Updated: August 02, 2019 6:02:00 AM
Type: Potentially Unwanted App
Infection Length: Varies
Name: Safely
Version: 1.0.1
Publisher: Unknown
Risk Impact: Low
Systems Affected: Windows
Behavior
PUA.SafelyOnline is a potentially unwanted application that modifies web browser settings without user consent.
Technical Description
When the application is executed, it creates the following folders:
- %AllUsersProfile%\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebpjnjghimiofdlpnmhclanhckablllf
- %AllUsersProfile%\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebpjnjghimiofdlpnmhclanhckablllf\1.7.2_0
- %AllUsersProfile%\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebpjnjghimiofdlpnmhclanhckablllf\1.7.2_0\_metadata
- %AllUsersProfile%\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebpjnjghimiofdlpnmhclanhckablllf\1.7.2_0\frame
- %AllUsersProfile%\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebpjnjghimiofdlpnmhclanhckablllf\1.7.2_0\img
- %AllUsersProfile%\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebpjnjghimiofdlpnmhclanhckablllf\1.7.2_0\jquery
- %AllUsersProfile%\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebpjnjghimiofdlpnmhclanhckablllf\1.7.2_0\popup
The application then creates the following files:
- %AllUsersProfile%\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebpjnjghimiofdlpnmhclanhckablllf\1.7.2_0\background.js
- %AllUsersProfile%\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebpjnjghimiofdlpnmhclanhckablllf\1.7.2_0\dashboard.js
- %AllUsersProfile%\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebpjnjghimiofdlpnmhclanhckablllf\1.7.2_0\manifest.json
- %AllUsersProfile%\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebpjnjghimiofdlpnmhclanhckablllf\1.7.2_0\rate.js
Next, the application creates the following registry entry:
- HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings\”ebpjnjghimiofdlpnmhclanhckablllf” = “FC12B625F397AD5527F8C01A38E21420B8B1C5BAAF61CB221C61F740D41B4930”
The application changes the browser’s default search engine without the user’s consent. It also fails perform its advertised functionality, which is to identify malicious sites. Moreover, it is itself flagged unsafe by browsers.
Removal
You may use Anti Virus for this risk.
Before proceeding further we recommend that you run a full system scan.