Malware Information Initiative (MII) Top 10

Total percentage of the top 10: 23.18 %

RankNamePercentage Malware distribution by percentage within the top 10
1Script.Adware.DealPly.G6.22 % Top10 Chart

The malware family DealPly belongs to the category Adware. This tool is often bundled with some third-party installation program and thereby possibly unintentionally installed by the user (Potentially Unwanted Program = PUP). The tool installs itself as browser helper object (BHO)/extension/add-on to the popular browsers if any of these is installed. DealPly monitors browsed pages for displaying advertisements of deals for various products and businesses, like discount coupons, on every page the user visits.

Win32.Application.OpenCandy.G is a Potentially Unwanted Program (PUP). It is installed alongside various legitimate freeware like DVD player, PDF reader, archiver and more, which have been bundled with the unwanted extra. The software detected as Win32.Application.OpenCandy.G is developed by SweetLabs, a company based in San Diego, USA. This PUP modifies the browser’s behavior, by changing its home page and search engine settings, it redirects the user to potentially unwanted websites and also displays pop-ups. The purpose of the modification: generate revenue by displaying advertisements.

BrowseFox is an adware family which disguises in many different programs, such as SwiftBrowse, MarketResearchHelper, SmarterPower, CommonShare, MegaBrowse, SpecialBox, NetCrawl, ClearThink, JumpFlip, BringStar, SmarterPower, WiseEnhance, EnterDigital, FramedDisplay, DigiHelp, RockTurner, InfiniNet, …
Those programs are usually installed without proper user consent, via third party installers. It installs add-ons to Microsoft's Internet Explorer, Mozilla Firefox and Google Chrome but also installs a local proxy, a driver and a service. BrowseFox and its variants also change the browser's start page and search engine. Advertisements are injected into websites the user visits but also on the start page as well as in pop-ups.

This detection is shown for an installer of the company Freemium GmbH. The company offers bundling of software with additional products. The resulting installer does not only bring the software initially desired but also potentially unwanted programs as an addition.

Win32.Adware.OpenCandy.O is a Potentially Unwanted Program (PUP). This program is included in other legitimate applications in order to generate money for the distributor by showing advertisements. The application is developed by a company called OpenCandy.
This application modifies the browser’s behavior by changing its home page and the search engine. Ad Pop-ups are displayed to the user of the infected machine.

Adware.BrowseFox.BU is the detection of a potentially unwanted program (PUP). It installs plug-ins into Microsoft's Internet Explorer and Google's Chrome, which changes the browsers' settings to generate profit for the attackers. The plug-ins change the start page and the default search engine as well as the browsers' security settings to prepare the browser for the following actions: During the browser use, JavaScripts are injected into the visited websites, to show advertisements.

Adware.Agent.PJT is the detection of a potentially unwanted program (PUP), especially browser add-ons. They are brought onto the machines via e.g. installers like Opencandy, Installcore or similar packages. The software changes the browser's start page as well as the user's default search engine and also the browser's security settings. This ensures the possibility to inject ads into the visited websites. Futhermore, services and drivers are installed to ensure control of the network traffic and remain on the PC (persistence).
Some examples of such software: MarketResearchHelper|SmarterPower|CommonShare|MegaBrowse|SpecialBox|NetCrawl| ClearThink|JumpFlip|BringStar|SmarterPower|WiseEnhance|EnterDigital|FramedDisplay|DigiHelp|RockTurner|InfiniNet|…

The detection Win32.Application.ThunderN.A shows that a potentially unwanted program (PUP) has been identified on the computer or is about to be installed. ThunderN stands for the company name ShenZhen Thunder Networking Technologies Ltd., which distributes a number of programs with potentially unwanted additions. The use of opt-out practices, installation of browser add-ons and the change of the browser's start page are only a few reasons that classify the respective software as PUP.

Win32.Adware.IObit.A is a rogue spyware removal tool. The author of the tool tries to persuade the user to buy the full version of the tool. To scare the user, the application displays popups which suggest that the machine is infected with several malware families, even if the machine is perfectly clean. The user must pay for the full version in order to clean the unreal malware.

This detections stands for a part of a backdoor which is supposed to ensure attackers' long-term access to an infected system. The malware disables the Microsoft-Windows-LUA function. This means that it can download further components and execute them with elevated privileges without any notification to the user. Furthermore, it adds itself as a service to the system and creates a respective auto start entry to remain persistent in the system, e.g. to survive a reboot. The malware disguises as popular program, e.g. using an iTunes icon, or as Windows system file.

