeriBrowse\di3VeriBrowseT83.exe
      C:\Program Files\di3VeriBrowse\di4VeriBrowseD.exe
      C:\Windows\System32\Tasks\VeriBrowse_wd
      C:\Windows\Tasks\VeriBrowse_wd.job
      C:\Windows\System32\Tasks\VeriBrowse Update

      Alias:
      Adware.AddLyrics
      PUP.Optional.VeriBrowse.A
      Adware: Win32 / AddLyrics
      Application.Win32.Adware.WDUnlocker [Comodo Security]
      Gen:Variant.Adware.Graftor [G-Data]
      Gen:Variant.Adware.Graftor [Bitdefender
      Gen:Variant.Adware.Graftor [Lavasoft Ad-Aware]
      Gen:Variant.Adware.Graftor[F-Secure]
      Gen:Variant.Adware.Graftor[Emsisoft Anti-Malware]
      Trojan/Win32.TSGeneric [Antiy Labs AVL]
      Adware.Win32.AddLyrics [Baidu Antivirus]

      Diagnose with ZHPSuite...  Uninstall with Windows...  Delete with ZHPCleaner...  Remove with Malwarebytes...

      Free support forum
      Nicholas Coolman

You are reading 0 threads
  • You must be logged in to reply to this topic.
Back to top