Encyclopedia entry: BrowserModifier:Win32/BSaving - Learn more about malware - Microsoft Malware Protection Center

Microsoft


	BrowserModifier:Win32/BSaving (?) Encyclopedia entry Updated: Oct 08, 2012 \| Published: Oct 03, 2012 Aliases Not available Alert Level (?) High Antimalware protection details Microsoft recommends that you download the latest definitions to get protected. On this page Summary\|Symptoms\|Technical Information\|Prevention\|Recovery Summary BrowserModifier:Win32/BSaving is a browser helper object (BHO) that monitors the data you input into a browser, and sends this information to a remote server. This program may redirect browser traffic (such as search queries and website visits) without your knowledge. Top Symptoms System changes The following system changes may indicate the presence of BrowserModifier:Win32/BSaving: The presence of the following files: %ProgramFiles%\bSaving %ProgramFiles%\bSaving\7e872ee05f4e7d624a73ecedd6b62867.dll %ProgramFiles%\bSaving\uninst.exe The presence of the following registry entries: In subkey: HKLM\SOFTWARE\Classes\CLSID\{GUID} Sets value: "@" With data: "bSaving" In subkey: HKLM\SOFTWARE\Classes\CLSID\{GUID}\InProcServer32 Sets value: "@" With data: "C:\Program Files\bSaving\7e872ee05f4e7d624a73ecedd6b62867.dll" Sets value: "ThreadingModel" With data: "Apartment" Top Technical Information (Analysis) BrowserModifier:Win32/BSaving is a browser helper object (BHO) that monitors the data you input into a browser, and sends this information to a remote server. This program may redirect browser traffic (such as search queries and website visits) without your knowledge. Installation BrowserModifier:Win32/BSaving creates the following files on your computer: %ProgramFiles%\bSaving %ProgramFiles%\bSaving\7e872ee05f4e7d624a73ecedd6b62867.dll %ProgramFiles%\bSaving\uninst.exe As part of its installation, it creates the following registry entries, so that it starts each time you open you browser: In subkey: HKLM\SOFTWARE\Classes\CLSID\{GUID} Sets value: "@" With data: "bSaving" In subkey: HKLM\SOFTWARE\Classes\CLSID\{GUID}\InProcServer32 Sets value: "@" With data: "C:\Program Files\bSaving\7e872ee05f4e7d624a73ecedd6b62867.dll" Sets value: "ThreadingModel" With data: "Apartment" The BHO can be seen in the Manage Add-ons window, as in the screenshot below: Analysis by Ferdinand Plazo Top Prevention Follow these general security tips to better protect your computer. Top Recovery To detect and remove this program and other potentially unwanted software that may be installed in your computer, run a full-system scan with an up-to-date antispyware product such as the following: Microsoft Security Essentials or, for Windows 8, Windows Defender Microsoft Safety Scanner Windows Defender Top


	Provide feedback Please note: While your feedback is very important to us, we do not respond to individual submissions through this channel. Feedback, requests, or questions submitted through this form are monitored, however responses are not generated. If you require support, please visit the Safety & Security Center.