2Win32.Application.OpenCandy.G3.28 % Top10 Chart
3Gen:Adware.BrowseFox.13.27 % Top10 Chart
4Gen:Variant.Application.Bundler.DownloadGuide.112.44 % Top10 Chart
5Win32.Application.OpenCandy.O1.67 % Top10 Chart
6Adware.BrowseFox.BU1.45 % Top10 Chart
7Adware.Agent.PJT1.28 % Top10 Chart
8Win32.Application.ThunderN.A1.28 % Top10 Chart
9Win32.Adware.IObit.A1.20 % Top10 Chart
10Gen:Variant.Graftor.97181.09 % Top10 Chart

Methodology

The Malware Information Initiative (MII) relies on the power of the online community and any customer that purchases a G DATA security solution can take part in this initiative. The prerequisite for this is that they must have activated this function in their G DATA program. If a computer malware attack is fended off, a completely anonymous report of this event is sent to G DATA SecurityLabs. The data about the malware is collected and statistically assessed by G DATA SecurityLabs.

Total percentage of the top 10: 25.37 %

RankNamePercentage Malware distribution by percentage within the top 10
1Script.Adware.DealPly.G8.84 % Top10 Chart

The malware family DealPly belongs to the category Adware. This tool is often bundled with some third-party installation program and thereby possibly unintentionally installed by the user (Potentially Unwanted Program = PUP). The tool installs itself as browser helper object (BHO)/extension/add-on to the popular browsers if any of these is installed. DealPly monitors browsed pages for displaying advertisements of deals for various products and businesses, like discount coupons, on every page the user visits.

BrowseFox is an adware family which disguises in many different programs, such as SwiftBrowse, MarketResearchHelper, SmarterPower, CommonShare, MegaBrowse, SpecialBox, NetCrawl, ClearThink, JumpFlip, BringStar, SmarterPower, WiseEnhance, EnterDigital, FramedDisplay, DigiHelp, RockTurner, InfiniNet, …
Those programs are usually installed without proper user consent, via third party installers. It installs add-ons to Microsoft's Internet Explorer, Mozilla Firefox and Google Chrome but also installs a local proxy, a driver and a service. BrowseFox and its variants also change the browser's start page and search engine. Advertisements are injected into websites the user visits but also on the start page as well as in pop-ups.

Win32.Application.OpenCandy.G is a Potentially Unwanted Program (PUP). It is installed alongside various legitimate freeware like DVD player, PDF reader, archiver and more, which have been bundled with the unwanted extra. The software detected as Win32.Application.OpenCandy.G is developed by SweetLabs, a company based in San Diego, USA. This PUP modifies the browser’s behavior, by changing its home page and search engine settings, it redirects the user to potentially unwanted websites and also displays pop-ups. The purpose of the modification: generate revenue by displaying advertisements.

Adware.BrowseFox.BU is the detection of a potentially unwanted program (PUP). It installs plug-ins into Microsoft's Internet Explorer and Google's Chrome, which changes the browsers' settings to generate profit for the attackers. The plug-ins change the start page and the default search engine as well as the browsers' security settings to prepare the browser for the following actions: During the browser use, JavaScripts are injected into the visited websites, to show advertisements.

Adware.Agent.PJT is the detection of a potentially unwanted program (PUP), especially browser add-ons. They are brought onto the machines via e.g. installers like Opencandy, Installcore or similar packages. The software changes the browser's start page as well as the user's default search engine and also the browser's security settings. This ensures the possibility to inject ads into the visited websites. Futhermore, services and drivers are installed to ensure control of the network traffic and remain on the PC (persistence).
Some examples of such software: MarketResearchHelper|SmarterPower|CommonShare|MegaBrowse|SpecialBox|NetCrawl| ClearThink|JumpFlip|BringStar|SmarterPower|WiseEnhance|EnterDigital|FramedDisplay|DigiHelp|RockTurner|InfiniNet|…

Win32.Adware.OpenCandy.O is a Potentially Unwanted Program (PUP). This program is included in other legitimate applications in order to generate money for the distributor by showing advertisements. The application is developed by a company called OpenCandy.
This application modifies the browser’s behavior by changing its home page and the search engine. Ad Pop-ups are displayed to the user of the infected machine.

