Should I remove BWSRappSev2?

What percent of users and experts removed it?

88% remove it12% keep it

Overall Sentiment

Bad

What do people think about it?

(click star to rate)

How common is it?

Reach 0.0003%

Versions

Version	Distribution
1.36.01.22	100.00%

Other programs by BrightCircle Investments Limited

BWSRappSev2

from BrightCircle Investments Limited

Remove BWSRappSev2 by BrightCircle Investments ...

What is BWSRappSev2?

This is an adware program that installs as a web browser plugin to inject and display advertisements. Once installed the program will deliver ads including but not limited to banner ads, text-links, coupons and other offers both by injecting them in the user's web browser as well as displaying popups outside of the browser.

Overview

During setup, the program registers itself to launch on boot through a Windows Schedule Task in order to automatically start-up (this is typically done to avoid any UAC prompts). It adds a Browser Helper Object (BHO) to Internet Explorer. In the Mozilla Firefox browser, it will add an add-on. The primary executable is named utils.exe. A majority of users end up uninstalling this less than a week of it being installed. The setup package generally installs about 12 files and is usually about 7.97 MB (8,355,416 bytes).

Malware detected in the program
Automatically starts with Windows
Integrates into the web browser
Typically distributed through a pay-per-install bundle
Injects advertisements unassociated with the underlying web page
The experts agree, you should remove it!

Warning, multiple anti-virus scanners have detected possible malware in BWSRappSev2.

