Should I remove BWSRappSev2?
What percent of users and experts removed it?
88% remove it12% keep it
What do people think about it?
(click star to rate)
How common is it?
Reach 0.0003%
Versions
| Version | Distribution |
| 1.36.01.22 |
100.00% |
|
Other programs by BrightCircle Investments Limited
BWSRappSev2
from BrightCircle Investments Limited
What is BWSRappSev2?
This is an adware program that installs as a web browser plugin to inject and display advertisements. Once installed the program will deliver ads including but not limited to banner ads, text-links, coupons and other offers both by injecting them in the user's web browser as well as displaying popups outside of the browser.
Overview
During setup, the program registers itself to launch on boot through a Windows Schedule Task in order to automatically start-up (this is typically done to avoid any UAC prompts). It adds a Browser Helper Object (BHO) to Internet Explorer. In the Mozilla Firefox browser, it will add an add-on. The primary executable is named utils.exe. A majority of users end up uninstalling this less than a week of it being installed. The setup package generally installs about 12 files and is usually about 7.97 MB (8,355,416 bytes).
- Malware detected in the program
- Automatically starts with Windows
- Integrates into the web browser
- Typically distributed through a pay-per-install bundle
- Injects advertisements unassociated with the underlying web page
- The experts agree, you should remove it!
Warning, multiple anti-virus scanners have detected possible malware in BWSRappSev2.
| utils.exe (7b3e7c047cc43b0b30ca4c51cc6b0a75) has been flagged by the following 16 scanners: |
| Anti-Virus software | Version | Detection |
| Agnitum Outpost |
7.1.1 |
Riskware.VMDetector |
| avast! |
2014.9-150413 |
Win32:Malware-gen |
| Baidu-International |
4.0.3.15413 |
PUA.Win32.CrossRider.bBW |
| Bkav FE |
1.3.0.6379 |
HW32.Packed |
| Dr.Web |
9.0.0.0103 |
Trojan.Crossrider1.9878 |
| ESET-NOD32 |
9.11112 |
Win32/Packed.VMDetector.I potentially unwanted |
| Fortinet FortiGate |
4/13/2015 |
PossibleThreat |
| G Data |
15.4.25 |
NSIS.Adware.Crossrider |
| Malwarebytes |
v2015.04.13.03 |
PUP.Optional.CrossRider.A |
| McAfee |
5600.6797 |
Artemis!7B3E7C047CC4 |
| McAfee-GW-Edition |
7.6797 |
Artemis |
| NANO AntiVirus |
0.30.0.65070 |
Trojan.Win32.MLW.dmvkgg |
| Panda Antivirus |
15.04.13.03 |
Trj/Genetic.gen |
| Qihoo-360 |
1.0.0.1015 |
HEUR/QVM20.1.Malware.Gen |
| Symantec |
4/13/2015 rev. 2 |
WS.Reputation |
| TrendMicro-HouseCall |
7.2.103 |
Suspicious_GEN.F47V0123 |
| 9ccba8ed-8ce2-4b0a-8136-661ea57bb541-2.exe (610264260378473e3bc7cdd7b93dc45d) has been flagged by the following 41 scanners: |
| Anti-Virus software | Software version | Detection |
| Lavasoft Ad-Aware |
12.0.163.0 |
Gen:[email protected] |
| AhnLab-V3 |
2015.06.14.00 |
PUP/Win32.CrossRider |
| Antiy-AVL |
1.0.0.1 |
GrayWare[WebToolbar:not-a-virus]/Win32.CrossRider.ljd |
| Arcabit |
1.0.0.425 |