Win32.Adware.IObit.A is a rogue spyware removal tool. The author of the tool tries to persuade the user to buy the full version of the tool. To scare the user, the application displays popups which suggest that the machine is infected with several malware families, even if the machine is perfectly clean. The user must pay for the full version in order to clean the unreal malware.

Script.Malware.Redirector.AA is code that attackers install on e.g. hacked webservers. They embed this code into websites lying on those servers. Its purpose is to automatically redirect website visitors to websites with malicious content., e.g. exploits. The URLs the visitor is redirected to are obfuscated.

The detection Win32.Application.ThunderN.A shows that a potentially unwanted program (PUP) has been identified on the computer or is about to be installed. ThunderN stands for the company name ShenZhen Thunder Networking Technologies Ltd., which distributes a number of programs with potentially unwanted additions. The use of opt-out practices, installation of browser add-ons and the change of the browser's start page are only a few reasons that classify the respective software as PUP.

This detection is shown for an installer of the company Freemium GmbH. The company offers bundling of software with additional products. The resulting installer does not only bring the software initially desired but also potentially unwanted programs as an addition.

2Gen:Adware.BrowseFox.13.14 % Top10 Chart
3Win32.Application.OpenCandy.G3.08 % Top10 Chart
4Adware.BrowseFox.BU1.91 % Top10 Chart
5Adware.Agent.PJT1.73 % Top10 Chart
6Win32.Application.OpenCandy.O1.53 % Top10 Chart
7Win32.Adware.IObit.A1.38 % Top10 Chart
8Script.Malware.Redirector.AA1.38 % Top10 Chart
9Win32.Application.ThunderN.A1.28 % Top10 Chart
10Gen:Variant.Application.Bundler.DownloadGuide.111.10 % Top10 Chart

Methodology

The Malware Information Initiative (MII) relies on the power of the online community and any customer that purchases a G DATA security solution can take part in this initiative. The prerequisite for this is that they must have activated this function in their G DATA program. If a computer malware attack is fended off, a completely anonymous report of this event is sent to G DATA SecurityLabs. The data about the malware is collected and statistically assessed by G DATA SecurityLabs.

Total percentage of the top 10: 28.01 %

RankNamePercentage Malware distribution by percentage within the top 10
1Script.Adware.DealPly.G10.90 % Top10 Chart

The malware family DealPly belongs to the category Adware. This tool is often bundled with some third-party installation program and thereby possibly unintentionally installed by the user (Potentially Unwanted Program = PUP). The tool installs itself as browser helper object (BHO)/extension/add-on to the popular browsers if any of these is installed. DealPly monitors browsed pages for displaying advertisements of deals for various products and businesses, like discount coupons, on every page the user visits.

Win32.Application.OpenCandy.G is a Potentially Unwanted Program (PUP). It is installed alongside various legitimate freeware like DVD player, PDF reader, archiver and more, which have been bundled with the unwanted extra. The software detected as Win32.Application.OpenCandy.G is developed by SweetLabs, a company based in San Diego, USA. This PUP modifies the browser’s behavior, by changing its home page and search engine settings, it redirects the user to potentially unwanted websites and also displays pop-ups. The purpose of the modification: generate revenue by displaying advertisements.

BrowseFox is an adware family which disguises in many different programs, such as SwiftBrowse, MarketResearchHelper, SmarterPower, CommonShare, MegaBrowse, SpecialBox, NetCrawl, ClearThink, JumpFlip, BringStar, SmarterPower, WiseEnhance, EnterDigital, FramedDisplay, DigiHelp, RockTurner, InfiniNet, …
Those programs are usually installed without proper user consent, via third party installers. It installs add-ons to Microsoft's Internet Explorer, Mozilla Firefox and Google Chrome but also installs a local proxy, a driver and a service. BrowseFox and its variants also change the browser's start page and search engine. Advertisements are injected into websites the user visits but also on the start page as well as in pop-ups.

Adware.BrowseFox.BU is the detection of a potentially unwanted program (PUP). It installs plug-ins into Microsoft's Internet Explorer and Google's Chrome, which changes the browsers' settings to generate profit for the attackers. The plug-ins change the start page and the default search engine as well as the browsers' security settings to prepare the browser for the following actions: During the browser use, JavaScripts are injected into the visited websites, to show advertisements.

