Follow:

 

Adware:Win32/InvisibleBrowser


Microsoft security software detects and removes this unwanted software.

This adware program shows ads as you browse the web.

You can see examples of these ads on the Technical information tab.

It can be bundled with some third-party software installation programs.



What to do now

This program poses a high threat to your PC.

Remove programs

You might need to manually remove this program:

If an uninstaller is not available, does not work properly, or you do not want to use it, you can use the following free tools to detect and remove this program and other unwanted software from your PC:

You should also run a full scan. A full scan might find other, hidden threats.

Get more help

You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.

If you’re using Windows XP, see our Windows XP end of support page.

Threat behavior

Installation

Adware:Win32/InvisibleBrowser is usually installed on your PC at the same time as other software. We have seen the following installer file names used by this program:

  • Chrome_Setup.exe
  • Flash_Player_Pro_Setup.exe
  • Flash_Player_Pro_Update_Setup.exe
  • flash1-tr-60614.exe
  • Flash-3-Update5232014.exe
  • flashplayerpro-setup.exe
  • FreeFlash.exe
  • fupm-adk-v2.exe
  • iTunes-Setup.exe
  • Java_Updater_Setup.exe
  • java1-adk-52714.exe
  • Java-2-Update5232014.exe
  • JavaUpdateTR.exe

The installation program might look like the following:

After the installation, the installer might tell you it has successfully installed an update, however it has actually installed another component onto your PC.

We have this program installed in the following locations:

It modifies the following registry entry so that it runs each time you start your PC:

In subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Sets value: "<value>"
With data: "<path to malware>"

Where <value> is a random word. Examples of this registry entry include:

In subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Sets value: "Win32 CVS Monitor"
With data: "C:\Program Files\Software Guardian\cvsmon32.exe"

In subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Sets value: "Windows Client Manager"
With data: "C:\Program Files\Flash Update\winclient32.exe"

In subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Sets value: "Windows FUPM Service Manager"
With data: "C:\Program Files\Premium Software\systerm32.exe"

In subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Sets value: "Win32 BCS Monitor"
With data: "C:\Program Files\SystemShield Pro\bcsmon32.exe"

In subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Sets value: "Windows System Monitor "
With data: "C:\Program Files\VLC Media Player Installer\system32.exe"

It might also create similar registry entries at the following locations:

  • HKEY_CURRENT_USER\Software\AutoPopper 
  • HKEY_CURRENT_USER\Software\UpdateFiles 
  • HKEY_CURRENT_USER\Software\UpdateSoft 
Behavior

Monitors your online activity

This program can monitor the following web browsers:

  • Chrome
  • Firefox
  • IE
  • Netscape

It collects all accessed URLs and sends this information to its servers via HTTP. We have seen it access the following URLs:

  • a.turboclk.com/a.php?key=<key>&url=<url>
  • a.turboclk.com/ac.php?key=<key>&comp=true&k=<url>

Where <key> is a random value and <url> is the URL accessed from the Web browser address bar.

Displays advertisements

We have seen this program showing unattributed ads that might look like those shown below:

 


Symptoms

The following could indicate that you have this program on your PC:

  • You have these files:

%ProgramFiles% \Flash Component Manager\srvhelper32.exe

%ProgramFiles% \Flash Update\winclient32.exe

%ProgramFiles% \FlashLive! Updater\flsystem32.exe

%ProgramFiles% \Java Update\javaclient32.exe

%ProgramFiles% \JavaLive! Manager\jvsystem32.exe

%ProgramFiles% \Premium Software\systerm32.exe

%ProgramFiles% \Software Guardian\cvsmon32.exe

%ProgramFiles% \SystemShield Pro\bcsmon32.exe

%ProgramFiles% \VLC Media Player Installer\system32.exe

  • You see these entries or keys in your registry:
     

    In subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Sets value: "Win32 CVS Monitor"
    With data: "C:\Program Files\Software Guardian\cvsmon32.exe"

    In subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Sets value: "Windows Client Manager"
    With data: "C:\Program Files\Flash Update\winclient32.exe"

    In subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Sets value: "Windows FUPM Service Manager"
    With data: "C:\Program Files\Premium Software\systerm32.exe"

    In subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Sets value: "Win32 BCS Monitor"
    With data: "C:\Program Files\SystemShield Pro\bcsmon32.exe"

    In subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Sets value: "Windows System Monitor "
    With data: "C:\Program Files\VLC Media Player Installer\system32.exe"


Prevention


Alert level: High
First detected by definition: 1.179.997.0
Latest detected by definition: 1.183.52.0 and higher
First detected on: Jul 24, 2014
This entry was first published on: Jun 23, 2014
This entry was updated on: Aug 22, 2014

This threat is also detected as:
No known aliases