Application.Heur.E36A6D |
| avast! |
8.0.1489.320 |
Win32:IeEnablerC-B [Adw] |
| AVG |
15.0.0.4360 |
Generic.9A1 |
| Avira |
8.3.1.6 |
ADWARE/CrossRider.ZZ |
| AVware |
1.5.0.21 |
Crossrider (fs) |
| Baidu-International |
3.5.1.41473 |
Adware.Win32.CrossAd.BM |
| Bitdefender |
7.2 |
Gen:[email protected] |
| Bkav FE |
1.3.0.6379 |
W32.HfsAdware.BDE5 |
| CAT-QuickHeal |
14.00 |
PUA.BrightCircle.OD6 |
| Comodo Security |
22439 |
Application.Win32.CrossRider.KS |
| Cyren |
5.4.16.7 |
W32/S-95be3f30!Eldorado |
| Dr.Web |
7.0.13.5270 |
Trojan.Crossrider1.23042 |
| ESET-NOD32 |
11782 |
a variant of Win32/Toolbar.CrossRider.CK potentially unwanted |
| Fortinet FortiGate |
5.0.999.0 |
Riskware/CrossRider |
| F-Prot |
4.7.1.166 |
W32/S-95be3f30!Eldorado |
| F-Secure |
11.0.19100.45 |
Gen:[email protected] |
| G Data |
25 |
Gen:[email protected] |
| IKARUS anti.virus |
T3.1.9.5.0 |
not-a-virus:WebToolbar.CrossRider |
| K7 AntiVirus |
9.205.16235 |
Trojan ( 0040f9ff1 ) |
| K7GW |
9.205.16235 |
Unwanted-Program ( 0040f9ff1 ) |
| Kaspersky |
15.0.1.10 |
not-a-virus:WebToolbar.Win32.CrossRider.ljd |
| Malwarebytes |
2.1.1.1115 |
PUP.Optional.InstallCore.C |
| McAfee |
6.0.5.614 |
Artemis!610264260378 |
| McAfee-GW-Edition |
v2015 |
BehavesLike.Win32.BadFile.dh |
| Microsoft Security Essentials |
1.1.11701.0 |
BrowserModifier:Win32/IeEnablerCby |
| MicroWorld-eScan |
12.0.250.0 |
Gen:[email protected] |
| NANO AntiVirus |
0.30.24.2086 |
Riskware.Win32.CrossRider.dmvwhb |
| Panda Antivirus |
4.6.4.2 |
Trj/Genetic.gen |
| Qihoo-360 |
1.0.0.1015 |
Win32/Virus.Adware.de5 |
| Rising Antivirus |
25.0.0.17 |
PE:Malware.Obscure!1.9C59 |
| Sophos |
4.98.0 |
Generic PUA IJ |
| SUPERAntiSpyware |
5.6.0.1032 |
Adware.CrossRider/Variant |
| Symantec |
20141.2.0.56 |
PUA.Gen.2 |
| Tencent |
1.0.0.1 |
Trojan.Win32.Qudamah.Gen.3 |
| Trend Micro |
9.740.0.1012 |
TROJ_GEN.F0C2C00AU15 |
| TrendMicro-HouseCall |
9.700.0.1001 |
TROJ_GEN.F0C2C00AU15 |
| VIPRE Antivirus |
41100 |
Crossrider (fs) |
| Zillya |
2.0.0.2222 |
Adware.CrossRider.Win32.2309 |
| BWSRappSev2-bho.dll (e019060aeeb55026f3476c933260f449) has been flagged by the following 39 scanners: |
| Anti-Virus software | Software version | Detection |
| Lavasoft Ad-Aware |
12.0.163.0 |
Gen:[email protected] |
| Agnitum Outpost |
5.5.1.3 |
PUA.Toolbar.CrossRider! |
| AhnLab-V3 |
2015.06.14.00 |
PUP/Win32.CrossRider |
| Antiy-AVL |
1.0.0.1 |
GrayWare[WebToolbar:not-a-virus]/Win32.CrossRider.ljd |
| Arcabit |
1.0.0.425 |
Application.Heur.ED9EB5 |
| avast! |
8.0.1489.320 |
Win32:Crossrider-CC [PUP] |
| AVG |
15.0.0.4360 |
Toolbar.Crossrider.Y |
| Avira |
8.3.1.6 |
ADWARE/CrossRider.ZZ |
| AVware |
1.5.0.21 |
Crossrider (fs) |
| Baidu-International |
3.5.1.41473 |
Adware.Win32.CrossAd.BA |
| Bitdefender |
7.2 |
Gen:[email protected] |
| Bkav FE |
1.3.0.6379 |
W32.HfsAdware.BDE5 |
| CAT-QuickHeal |
14.00 |
PUA.BrightCircle.OD6 |
| Comodo Security |
22439 |
Application.Win32.CrossRider.BMK |
| Cyren |
5.4.16.7 |