Adware.Agent.PJT is the detection of a potentially unwanted program (PUP), especially browser add-ons. They are brought onto the machines via e.g. installers like Opencandy, Installcore or similar packages. The software changes the browser's start page as well as the user's default search engine and also the browser's security settings. This ensures the possibility to inject ads into the visited websites. Futhermore, services and drivers are installed to ensure control of the network traffic and remain on the PC (persistence).
Some examples of such software: MarketResearchHelper|SmarterPower|CommonShare|MegaBrowse|SpecialBox|NetCrawl| ClearThink|JumpFlip|BringStar|SmarterPower|WiseEnhance|EnterDigital|FramedDisplay|DigiHelp|RockTurner|InfiniNet|…

Win32.Adware.IObit.A is a rogue spyware removal tool. The author of the tool tries to persuade the user to buy the full version of the tool. To scare the user, the application displays popups which suggest that the machine is infected with several malware families, even if the machine is perfectly clean. The user must pay for the full version in order to clean the unreal malware.

Win32.Adware.OpenCandy.O is a Potentially Unwanted Program (PUP). This program is included in other legitimate applications in order to generate money for the distributor by showing advertisements. The application is developed by a company called OpenCandy.
This application modifies the browser’s behavior by changing its home page and the search engine. Ad Pop-ups are displayed to the user of the infected machine.

NSIS.Application.OpenCandy.B is the detection for a potentially unwanted program (PUP) going by the name of OpenCandy. In this case, it comes bundled with an installer for ImgBurn, a software to burn CDs and DVDs.
This application modifies the browser’s behavior by changing its home page and the search engine. Ad Pop-ups are displayed to the user of the infected machine. The purpose of the modification: generate revenue by displaying advertisements.

Script.Malware.Redirector.AA is code that attackers install on e.g. hacked webservers. They embed this code into websites lying on those servers. Its purpose is to automatically redirect website visitors to websites with malicious content., e.g. exploits. The URLs the visitor is redirected to are obfuscated.

In case the scanner detects something as Win32.Adware.StartpageLnk.A@gen, a potentially unwanted program (PUP) has changed the start page parameters of Google's Chrome, Mozilla's Firefox and/or Microsoft's Internet Explorer. The changes have not (only) been made within the browser but within the browser's Windows shortcut. Shortcuts to programs are usually created on the Desktop, e.g. to open a new browser window. A click onto such a manipulated shortcut then opens a website as start page which the PUP inserted and not the start page the user usually wishes to see. Opening the PUP's start page generates profit for the evildoers.

2Win32.Application.OpenCandy.G3.37 % Top10 Chart
3Gen:Adware.BrowseFox.13.01 % Top10 Chart
4Adware.BrowseFox.BU2.38 % Top10 Chart
5Adware.Agent.PJT2.23 % Top10 Chart
6Win32.Adware.IObit.A1.72 % Top10 Chart
7Win32.Application.OpenCandy.O1.47 % Top10 Chart
8NSIS.Application.OpenCandy.B0.98 % Top10 Chart
9Script.Malware.Redirector.AA0.98 % Top10 Chart
10Win32.Adware.StartpageLnk.A@gen0.97 % Top10 Chart

Methodology

The Malware Information Initiative (MII) relies on the power of the online community and any customer that purchases a G DATA security solution can take part in this initiative. The prerequisite for this is that they must have activated this function in their G DATA program. If a computer malware attack is fended off, a completely anonymous report of this event is sent to G DATA SecurityLabs. The data about the malware is collected and statistically assessed by G DATA SecurityLabs.

Total percentage of the top 10: 32.94 %

RankNamePercentage Malware distribution by percentage within the top 10
1Script.Adware.DealPly.G15.21 % Top10 Chart

The malware family DealPly belongs to the category Adware. This tool is often bundled with some third-party installation program and thereby possibly unintentionally installed by the user (Potentially Unwanted Program = PUP). The tool installs itself as browser helper object (BHO)/extension/add-on to the popular browsers if any of these is installed. DealPly monitors browsed pages for displaying advertisements of deals for various products and businesses, like discount coupons, on every page the user visits.

