Follow:

 

Adware:Win32/BetterSurf


Microsoft security software detects and removes this unwanted software.

This adware program shows ads as you browse the web.

It can be downloaded from the program's website or bundled with some third-party software installation programs.

Find out more about how and why we identify unwanted software.



What to do now

This program poses a high threat to your PC.

Remove programs

You might need to manually remove this program:

If an uninstaller is not available, does not work properly, or you do not want to use it, you can use the following free tools to detect and remove this program and other unwanted software from your PC:

You should also run a full scan. A full scan might find hidden threats.

Remove browser add-ons

You may need to remove add-ons from your browser:

Get more help

You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.

If you’re using Windows XP, see our Windows XP end of support page.

Threat behavior

Installation

Adware:Win32/BetterSurf usually arrives with software bundlers that offer free applications or games.

When run, the installer for BetterSurf adds a plugin to Internet Explorer, Firefox, and Chrome. An example of the plugin installed into Internet Explorer is as follows:

The program installs itself into one of these folders:

It creates the following files there::

  • \ch\Chrome.crx
  • \ff\Better-Surf.xpi
  • \ff\build.cmd
  • \ff\chrome\content\better-surf.js
  • \ff\chrome\content\firefox.js
  • \ff\chrome\content\overlay.xul
  • \ff\chrome.manifest
  • \ff\install.rdf
  • \ie\BetterSrf.dll

Once the Chrome plugin is installed, it creates the following folder on your PC:

  • %LOCALAPPDATA% \Google\Chrome\User Data\Default\Extensions\poheodfamflhhhdcmjfeggbgigeefaco
Behavior

BetterSurf displays ads to you as you browse the Internet, both in websites and on search engine results. In the following examples the ads in the red box are the ones from BetterSurf:

It might also sometimes redirect you from where you wanted to go, and instead ask you to install software on your PC or ask you to complete surveys.

The following is an example of a website that is designed to look similar to Windows:

Downloading and running this update might install more unwanted applications on your PC.

Recommendations

Do not install applications from untrusted sources. We recommended you download applications directly from the vendor. Downloading free applications online like video players, video codecs, and free games can expose you to a large risk of installing unwanted software at the same time.

Analysis by Geoff McDonald


Symptoms

The following could indicate that you have this program on your PC:

  • You have one of these folders:
  • You see these pop-up ads:


     

     

  • You see this add-on in Internet Explorer:


Prevention


Alert level: High
First detected by definition: 1.163.1623.0
Latest detected by definition: 1.185.3813.0 and higher
First detected on: Dec 10, 2013
This entry was first published on: Dec 05, 2013
This entry was updated on: Nov 20, 2014

This threat is also detected as:
No known aliases