PUA.SafelyOnline

Updated: August 02, 2019 6:02:00 AM
Type: Potentially Unwanted App
Infection Length: Varies
Name: Safely
Version: 1.0.1
Publisher: Unknown
Risk Impact: Low
Systems Affected: Windows

Behavior

PUA.SafelyOnline is a potentially unwanted application that modifies web browser settings without user consent.

Technical Description

When the application is executed, it creates the following folders:

  • %AllUsersProfile%\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebpjnjghimiofdlpnmhclanhckablllf
  • %AllUsersProfile%\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebpjnjghimiofdlpnmhclanhckablllf\1.7.2_0
  • %AllUsersProfile%\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebpjnjghimiofdlpnmhclanhckablllf\1.7.2_0\_metadata
  • %AllUsersProfile%\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebpjnjghimiofdlpnmhclanhckablllf\1.7.2_0\frame
  • %AllUsersProfile%\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebpjnjghimiofdlpnmhclanhckablllf\1.7.2_0\img
  • %AllUsersProfile%\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebpjnjghimiofdlpnmhclanhckablllf\1.7.2_0\jquery
  • %AllUsersProfile%\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebpjnjghimiofdlpnmhclanhckablllf\1.7.2_0\popup

The application then creates the following files:

  • %AllUsersProfile%\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebpjnjghimiofdlpnmhclanhckablllf\1.7.2_0\background.js
  • %AllUsersProfile%\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebpjnjghimiofdlpnmhclanhckablllf\1.7.2_0\dashboard.js
  • %AllUsersProfile%\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebpjnjghimiofdlpnmhclanhckablllf\1.7.2_0\manifest.json
  • %AllUsersProfile%\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebpjnjghimiofdlpnmhclanhckablllf\1.7.2_0\rate.js

Next, the application creates the following registry entry:

  • HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings\”ebpjnjghimiofdlpnmhclanhckablllf” = “FC12B625F397AD5527F8C01A38E21420B8B1C5BAAF61CB221C61F740D41B4930”

The application changes the browser’s default search engine without the user’s consent. It also fails perform its advertised functionality, which is to identify malicious sites. Moreover, it is itself flagged unsafe by browsers.

Removal

You may use Anti Virus for this risk.

Before proceeding further we recommend that you run a full system scan.

Leave a Reply

Your email address will not be published. Required fields are marked *