W32/S-c19140ac!Eldorado |
| Dr.Web |
7.0.13.5270 |
Trojan.Crossrider1.23042 |
| ESET-NOD32 |
11781 |
a variant of Win32/Toolbar.CrossRider.BA potentially unwanted |
| Fortinet FortiGate |
5.0.999.0 |
Riskware/CrossRider |
| F-Prot |
4.7.1.166 |
W32/S-c19140ac!Eldorado |
| F-Secure |
11.0.19100.45 |
Gen:[email protected] |
| G Data |
25 |
Gen:[email protected] |
| K7 AntiVirus |
9.205.16235 |
Trojan ( 004af5321 ) |
| K7GW |
9.205.16235 |
Trojan ( 004af5321 ) |
| Kaspersky |
15.0.1.10 |
not-a-virus:WebToolbar.Win32.CrossRider.ljd |
| Malwarebytes |
2.1.1.1115 |
PUP.Optional.InstallCore.C |
| McAfee |
6.0.5.614 |
Artemis!E019060AEEB5 |
| McAfee-GW-Edition |
v2015 |
BehavesLike.Win32.BadFile.jh |
| MicroWorld-eScan |
12.0.250.0 |
Gen:[email protected] |
| NANO AntiVirus |
0.30.24.2086 |
Trojan.Win32.Crossrider1.dnlyho |
| Panda Antivirus |
4.6.4.2 |
Trj/Genetic.gen |
| Qihoo-360 |
1.0.0.1015 |
HEUR/QVM30.1.Malware.Gen |
| Rising Antivirus |
25.0.0.17 |
PE:Malware.Obscure!1.9C59 |
| Sophos |
4.98.0 |
Generic PUA DN |
| Symantec |
20141.2.0.56 |
Adware.Crossid |
| Tencent |
1.0.0.1 |
Trojan.Win32.Qudamah.Gen.13 |
| Trend Micro |
9.740.0.1012 |
TROJ_GEN.R0C1C0OB915 |
| TrendMicro-HouseCall |
9.700.0.1001 |
TROJ_GEN.R0C1C0OB915 |
| VIPRE Antivirus |
41096 |
Crossrider (fs) |
| Zillya |
2.0.0.2221 |
Adware.CrossRider.Win32.2952 |
| 9ccba8ed-8ce2-4b0a-8136-661ea57bb541-5.exe (4e242074fa342866048e0a004a9fedb0) has been flagged by the following 37 scanners: |
| Anti-Virus software | Software version | Detection |
| Lavasoft Ad-Aware |
12.0.163.0 |
Gen:[email protected] |
| AhnLab-V3 |
2015.06.14.00 |
PUP/Win32.CrossRider |
| Antiy-AVL |
1.0.0.1 |
GrayWare[WebToolbar:not-a-virus]/Win32.CrossRider.ljd |
| Arcabit |
1.0.0.425 |
Application.Heur.E4C2C8 |
| avast! |
8.0.1489.320 |
Win32:PUP-gen [PUP] |
| AVG |
15.0.0.4360 |
Toolbar.Crossrider.AA |
| Avira |
8.3.1.6 |
ADWARE/CrossRider.ZZ |
| AVware |
1.5.0.21 |
Crossrider (fs) |
| Baidu-International |
3.5.1.41473 |
Adware.Win32.CrossAd.BM |
| Bitdefender |
7.2 |
Gen:[email protected] |
| Bkav FE |
1.3.0.6379 |
W32.HfsAdware.BDE5 |
| CAT-QuickHeal |
14.00 |
PUA.BrightCircle.OD6 |
| Cyren |
5.4.16.7 |
W32/Application.GIQQ-0506 |
| Dr.Web |
7.0.13.5270 |
Trojan.Crossrider1.23042 |
| ESET-NOD32 |
11782 |
a variant of Win32/Toolbar.CrossRider.CC potentially unwanted |
| Fortinet FortiGate |
5.0.999.0 |
Riskware/CrossRider |
| F-Secure |
11.0.19100.45 |
Gen:[email protected] |
| G Data |
25 |
Gen:[email protected] |
| K7 AntiVirus |
9.205.16235 |
Trojan ( 004afbb41 ) |
| K7GW |
9.205.16235 |
Trojan ( 004afbb41 ) |
| Kaspersky |
15.0.1.10 |
not-a-virus:WebToolbar.Win32.CrossRider.ljd |
| Malwarebytes |
2.1.1.1115 |
PUP.Optional.InstallCore.C |
| McAfee |
6.0.5.614 |
Artemis!4E242074FA34 |
| McAfee-GW-Edition |
v2015 |
BehavesLike.Win32.BrowseFox.th |
| MicroWorld-eScan |
12.0.250.0 |
Gen:[email protected] |
| NANO AntiVirus |
0.30.24.2086 |
Riskware.Win32.CrossRider.dmvwjf |
| Panda Antivirus |
4.6.4.2 |
