NEWS
PARASITES
SOFTWARE
FORUM
DIRECTORY

 
 
 
 
 
 
  

Remove BrowserAid. Description and removal instructions

 
Title: BrowserAid
Type: Adware
Severity scale:BrowserAid severity is 34  (34 / 100)
 
BrowserAid is an adware parasite that displays undesirable commercial advertisements and redirects a web browser to predefined sites. It works as an additional Internet Explorer toolbar and has the ability to update itself via the Internet. BrowserAid can get into the system from some advertising Internet resources. Once executed, it installs harmful files and adds lots of registry entries in order to register itself as a browser add-on. BrowserAid runs on every Windows startup.

FORUM:
Discuss BrowserAid in
spyware removal forum

BrowserAid properties:
• Changes browser settings
• Shows commercial adverts
• Connects itself to the internet
• Stays resident in background

Automatic BrowserAid removal:

remover for BrowserAid

BrowserAid manual removal:

Kill processes:
uptodate.exe
HELP:
how to kill malicious processes

Delete registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rundll32_7=rundll32.exe C:\WINDOWS\System32\msiefr40.dll,DllRunServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{12EE7A5E-0674-42f9-A76B-000000004D00}=rundll32.exe stlb2.dll,DllRunMain
HKEY_CLASSES_ROOT\_ATL_GENERATED.SearchToolbarBHO
HKEY_CLASSES_ROOT\_ATL_GENERATED.SearchToolbarBHO.1
HKEY_CLASSES_ROOT\_ATL_GENERATED.SearchToolbarName
HKEY_CLASSES_ROOT\_ATL_GENERATED.SearchToolbarName.1
HKEY_CLASSES_ROOT\BrowserAidToolbar.Helper
HKEY_CLASSES_ROOT\BrowserAidToolbar.Helper.1
HKEY_CLASSES_ROOT\BrowserAidToolbar.IEShower
HKEY_CLASSES_ROOT\BrowserAidToolbar.IEShower.1
HKEY_CLASSES_ROOT\BrowserAidToolbar.IEToolBar
HKEY_CLASSES_ROOT\BrowserAidToolbar.IEToolBar.1
HKEY_CLASSES_ROOT\My404.Bho404
HKEY_CLASSES_ROOT\My404.Bho404.1
HKEY_CLASSES_ROOT\bho.FResultsRequest
HKEY_CLASSES_ROOT\bho.FResultsRequest.1
HKEY_CLASSES_ROOT\Bho.FeaturedResultsBHO
HKEY_CLASSES_ROOT\Bho.FeaturedResultsBHO.1
HKEY_CLASSES_ROOT\bho.FResultsRequestDispatcher
HKEY_CLASSES_ROOT\bho.FResultsRequestDispatcher.1
HKEY_CLASSES_ROOT\bho.IAdvertisementBHO
HKEY_CLASSES_ROOT\bho.IAdvertisementBHO.1
HKEY_CLASSES_ROOT\AppID\bho.DLL
HKEY_CLASSES_ROOT\AppID\My404.DLL
HKEY_CLASSES_ROOT\AppID\{418B46A9-5343-4E1A-A654-42B04E3F869E}
HKEY_CLASSES_ROOT\AppID\{87690003-2714-45E7-8A1B-DC0658DE778C}
HKEY_CLASSES_ROOT\CLSID\{087173EF-9829-4F49-8340-A524177D3F60}
HKEY_CLASSES_ROOT\CLSID\{0ddbb570-0396-44c9-986a-8f6f61a51c2f}
HKEY_CLASSES_ROOT\CLSID\{12EE7A5E-0674-42f9-A76A-000000004D00}
HKEY_CLASSES_ROOT\CLSID\{12EE7A5E-0674-42f9-A76B-000000004D00}
HKEY_CLASSES_ROOT\CLSID\{337D0C1D-4053-4FAB-AF2B-45C2F7B0FAA6}
HKEY_CLASSES_ROOT\CLSID\{5F5564AC-DE7A-4DCD-9296-32E71A35DCB6}
HKEY_CLASSES_ROOT\CLSID\{606220AE-90E0-41CA-BF6D-C89272ED680C}
HKEY_CLASSES_ROOT\CLSID\{80672997-D58C-4190-9843-C6C61AF8FE97}
HKEY_CLASSES_ROOT\CLSID\{DBD7AAA2-1725-4663-8C8B-52A840693469}
HKEY_CLASSES_ROOT\CLSID\{E004800A-73C6-4587-B855-98D0CE0C16B1}
HKEY_CLASSES_ROOT\CLSID\{F20AE630-6DE2-43CA-A988-7CD40C36EF0B}
HKEY_CLASSES_ROOT\Interface\{2A167E61-D100-450D-A1B0-6EAF394BCB87}
HKEY_CLASSES_ROOT\Interface\{4A2563C7-FC68-4EE8-A11C-2022EBCC1B0F}
HKEY_CLASSES_ROOT\Interface\{4B0FCEB7-8163-46EE-9EAF-85BD933D0A46}
HKEY_CLASSES_ROOT\Interface\{670801FD-C247-4E44-9424-69E5D77C6725}
HKEY_CLASSES_ROOT\Interface\{8A7D38BE-849D-478F-A7CF-55EC95722358}
HKEY_CLASSES_ROOT\Interface\{E58F4168-608C-45C2-9BFF-061229730B2E}
HKEY_CLASSES_ROOT\Interface\{EE06D877-386F-4A44-A9ED-75EB6C3E7E80}
HKEY_CLASSES_ROOT\Interface\{EE06D877-386F-4A44-A9ED-75EB6C3E7E81}
HKEY_CLASSES_ROOT\Interface\{F8D96098-E9F7-42E1-88F3-A3719D70EA8D}
HKEY_CLASSES_ROOT\TypeLib\{12EE7A5E-0674-42F9-A76C-000000004D00}
HKEY_CLASSES_ROOT\TypeLib\{7313BFD0-62C4-40F4-8041-3FBDBC80AC07}
HKEY_CLASSES_ROOT\TypeLib\{85C2C2A1-3F20-4EAD-ADC3-BD3217391543}
HKEY_CLASSES_ROOT\TypeLib\{BA87B15B-7DE7-4DA4-8BF7-5C616D6C99DA}
HKEY_CURRENT_USER\Software\A70F6A1D-0195-42a2-934C-D8AC0F7C08EB
HKEY_CURRENT_USER\Software\{12EE7A5E-0674-42f9-A76B-000000004D00}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{12EE7A5E-0674-42f9-A76B-000000004D00}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{12EE7A5E-0674-42f9-A76B-000000004D00}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{07B7F771-1B8E-4B7B-823E-FFAC1732AA9E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Currentversion\Explorer\Browser Helper Objects
\{087173ef-9829-4f49-8340-a524177d3f60}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
\{0DDBB570-0396-44C9-986A-8F6F61A51C2F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
\{12EE7A5E-0674-42f9-A76A-000000004D00}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
\{5F5564AC-DE7A-4DCD-9296-32E71A35DCB6}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
\{80672997-D58C-4190-9843-C6C61AF8FE97}
HELP:
how to remove registry entries

