BrowserModifier:Win32/Riccietex

Microsoft Defender Antivirus detects and removes this unwanted software.

This browser modifier is distributed as an installer for different applications. When launched, it displays an installation interface for the packaged application.

While installing software, this malware modifies shortcuts (.lnk files) for different web browsers, including Google Chrome, Internet Explorer, and Mozilla Firefox as well as popular Chinese browsers like UC Browser, QQ Browser, and Baidu Browser.

Opening a modified shortcut opens the browser and directs it to the following website:

hao.360.cn

Although this malware is known to install legitimate software and the website it points browsers to is legitimate, its behavior of modifying shortcuts in the background generally constitutes unexpected and unwanted behavior.

This threat is an unwanted software. An unwanted software is a program that alters your Windows experience without your consent or control. We use a set of evaluation criteria to determine what programs are classified as unwanted software. As the software ecosystem evolves, so do our evaluation criteria. To learn more, read these blog entries:

• Protecting customers from being intimidated into making an unnecessary purchase
• Cleaners ought to be clean (and clear)
• A brief discourse on ‘Changing browsing experience’
• Keeping browsing experience in users’ hands
• Keeping Browsing Experience in Users’ Hands, an Update...
• Cleaning up misleading advertisements
• Adware: A new approach