Trj/Genetic.gen |
| Qihoo-360 |
1.0.0.1015 |
HEUR/QVM10.1.Malware.Gen |
| Rising Antivirus |
25.0.0.17 |
PE:Malware.CrossRider!6.233A |
| Sophos |
4.98.0 |
Generic PUA MG |
| SUPERAntiSpyware |
5.6.0.1032 |
Adware.CrossRider/Variant |
| Symantec |
20141.2.0.56 |
Trojan.Gen.2 |
| Tencent |
1.0.0.1 |
Trojan.Win32.Qudamah.Gen.5 |
| Trend Micro |
9.740.0.1012 |
TROJ_GEN.R000C0OB915 |
| TrendMicro-HouseCall |
9.700.0.1001 |
TROJ_GEN.R000C0OB915 |
| VIPRE Antivirus |
41100 |
Crossrider (fs) |
| Zillya |
2.0.0.2222 |
Adware.CrossRider.Win32.2301 |
| BWSRappSev2-codedownloader.exe (a4cba6c7020c0ce30059d233ef8b5a0e) has been flagged by the following 17 scanners: |
| Anti-Virus software | Software version | Detection |
| Lavasoft Ad-Aware |
12.0.163.0 |
Gen:[email protected] |
| AhnLab-V3 |
2015.01.24.00 |
PUP/Win32.CrossRider |
| AVG |
15.0.0.4257 |
Generic.9A1 |
| Avira |
7.11.204.208 |
ADWARE/CrossRider.Gen4 |
| AVware |
1.5.0.21 |
Crossrider (fs) |
| Baidu-International |
3.5.1.41473 |
PUA.Win32.CrossRider.bBM |
| Bitdefender |
7.2 |
Gen:[email protected] |
| ESET-NOD32 |
11064 |
a variant of Win32/Toolbar.CrossRider.BM |
| F-Secure |
11.0.19100.45 |
Gen:[email protected] |
| G Data |
24 |
Gen:[email protected] |
| IKARUS anti.virus |
T3.1.8.6.0 |
Gen.Application.Heur |
| Kaspersky |
15.0.1.10 |
not-a-virus:WebToolbar.Win32.CrossRider.ljd |
| MicroWorld-eScan |
12.0.250.0 |
Gen:[email protected] |
| Panda Antivirus |
4.6.4.2 |
Trj/Genetic.gen |
| Qihoo-360 |
1.0.0.1015 |
HEUR/QVM10.1.Malware.Gen |
| Tencent |
1.0.0.1 |
Win32.Adware.Bp-browser.Luqs |
| VIPRE Antivirus |
36914 |
Crossrider (fs) |
View all 150 all detections
BWSRappSev2 has been found to be bundled with 3rd party software. If you have not purposefully installed this, you should be safe uninstalling it.
Program details
Displayed publisher: BroServix+2.3
Installation folder: C:\Program Files\bwsrappsev2
Uninstaller: C:\Program Files\BWSRappSev2\Uninstall.exe /fcp=1
Estimated size: 7.97 MB
Files installed by BWSRappSev2
| Program executable: | utils.exe (Malware detected) |
| Path: | C:\Program Files\bwsrappsev2\utils.exe |
| MD5: | 7b3e7c047cc43b0b30ca4c51cc6b0a75 |
Additional files:
-
(Malware detected) 9ccba8ed-8ce2-4b0a-8136-661ea57bb541-2.exe (by BroServix+2.3) - BWSRappSev2 (BWSRappSev2 exe)
-
9ccba8ed-8ce2-4b0a-8136-661ea57bb541-4.exe (by BroServix+2.3)
-
(Malware detected) 9ccba8ed-8ce2-4b0a-8136-661ea57bb541-5.exe
-
BWSRappSev2-bg.exe
-
(Malware detected) BWSRappSev2-bho.dll - BWSRappSev2 BHO
-
BWSRappSev2-bho64.dll
-
(Malware detected) BWSRappSev2-codedownloader.exe
-
d5f34d70-208e-431b-9035-00b877ef328d-4.exe
-
Uninstall.exe
-
9ccba8ed-8ce2-4b0a-8136-661ea57bb541.xpi
-
d5f34d70-208e-431b-9035-00b877ef328d.xpi
Behaviors exhibited
Internet Explorer BHO
- BWSRappSev2-bho.dll is installed in Internet Explorer as a BHO (Browser Helper Object) under the name 'BWSRappSev2' with the class of {11111111-1111-1111-1111-110611991117} (6b064ce819644ac68b741b4c9b968d8c0069917).