Delete files:
uptodate.exe, msiefr40.dll, stlb2.dll, inetp60.dll, e6f1873b.dll
HELP:
how to remove harmful files

Delete directories:
C:\Documents and Settings\[Current User]\Application Data\{12EE7A5E-0674-42F9-A76B-000000004D00}
Misc:
BrowserAid may install all listed objects or add only few of them.

Other programs to remove BrowserAid:

• SUPERAntiSpyware - Review - Download
• CounterSpy - Review - Download
• Windows Defender - Review - Download

Information added: 19/03/04
Information updated: 30/07/05

Additional resources related to BrowserAid:

Attention: If you know or you have a website or page about BrowserAid removal, feel free to add a link to this list: add url



more resources

Post Comment:

Attention: Use this form only if you have additional information about BrowserAid parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.



Enter security code:


Comments from visitors:

1. by Theodoros. 2004-03-01 10:03:51
BrowserAid/ABCSearch offers a 'Power Search' feature when right-clicking a selection.
BrowserAid/CashToolbar, BrowserAid/LetsSearch and BrowserAid/QuickLaunch are minor variations on an adware theme.
The script at this site cannot tell them apart and detects them only as 'BrowserAid'. The toolbar opens untargeted pop-up adverts periodically when IE is open. LetsSearch hijacks home page and search settings to point to searchmadesafe.com; QuickLaunch points at quicklaunch.com.
BrowserAid/BrowserPal offers pop-up blocking features. It is a later version of BrowserAid/pStopper, a pop-up blocker which is not known to have been stealth-installed and is not targeted by the script at this site.
BrowserAid/Rundll16 is a smaller parasite that only opens pop-ups; it does not include a toolbar component. It hides in the Windows folder under the name 'rundll16', which is not a system file, but is a filename also used by other malware (eg. SubSeven trojan, Roron worm, ZMorph virus).
The software can download and execute arbitrary code from its controlling server, as an update feature.
The terms of use of the BrowserPal variant state this may also be used to install any other third-party software.
Related news:
Similar parasites:
Related articles:
Latest Spyware Threats: VirusProtect Pro | VirusLocker | SpyCrush | ContraVirus | SpyLocked | SpyDawn | AntiVerminser | SpywareQuake | VirusBurst | AntiVermins | AntiVermeans | Zlob | PopCorn.net | MovieLand | TagASaurus | BraveSentry | VirusBurster | SystemDoctor | VirusRescue | MalwareWipe | SpySheriff | CmdService | Smitfraud | SpywareStrike | WinFixer | WinHound | PestTrap | UnSpyPC
Agreement of Use | Privacy policy | Webmasters | Contact us | RSS Feeds
© 2001-2008 2-spyware.com All Rights Reserved. Reproduction in part or whole without written permission is prohibited. Powered by: eSolutions.