utils.exe (7b3e7c047cc43b0b30ca4c51cc6b0a75) has been flagged by the following 16 scanners:
Anti-Virus software	Version	Detection
Agnitum Outpost	7.1.1	Riskware.VMDetector
avast!	2014.9-150413	Win32:Malware-gen
Baidu-International	4.0.3.15413	PUA.Win32.CrossRider.bBW
Bkav FE	1.3.0.6379	HW32.Packed
Dr.Web	9.0.0.0103	Trojan.Crossrider1.9878
ESET-NOD32	9.11112	Win32/Packed.VMDetector.I potentially unwanted
Fortinet FortiGate	4/13/2015	PossibleThreat
G Data	15.4.25	NSIS.Adware.Crossrider
Malwarebytes	v2015.04.13.03	PUP.Optional.CrossRider.A
McAfee	5600.6797	Artemis!7B3E7C047CC4
McAfee-GW-Edition	7.6797	Artemis
NANO AntiVirus	0.30.0.65070	Trojan.Win32.MLW.dmvkgg
Panda Antivirus	15.04.13.03	Trj/Genetic.gen
Qihoo-360	1.0.0.1015	HEUR/QVM20.1.Malware.Gen
Symantec	4/13/2015 rev. 2	WS.Reputation
TrendMicro-HouseCall	7.2.103	Suspicious_GEN.F47V0123
9ccba8ed-8ce2-4b0a-8136-661ea57bb541-2.exe (610264260378473e3bc7cdd7b93dc45d) has been flagged by the following 41 scanners:
Anti-Virus software	Software version	Detection
Lavasoft Ad-Aware	12.0.163.0	Gen:Application.Heur.6u1@mqm5g9hO
AhnLab-V3	2015.06.14.00	PUP/Win32.CrossRider
Antiy-AVL	1.0.0.1	GrayWare[WebToolbar:not-a-virus]/Win32.CrossRider.ljd
Arcabit	1.0.0.425	Application.Heur.E36A6D
avast!	8.0.1489.320	Win32:IeEnablerC-B [Adw]
AVG	15.0.0.4360	Generic.9A1
Avira	8.3.1.6	ADWARE/CrossRider.ZZ
AVware	1.5.0.21	Crossrider (fs)
Baidu-International	3.5.1.41473	Adware.Win32.CrossAd.BM
Bitdefender	7.2	Gen:Application.Heur.6u1@mqm5g9hO
Bkav FE	1.3.0.6379	W32.HfsAdware.BDE5
CAT-QuickHeal	14.00	PUA.BrightCircle.OD6
Comodo Security	22439	Application.Win32.CrossRider.KS
Cyren	5.4.16.7	W32/S-95be3f30!Eldorado
Dr.Web	7.0.13.5270	Trojan.Crossrider1.23042
ESET-NOD32	11782	a variant of Win32/Toolbar.CrossRider.CK potentially unwanted
Fortinet FortiGate	5.0.999.0	Riskware/CrossRider
F-Prot	4.7.1.166	W32/S-95be3f30!Eldorado
F-Secure	11.0.19100.45	Gen:Application.Heur.6u1@mqm5g9hO
G Data	25	Gen:Application.Heur.6u1@mqm5g9hO
IKARUS anti.virus	T3.1.9.5.0	not-a-virus:WebToolbar.CrossRider
K7 AntiVirus	9.205.16235	Trojan ( 0040f9ff1 )
K7GW	9.205.16235	Unwanted-Program ( 0040f9ff1 )
Kaspersky	15.0.1.10	not-a-virus:WebToolbar.Win32.CrossRider.ljd
Malwarebytes	2.1.1.1115	PUP.Optional.InstallCore.C
McAfee	6.0.5.614	Artemis!610264260378
McAfee-GW-Edition	v2015	BehavesLike.Win32.BadFile.dh
Microsoft Security Essentials	1.1.11701.0	BrowserModifier:Win32/IeEnablerCby
MicroWorld-eScan	12.0.250.0	Gen:Application.Heur.6u1@mqm5g9hO
NANO AntiVirus	0.30.24.2086	Riskware.Win32.CrossRider.dmvwhb
Panda Antivirus	4.6.4.2	Trj/Genetic.gen
Qihoo-360	1.0.0.1015	Win32/Virus.Adware.de5
Rising Antivirus	25.0.0.17	PE:Malware.Obscure!1.9C59
Sophos	4.98.0	Generic PUA IJ
SUPERAntiSpyware	5.6.0.1032	Adware.CrossRider/Variant
Symantec	20141.2.0.56	PUA.Gen.2
Tencent	1.0.0.1	Trojan.Win32.Qudamah.Gen.3
Trend Micro	9.740.0.1012	TROJ_GEN.F0C2C00AU15
TrendMicro-HouseCall	9.700.0.1001	TROJ_GEN.F0C2C00AU15
VIPRE Antivirus	41100	Crossrider (fs)
Zillya	2.0.0.2222	Adware.CrossRider.Win32.2309
BWSRappSev2-bho.dll (e019060aeeb55026f3476c933260f449) has been flagged by the following 39 scanners:
Anti-Virus software	Software version	Detection
Lavasoft Ad-Aware	12.0.163.0	Gen:Application.Heur.My9@mSCkk9ei
Agnitum Outpost	5.5.1.3	PUA.Toolbar.CrossRider!
AhnLab-V3	2015.06.14.00	PUP/Win32.CrossRider
Antiy-AVL	1.0.0.1	GrayWare[WebToolbar:not-a-virus]/Win32.CrossRider.ljd
Arcabit	1.0.0.425	Application.Heur.ED9EB5
avast!	8.0.1489.320	Win32:Crossrider-CC [PUP]
AVG	15.0.0.4360	Toolbar.Crossrider.Y
Avira	8.3.1.6	ADWARE/CrossRider.ZZ
AVware	1.5.0.21	Crossrider (fs)
Baidu-International	3.5.1.41473	Adware.Win32.CrossAd.BA
Bitdefender	7.2	Gen:Application.Heur.My9@mSCkk9ei
Bkav FE	1.3.0.6379	W32.HfsAdware.BDE5
CAT-QuickHeal	14.00	PUA.BrightCircle.OD6
Comodo Security	22439	Application.Win32.CrossRider.BMK
Cyren	5.4.16.7	W32/S-c19140ac!Eldorado
Dr.Web	7.0.13.5270	Trojan.Crossrider1.23042
ESET-NOD32	11781	a variant of Win32/Toolbar.CrossRider.BA potentially unwanted
Fortinet FortiGate	5.0.999.0	Riskware/CrossRider
F-Prot	4.7.1.166	W32/S-c19140ac!Eldorado
F-Secure	11.0.19100.45	Gen:Application.Heur.My9@mSCkk9ei
G Data	25	Gen:Application.Heur.My9@mSCkk9ei
K7 AntiVirus	9.205.16235	Trojan ( 004af5321 )
K7GW	9.205.16235	Trojan ( 004af5321 )
Kaspersky	15.0.1.10	not-a-virus:WebToolbar.Win32.CrossRider.ljd
Malwarebytes	2.1.1.1115	PUP.Optional.InstallCore.C
McAfee	6.0.5.614	Artemis!E019060AEEB5
McAfee-GW-Edition	v2015	BehavesLike.Win32.BadFile.jh
MicroWorld-eScan	12.0.250.0	Gen:Application.Heur.My9@mSCkk9ei
NANO AntiVirus	0.30.24.2086	Trojan.Win32.Crossrider1.dnlyho
Panda Antivirus	4.6.4.2	Trj/Genetic.gen
Qihoo-360	1.0.0.1015	HEUR/QVM30.1.Malware.Gen
Rising Antivirus	25.0.0.17	PE:Malware.Obscure!1.9C59
Sophos	4.98.0	Generic PUA DN
Symantec	20141.2.0.56	Adware.Crossid
Tencent	1.0.0.1	Trojan.Win32.Qudamah.Gen.13
Trend Micro	9.740.0.1012	TROJ_GEN.R0C1C0OB915
TrendMicro-HouseCall	9.700.0.1001	TROJ_GEN.R0C1C0OB915
VIPRE Antivirus	41096	Crossrider (fs)
Zillya	2.0.0.2221	Adware.CrossRider.Win32.2952
9ccba8ed-8ce2-4b0a-8136-661ea57bb541-5.exe (4e242074fa342866048e0a004a9fedb0) has been flagged by the following 37 scanners:
Anti-Virus software	Software version	Detection
Lavasoft Ad-Aware	12.0.163.0	Gen:Application.Heur.jv1@mupW0JeO
AhnLab-V3	2015.06.14.00	PUP/Win32.CrossRider
Antiy-AVL	1.0.0.1	GrayWare[WebToolbar:not-a-virus]/Win32.CrossRider.ljd
Arcabit	1.0.0.425	Application.Heur.E4C2C8
avast!	8.0.1489.320	Win32:PUP-gen [PUP]
AVG	15.0.0.4360	Toolbar.Crossrider.AA
Avira	8.3.1.6	ADWARE/CrossRider.ZZ
AVware	1.5.0.21	Crossrider (fs)
Baidu-International	3.5.1.41473	Adware.Win32.CrossAd.BM
Bitdefender	7.2	Gen:Application.Heur.jv1@mupW0JeO
Bkav FE	1.3.0.6379	W32.HfsAdware.BDE5
CAT-QuickHeal	14.00	PUA.BrightCircle.OD6
Cyren	5.4.16.7	W32/Application.GIQQ-0506
Dr.Web	7.0.13.5270	Trojan.Crossrider1.23042
ESET-NOD32	11782	a variant of Win32/Toolbar.CrossRider.CC potentially unwanted
Fortinet FortiGate	5.0.999.0	Riskware/CrossRider
F-Secure	11.0.19100.45	Gen:Application.Heur.jv1@mupW0JeO
G Data	25	Gen:Application.Heur.jv1@mupW0JeO
K7 AntiVirus	9.205.16235	Trojan ( 004afbb41 )
K7GW	9.205.16235	Trojan ( 004afbb41 )
Kaspersky	15.0.1.10	not-a-virus:WebToolbar.Win32.CrossRider.ljd
Malwarebytes	2.1.1.1115	PUP.Optional.InstallCore.C
McAfee	6.0.5.614	Artemis!4E242074FA34
McAfee-GW-Edition	v2015	BehavesLike.Win32.BrowseFox.th
MicroWorld-eScan	12.0.250.0	Gen:Application.Heur.jv1@mupW0JeO
NANO AntiVirus	0.30.24.2086	Riskware.Win32.CrossRider.dmvwjf
Panda Antivirus	4.6.4.2	Trj/Genetic.gen
Qihoo-360	1.0.0.1015	HEUR/QVM10.1.Malware.Gen
Rising Antivirus	25.0.0.17	PE:Malware.CrossRider!6.233A
Sophos	4.98.0	Generic PUA MG
SUPERAntiSpyware	5.6.0.1032	Adware.CrossRider/Variant
Symantec	20141.2.0.56	Trojan.Gen.2
Tencent	1.0.0.1	Trojan.Win32.Qudamah.Gen.5
Trend Micro	9.740.0.1012	TROJ_GEN.R000C0OB915
TrendMicro-HouseCall	9.700.0.1001	TROJ_GEN.R000C0OB915
VIPRE Antivirus	41100	Crossrider (fs)
Zillya	2.0.0.2222	Adware.CrossRider.Win32.2301
BWSRappSev2-codedownloader.exe (a4cba6c7020c0ce30059d233ef8b5a0e) has been flagged by the following 17 scanners:
Anti-Virus software	Software version	Detection
Lavasoft Ad-Aware	12.0.163.0	Gen:Application.Heur.fv1@m0aO0QjO
AhnLab-V3	2015.01.24.00	PUP/Win32.CrossRider
AVG	15.0.0.4257	Generic.9A1
Avira	7.11.204.208	ADWARE/CrossRider.Gen4
AVware	1.5.0.21	Crossrider (fs)
Baidu-International	3.5.1.41473	PUA.Win32.CrossRider.bBM
Bitdefender	7.2	Gen:Application.Heur.fv1@m0aO0QjO
ESET-NOD32	11064	a variant of Win32/Toolbar.CrossRider.BM
F-Secure	11.0.19100.45	Gen:Application.Heur.fv1@m0aO0QjO
G Data	24	Gen:Application.Heur.fv1@m0aO0QjO
IKARUS anti.virus	T3.1.8.6.0	Gen.Application.Heur
Kaspersky	15.0.1.10	not-a-virus:WebToolbar.Win32.CrossRider.ljd
MicroWorld-eScan	12.0.250.0	Gen:Application.Heur.fv1@m0aO0QjO
Panda Antivirus	4.6.4.2	Trj/Genetic.gen
Qihoo-360	1.0.0.1015	HEUR/QVM10.1.Malware.Gen
Tencent	1.0.0.1	Win32.Adware.Bp-browser.Luqs
VIPRE Antivirus	36914	Crossrider (fs)

View all 150 all detections

BWSRappSev2 has been found to be bundled with 3rd party software. If you have not purposefully installed this, you should be safe uninstalling it.

Program details

Displayed publisher: BroServix+2.3

Installation folder: C:\Program Files\bwsrappsev2

Uninstaller: C:\Program Files\BWSRappSev2\Uninstall.exe /fcp=1

Estimated size: 7.97 MB

Files installed by BWSRappSev2

Program executable:	utils.exe (Malware detected)
Path:	C:\Program Files\bwsrappsev2\utils.exe
MD5:	7b3e7c047cc43b0b30ca4c51cc6b0a75

Additional files:

(Malware detected) 9ccba8ed-8ce2-4b0a-8136-661ea57bb541-2.exe (by BroServix+2.3) - BWSRappSev2 (BWSRappSev2 exe)
9ccba8ed-8ce2-4b0a-8136-661ea57bb541-4.exe (by BroServix+2.3)
(Malware detected) 9ccba8ed-8ce2-4b0a-8136-661ea57bb541-5.exe
BWSRappSev2-bg.exe
(Malware detected) BWSRappSev2-bho.dll - BWSRappSev2 BHO
BWSRappSev2-bho64.dll
(Malware detected) BWSRappSev2-codedownloader.exe
d5f34d70-208e-431b-9035-00b877ef328d-4.exe
Uninstall.exe
9ccba8ed-8ce2-4b0a-8136-661ea57bb541.xpi
d5f34d70-208e-431b-9035-00b877ef328d.xpi

Behaviors exhibited

Internet Explorer BHO

BWSRappSev2-bho.dll is installed in Internet Explorer as a BHO (Browser Helper Object) under the name 'BWSRappSev2' with the class of {11111111-1111-1111-1111-110611991117} (6b064ce819644ac68b741b4c9b968d8c0069917).

3 Scheduled Tasks (Boot/Login)

BWSRappSev2-codedownloader.exe is automatically launched at startup through a scheduled task named 9ccba8ed-8ce2-4b0a-8136-661ea57bb541-1.
9ccba8ed-8ce2-4b0a-8136-661ea57bb541-5.exe is automatically launched at startup through a scheduled task named 9ccba8ed-8ce2-4b0a-8136-661ea57bb541-5_user.
9ccba8ed-8ce2-4b0a-8136-661ea57bb541-2.exe is automatically launched at startup through a scheduled task named 9ccba8ed-8ce2-4b0a-8136-661ea57bb541-2.

How do I remove BWSRappSev2?

You can uninstall BWSRappSev2 from your computer by using the Add/Remove Program feature in the Window's Control Panel.

On the Start menu (for Windows 8, right-click the screen's bottom-left corner), click Control Panel, and then, under Programs, do one of the following:

Windows Vista/7/8/10: Click Uninstall a Program.
Windows XP: Click Add or Remove Programs.

When you find the program BWSRappSev2, click it, and then do one of the following:

Windows Vista/7/8/10: Click Uninstall.
Windows XP: Click the Remove or Change/Remove tab (to the right of the program).

Follow the prompts. A progress bar shows you how long it will take to remove BWSRappSev2.
If for some reason uninstallation fails, please install Microsoft's uninstall fixer utility which will help fix problems with programs that can't be uninstalled at support.microsoft.com.