3 Scheduled Tasks (Boot/Login)
- BWSRappSev2-codedownloader.exe is automatically launched at startup through a scheduled task named 9ccba8ed-8ce2-4b0a-8136-661ea57bb541-1.
- 9ccba8ed-8ce2-4b0a-8136-661ea57bb541-5.exe is automatically launched at startup through a scheduled task named 9ccba8ed-8ce2-4b0a-8136-661ea57bb541-5_user.
- 9ccba8ed-8ce2-4b0a-8136-661ea57bb541-2.exe is automatically launched at startup through a scheduled task named 9ccba8ed-8ce2-4b0a-8136-661ea57bb541-2.
How do I remove BWSRappSev2?
You can uninstall BWSRappSev2 from your computer by using the Add/Remove Program feature in the Window's Control Panel.
- On the Start menu (for Windows 8, right-click the screen's bottom-left corner), click Control Panel, and then, under Programs, do one of the following:
- Windows Vista/7/8/10: Click Uninstall a Program.
- Windows XP: Click Add or Remove Programs.
- When you find the program BWSRappSev2, click it, and then do one of the following:
- Windows Vista/7/8/10: Click Uninstall.
- Windows XP: Click the Remove or Change/Remove tab (to the right of the program).
- Follow the prompts. A progress bar shows you how long it will take to remove BWSRappSev2.
- If for some reason uninstallation fails, please install Microsoft's uninstall fixer utility which will help fix problems with programs that can't be uninstalled at support.microsoft.com.
How do I reset my web browser?
If your web browser homepage and search settings have been modfied by BWSRappSev2 you can restore them to their previous default settings.
Microsoft Internet Explorer
- Open Internet Explorer and click the Tools button, and then click Internet options.
- Click the Advanced tab, and then click Reset. Select the Delete personal settings check box if you would also like to remove search providers, Accelerators and home pages. When Internet Explorer finishes applying default settings, click Close, and then click OK.
- The changes will take effect the next time you open IE.
Mozilla Firefox
- At the top of the Firefox window, click the Firefox button, go over to the Help sub-menu and select Troubleshooting Information.
- To continue, click Reset Firefox in the confirmation window that opens. It will close and be reset.
- When it's done, a window will list the information that was imported. Click Finish and Firefox will open.
Google Chrome
- Open Chrome and click the Chrome menu on the browser toolbar.
- Select Settings. In the "Search" section, click Manage search engine. Check if (Default) is displayed next to your preferred search engine. If not, mouse over it and click Make default. Mouse over any other suspicious search engine entries that are not familiar and click X to remove them.
- When the "Show Home button" checkbox is selected, a web address appears below it. If you want the Homepage button to open up a different webpage, click Change to enter a link.
- Restart Google Chrome.
OS VERSIONS
Win 10 80%
Win 7 (SP1) 20%
|
|
HOW IT STARTS
Scheduled task? Yes
(Runs on Windows boot)
|
|
USER ACTIONS
 |
Uninstall it 88%
Keep it 12%
|
|
Windows
Which Windows OS versions does it run on?
| Windows 10 |
80.00% |
|
| Windows 7 |
20.00% |
|
Which OS releases does it run on? |
| Windows 8.1 |
80.00% |
|
| Windows 7 Home Premium |
20.00% |
|
Geography
50.00% of installs come from the United States
Which countries install it?
| United States |
50.00% |
| France |
30.00% |
| BD |
10.00% |
| United Kingdom |
10.00% |
PC manufacturers
What PC manufacturers (OEMs) have it installed?
| Dell |
40.00% |
|
| Lenovo |
20.00% |
|
| Hewlett-Packard |
20.00% |
|
| Acer |
20.00% |
|
Common models |
| Dell XPS 15 9530 |
50.00% |
|
| LENOVO 20244 |
25.00% |
|
| HP Pavilion 17 Notebook P... |
25.00% |
|