SpywareNews-Browser Aid

Spyware Information

Name:		Browser Aid

Threat Level:

Category:		Adware

Aliases:		App/Bpinst-A CashToolbar QuickLaunch BrowserPal. Sophos anti-virus detects the BrowserPal installer as App/Bpinst-A.

Variants:		BrowserAid/ABCSearch offers a 'Power Search' feature when right-clicking a selection. BrowserAid/CashToolbar, BrowserAid/LetsSearch and BrowserAid/QuickLaunch are minor variations on an adware theme. The toolbar opens untargeted pop-up adverts periodically when IE is open. LetsSearch hijacks home page and search settings to point to searchmadesafe.com; QuickLaunch points at quicklaunch.com. BrowserAid/BrowserPal offers pop-up blocking features. It is a later version of BrowserAid/pStopper, a pop-up blocker which is not known to have been stealth-installed. BrowserAid/Rundll16 is a smaller parasite that only opens pop-ups; it does not include a toolbar component. It hides in the Windows folder under the name 'rundll16', which is not a system file, but is a filename also used by other malware (eg. SubSeven trojan, Roron worm, ZMorph virus). BrowserAid/FeaturedResults is a search result hijacker. Perform a search at Google and it will pop up a window with no browser controls from featured-results.com, containing advertiser links dressed up to look like Google search results.

Spyware Characteristics

Description:		BrowserAid is a manufacturer of various Internet Explorer toolbars, most of which seem to be installed sneakily.

Properties:		Stays resident in background. Stealth: hides itself from user. Show advertisements. Makes changes to browser settings.

What it does?

Advertising:		Yes, pop-ups in the CashToolbar, LetsSearch, QuickLaunch and Rundll16 variants. Suspected in the BrowserPal variant. The terms of use at the BrowserPal site state the software may itself show pop-up or other advertising, and may hijack your homepage periodically. However this has not been observed to happen at the time of writing. BrowserPal will also occasionally ask you for e-mail addresses to advertise itself to.

Privacy violation:		Yes, Suspected in the BrowserPal variant. Again, the terms of use states that any page titles, URLs and keywords in body text may be sent to BrowserAid and used to profile you, but this has not yet been seen to happen.

Security issues:		Yes, The software can download and execute arbitrary code from its controlling server, as an update feature. The terms of use of the BrowserPal variant state this may also be used to install any other third-party software.

Stability problems:		None known.

Method of infection

The CashToolbar, ABCSearch and QuickLaunch and LetsSearch variants are suspected of having been installed by ActiveX drive-by download on pop-up adverts.

BrowserAid/QuickLaunch and (possibly also LetsSearch) are pointed to by junk e-mails purporting to be an IE toolbar update or virus removal tool from Microsoft.

BrowserAid/BrowserPal was installed by the FavoriteMan parasite from March 2003.

The method of infection of the Rundll16 variant is currently unknown. BrowserAid/FeaturedResults is believed to be installed by BrowserAid/Rundll16.

LetsSearch site may automatically install BrowserAid/LetsSearch if you are using Internet Explorer with too-large security settings.

Removal Instructions

bulletproofsoft.com "Spyware Remover" is the best tool for the removal of this spyware.

Links

Site:		http://www.browseraid.com/index2.htm CashToolbar, ABCSearch, BrowserPal, LetsSearch and pStopper official sites.