PUA

PUP.Optional.BrowserSafer removal instruction

Malware Removal

The PUP.Optional.BrowserSafer is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What PUP.Optional.BrowserSafer virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Presents an Authenticode digital signature
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • HTTPS urls from behavior.
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Attempts to modify proxy settings
  • Collects information to fingerprint the system

How to determine PUP.Optional.BrowserSafer?



File Info:

name: D64CBE663652BBCC1989.mlw
path: /opt/CAPEv2/storage/binaries/c182fb66710705e3c27aa8e968ee44ef5af0c201cc35c1f2ec86b3c30697d67b
crc32: D64B8E7A
md5: d64cbe663652bbcc198982530116c4a4
sha1: ab9fa3e46c551aa20bcd6e4585232db35be51088
sha256: c182fb66710705e3c27aa8e968ee44ef5af0c201cc35c1f2ec86b3c30697d67b
sha512: 7e3008952a39402f8c5e0fc06f52fadafadd0e2ddf332dcabbb5dab4e7da2a840624b5224064042edbdd4260d38f30a7ce920e6ed5c4ea56040a36b75b1354ae
ssdeep: 49152:vthgeWVWbedTZWoSSyC/8m8DRiAHpLYCMs0PlYrIuLCEolEECmPh:FhgvWIVW9Q8m+MAHpLnMJPuIuLC7lnCY
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T136D59E11BED28973D4671371995AF13D32ACEA301F3980D7A3D46B2C2E741E26A3593B
sha3_384: 137d7a7f526cb1fc44e3ce78d435e5b416c58443b8fe2940c88df83d7f00d3435289b395bf66764f04c5a44aa797db80
ep_bytes: e8ee060000e98efeffffff25105b5e00
timestamp: 2018-01-26 19:32:18


Version Info:

Comments: BS protection manager
CompanyName: InstallerTech Co.
FileDescription: BS protection manager
FileVersion: 2.0.2.4
InternalName: BrowserSaferExe.exe
LegalCopyright: Copyright InstallerTech Co. 2014
OriginalFilename: BrowserSaferExe.exe
ProductName: BrowserSafer
ProductVersion: 2.0.2.4
Translation: 0x0409 0x04e4

PUP.Optional.BrowserSafer also known as:

LionicRiskware.Win32.OpenSUpdater.1!c
Elasticmalicious (high confidence)
DrWebAdware.Downware.18830
MicroWorld-eScanGen:Variant.Graftor.462585
McAfeePUP-XEC-BT
CylanceUnsafe
ZillyaAdware.OpenSUpdater.Win32.3671
K7AntiVirusAdware ( 00513b771 )
AlibabaAdWare:Win32/OpenSUpdater.9aca6980
K7GWAdware ( 00513b771 )
Cybereasonmalicious.63652b
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of Win32/Adware.OpenSUpdater.AP
TrendMicro-HouseCallTROJ_GEN.R002C0OH121
Paloaltogeneric.ml
BitDefenderGen:Variant.Graftor.462585
NANO-AntivirusRiskware.Win32.OpenSUpdater.exnioe
AvastWin32:Adware-gen [Adw]
TencentMalware.Win32.Gencirc.10b49b4c
Ad-AwareGen:Variant.Graftor.462585
SophosGeneric PUA KL (PUA)
VIPRETrojan.Win32.Generic!BT
TrendMicroTROJ_GEN.R002C0OH121
McAfee-GW-EditionPUP-XEC-BT
FireEyeGen:Variant.Graftor.462585
EmsisoftApplication.Updater (A)
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Graftor.462585
MAXmalware (ai score=87)
ArcabitTrojan.Graftor.D70EF9
MicrosoftTrojan:Win32/Occamy.CC1
AhnLab-V3PUP/Win32.Helper.R301318
VBA32BScope.Adware.Searcher
ALYacGen:Variant.Graftor.462585
MalwarebytesPUP.Optional.BrowserSafer
APEXMalicious
RisingTrojan.Generic@ML.93 (RDMK:LmAGnPnqvL0X0aDwkpi0OA)
IkarusPUA.OpenSUpdater
FortinetRiskware/OpenSUpdater
AVGWin32:Adware-gen [Adw]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_60% (D)

How to remove PUP.Optional.BrowserSafer?

PUP.Optional.BrowserSafer removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment