Safer-Surf
from Revizer Technologies
What is Safer-Surf?
Safer-Surf is an adware web browser extension/plugin for Internet Explorer, Firefox and Chrome that's primary purpose is to inject advertising in the web browser. Advertising is injected in the form of banner ads that are automatically placed in various spots of the browser that would not normally appear. Also, advertisments may include additional display ads, coupons, popups, price comparision and in-line text hyper links. The software will add a proxy server that sits in between the browser and the internet so that it can track web pages visited and the context of the page asn inject these ads. Additionally, the plugin will modify the browser's and operating system's functionality and will install an enable the plugin using a protection feature. The protection feature will prevent 3rd party programs including anti-virus programs from disabling the ad-serving proxy server.
Overview
Upon installation, it defines an auto-start registry entry which allows the program run on each boot for the user which installed it. It adds a background controller service that is set to automatically run. Delaying the start of this service is possible through the service manager. A scheduled task is added to Windows Task Scheduler in order to launch the program at various scheduled times (the schedule varies depending on the version). In the Mozilla Firefox browser, it will add an add-on. The main program executable is Safer-Surfw.exe. Typically most users end up uninstalling this just after a few days. The software installer includes 7 files and is usually about 1.43 MB (1,497,882 bytes).
- Possible malware installed by this program
- Starts automatically
- Adds a background Windows Service
- Installed as part of a co-bundle
- The experts agree, you should remove it!
Warning, multiple anti-virus scanners have detected possible malware in Safer-Surf.
| Safer-Surfw.exe (98b1700da13aa57781251551c191b75c) has been flagged by the following 20 scanners: |
| Anti-Virus software | Version | Detection |
| Lavasoft Ad-Aware |
1018 |
Application.Generic.615009 |
| Antiy-AVL |
0.1.0.1 |
Trojan/Win32.SGeneric |
| avast! |
2014.9-140422 |
Win32:Adware-BLC [PUP] |
| AVG |
2015.0.3496 |
Generic5 |
| Bitdefender |
1.0.20.560 |
Application.Generic.615009 |
| Comodo Security |
18107 |
Application.Win32.Adware.WDUnlocker.A |
| ESET-NOD32 |
8.9677 |
a variant of Win32/AdWare.AddLyrics.AJ |
| Fortinet FortiGate |
4/22/2014 |
Riskware/AD150 |
| F-Secure |
11.2014-22-04_3 |
Application.Generic.615009 |
| G Data |
14.4.24 |
Application.Generic.615009 |
| IKARUS anti.virus |
t3scan.1.6.1.0 |
Win32.SuspectCrc |
| Jiangmin |
KV140422 |
Adware/Agent.jop |
| K7 AntiVirus |
13.176.11755 |
Adware |
| K7GW |
13.176.11755 |
Adware ( 0049760f1 ) |
| McAfee |
5600.7152 |
Artemis!98B1700DA13A |
| McAfee-GW-Edition |
7.7152 |
Artemis!98B1700DA13A |
| MicroWorld-eScan |
15.0.0.336 |
Application.Generic.615009 |
| Panda Antivirus |
14.04.22.07 |
Trj/Genetic.gen |
| Vba32 AntiVirus |
3.12.26.0 |
AdWare.Agent |
| VIPRE Antivirus |
28240 |
Trojan.Win32.Generic!BT |
| Safer-Surf157.exe (b57e354909e03f6062ad32c9150a56fc) has been flagged by the following 14 scanners: |
| Anti-Virus software | Software version | Detection |
| Lavasoft Ad-Aware |
12.0.163.0 |
Application.Generic.607679 |
| avast! |
8.0.1489.320 |
Win32:Adware-BLR [Adw] |
| Bitdefender |
7.2 |
Application.Generic.607679 |
| ESET-NOD32 |
9639 |
a variant of Win32/AdWare.AD150.B |
| Fortinet FortiGate |
4 |
Riskware/AD150 |
| F-Secure |
11.0.19100.45 |
Application.Generic.607679 |
| G Data |
24 |
Application.Generic.607679 |
| K7 AntiVirus |
9.176.11663 |
Adware ( 0049760f1 ) |
| K7GW |
9.176.11663 |
Adware ( 0049760f1 ) |
| McAfee |
6.0.4.564 |
Artemis!B57E354909E0 |
| McAfee-GW-Edition |
2013 |
Artemis!B57E354909E0 |
| MicroWorld-eScan |
12.0.250.0 |
Application.Generic.607679 |
| Qihoo-360 |
1.0.0.1015 |
Win32/RootKit.Rootkit.7e5 |
| VIPRE Antivirus |
28044 |
Trojan.Win32.Generic!BT |
| safeS.exe (6a68b6292f1cb313d17fa286a8ac71dc) has been flagged by the following 4 scanners: |
| Anti-Virus software | Software version | Detection |
| ESET-NOD32 |
9625 |
a variant of Win32/AdWare.AddLyrics.AI |
| Kaspersky |
12.0.0.1225 |
not-a-virus:AdWare.Win32.Agent.ajzv |
| Qihoo-360 |
1.0.0.1015 |
Win32/Virus.Adware.e71 |
| VIPRE Antivirus |
27946 |
Adware.Agent |
View all 38 all detections
Safer-Surf has been found to be bundled with 3rd party software. If you have not purposefully installed this, you should be safe uninstalling it.
Program details
Displayed publisher: Safer-Surf software
Installation folder: C:\Program Files\safer-surf-soft
Uninstaller: C:\Program Files\Safer-Surf-soft\Uninstall.exe
Estimated size: 1.43 MB
Files installed by Safer-Surf
| Program executable: | Safer-Surfw.exe (Malware detected) |
| Path: | C:\Program Files\safer-surf-soft\Safer-Surfw.exe |
| MD5: | 98b1700da13aa57781251551c191b75c |
Additional files:
-
(Malware detected) Safer-Surf157.exe
-
157.xpi
-
BlockNSurf.exe - BlockNSurf (BlockNSurf Tray Link)
-
(Malware detected) Safer-Surfw.exe
-
(Malware detected) safeS.exe
-
Sqlite3.dll
-
Uninstall.exe
Behaviors exhibited
2 Scheduled Tasks
- Safer-Surfw.exe is scheduled as a task named 'Safer-Surf_wd' (runs daily at 2:36 PM).
- safeS.exe is scheduled as a task named 'Safer-Surf Update' (runs daily at 5:49 PM).
2 Scheduled Tasks (Boot/Login)
- Safer-Surfw.exe is automatically launched at startup through a scheduled task named Safer-Surf_wd.
- safeS.exe is automatically launched at startup through a scheduled task named Safer-Surf Update.
Service
- Safer-Surf157.exe runs as a service named 'Safer-Surf' (Safer-Surf).
Startup File (User Run)
- BlockNSurf.exe is loaded in the current user (HKCU) registry as an auto-starting executable named 'BlockNSurf' and executes as C:\Program Files\Safer-Surf-soft\BlockNSurf.exe.
How do I remove Safer-Surf?
You can uninstall Safer-Surf from your computer by using the Add/Remove Program feature in the Window's Control Panel.
- On the Start menu (for Windows 8, right-click the screen's bottom-left corner), click Control Panel, and then, under Programs, do one of the following:
- Windows Vista/7/8/10: Click Uninstall a Program.
- Windows XP: Click Add or Remove Programs.
- When you find the program Safer-Surf, click it, and then do one of the following:
- Windows Vista/7/8/10: Click Uninstall.
- Windows XP: Click the Remove or Change/Remove tab (to the right of the program).
- Follow the prompts. A progress bar shows you how long it will take to remove Safer-Surf.
- If for some reason uninstallation fails, please install Microsoft's uninstall fixer utility which will help fix problems with programs that can't be uninstalled at support.microsoft.com.
How do I reset my web browser?
If your web browser homepage and search settings have been modfied by Safer-Surf you can restore them to their previous default settings.
Microsoft Internet Explorer
- Open Internet Explorer and click the Tools button, and then click Internet options.
- Click the Advanced tab, and then click Reset. Select the Delete personal settings check box if you would also like to remove search providers, Accelerators and home pages. When Internet Explorer finishes applying default settings, click Close, and then click OK.
- The changes will take effect the next time you open IE.
Mozilla Firefox
- At the top of the Firefox window, click the Firefox button, go over to the Help sub-menu and select Troubleshooting Information.
- To continue, click Reset Firefox in the confirmation window that opens. It will close and be reset.
- When it's done, a window will list the information that was imported. Click Finish and Firefox will open.
Google Chrome
- Open Chrome and click the Chrome menu on the browser toolbar.
- Select Settings. In the "Search" section, click Manage search engine. Check if (Default) is displayed next to your preferred search engine. If not, mouse over it and click Make default. Mouse over any other suspicious search engine entries that are not familiar and click X to remove them.
- When the "Show Home button" checkbox is selected, a web address appears below it. If you want the Homepage button to open up a different webpage, click Change to enter a link.
- Restart Google Chrome.
OS VERSIONS
Win 7 (SP1) 48%
Win XP 3%
|
|
WHEN IT STARTS
Auto-starting? Yes
(Found in the run registry)
|
|
USER ACTIONS
 |
Uninstall it 83%
Keep it 17%
|
|
Windows
Which Windows OS versions does it run on?
| Windows 7 |
48.28% |
|
| Windows 10 |
44.83% |
|
| Windows Vista |
3.45% |
|
| Windows XP |
3.45% |
|
Which OS releases does it run on? |
| Windows 7 Home Premium |
34.48% |
|
| Windows 8.1 |
20.69% |
|
| Windows 8 |
13.79% |
|
| Windows 7 Professional |
10.34% |
|
| Windows Vista Home Premiu... |
3.45% |
|
| Windows 8 Single Language |
3.45% |
|
Geography
28.57% of installs come from France
Which countries install it?
| France |
28.57% |
| United States |
17.86% |
| Australia |
10.71% |
| Japan |
10.71% |
| United Kingdom |
10.71% |
| Germany |
7.14% |
| Belgium |
3.57% |
| Russia |
3.57% |
| Netherlands |
3.57% |
| Italy |
3.57% |
PC manufacturers
What PC manufacturers (OEMs) have it installed?
| Acer |
22.73% |
|
| Hewlett-Packard |
22.73% |
|
| ASUS |
13.64% |
|
| Toshiba |
9.09% |
|
| Sony |
4.55% |
|
| MSI |
4.55% |
|
| Medion |
4.55% |
|
| Lenovo |
4.55% |
|
| Intel |
4.55% |
|
| Alienware |
4.55% |
|
| American Megatrends |
4.55% |
|
Common models |
| TOSHIBA SATELLITE C855-22... |
4.00% |
|
| TOSHIBA dynabook R822/T8H... |
4.00% |
|
| Sony SVT1311EFYS |
4.00% |
|
| Packard Bell imedia S1710 |
4.00% |
|
| Packard Bell EasyNote TH... |
4.00% |
|
| MouseComputer/7Pro64 W25A... |
4.00% |
|