Win32.Application.OpenCandy.G is a Potentially Unwanted Program (PUP). It is installed alongside various legitimate freeware like DVD player, PDF reader, archiver and more, which have been bundled with the unwanted extra. The software detected as Win32.Application.OpenCandy.G is developed by SweetLabs, a company based in San Diego, USA. This PUP modifies the browser’s behavior, by changing its home page and search engine settings, it redirects the user to potentially unwanted websites and also displays pop-ups. The purpose of the modification: generate revenue by displaying advertisements.

BrowseFox is an adware family which disguises in many different programs, such as SwiftBrowse, MarketResearchHelper, SmarterPower, CommonShare, MegaBrowse, SpecialBox, NetCrawl, ClearThink, JumpFlip, BringStar, SmarterPower, WiseEnhance, EnterDigital, FramedDisplay, DigiHelp, RockTurner, InfiniNet, …
Those programs are usually installed without proper user consent, via third party installers. It installs add-ons to Microsoft's Internet Explorer, Mozilla Firefox and Google Chrome but also installs a local proxy, a driver and a service. BrowseFox and its variants also change the browser's start page and search engine. Advertisements are injected into websites the user visits but also on the start page as well as in pop-ups.

Win32.Adware.IObit.A is a rogue spyware removal tool. The author of the tool tries to persuade the user to buy the full version of the tool. To scare the user, the application displays popups which suggest that the machine is infected with several malware families, even if the machine is perfectly clean. The user must pay for the full version in order to clean the unreal malware.

Script.Application.Plush.D is a JavaScript used by Gen:Adware.Plush.1. It injects ad banners and pop-ups with ads into the browser.
As one example, we have seen it disguised in an application which promises the user to automatically switch the quality of all videos viewed on popular online platforms to HD. Instead, it will show ads in various forms.

Adware.BrowseFox.BU is the detection of a potentially unwanted program (PUP). It installs plug-ins into Microsoft's Internet Explorer and Google's Chrome, which changes the browsers' settings to generate profit for the attackers. The plug-ins change the start page and the default search engine as well as the browsers' security settings to prepare the browser for the following actions: During the browser use, JavaScripts are injected into the visited websites, to show advertisements.

Adware.Agent.PJT is the detection of a potentially unwanted program (PUP), especially browser add-ons. They are brought onto the machines via e.g. installers like Opencandy, Installcore or similar packages. The software changes the browser's start page as well as the user's default search engine and also the browser's security settings. This ensures the possibility to inject ads into the visited websites. Futhermore, services and drivers are installed to ensure control of the network traffic and remain on the PC (persistence).
Some examples of such software: MarketResearchHelper|SmarterPower|CommonShare|MegaBrowse|SpecialBox|NetCrawl| ClearThink|JumpFlip|BringStar|SmarterPower|WiseEnhance|EnterDigital|FramedDisplay|DigiHelp|RockTurner|InfiniNet|…

Win32.Adware.OpenCandy.O is a Potentially Unwanted Program (PUP). This program is included in other legitimate applications in order to generate money for the distributor by showing advertisements. The application is developed by a company called OpenCandy.
This application modifies the browser’s behavior by changing its home page and the search engine. Ad Pop-ups are displayed to the user of the infected machine.

Script.Spyware.Skrum.A is an add-on for Mozilla's Firefox browser. It gets installed without the user's permission. It sends reports about other add-ons installed in Firefox to the outside; therefore spies on the user.

Script.Malware.Redirector.AA is code that attackers install on e.g. hacked webservers. They embed this code into websites lying on those servers. Its purpose is to automatically redirect website visitors to websites with malicious content., e.g. exploits. The URLs the visitor is redirected to are obfuscated.

2Win32.Application.OpenCandy.G3.11 % Top10 Chart
3Gen:Adware.BrowseFox.12.66 % Top10 Chart
4Win32.Adware.IObit.A2.35 % Top10 Chart
5Script.Application.Plush.D2.33 % Top10 Chart
6Adware.BrowseFox.BU2.01 % Top10 Chart
7Adware.Agent.PJT1.86 % Top10 Chart
8Win32.Application.OpenCandy.O1.44 % Top10 Chart
9Script.Spyware.Skrum.A1.08 % Top10 Chart
10Script.Malware.Redirector.AA0.89 % Top10 Chart

Methodology

The Malware Information Initiative (MII) relies on the power of the online community and any customer that purchases a G DATA security solution can take part in this initiative. The prerequisite for this is that they must have activated this function in their G DATA program. If a computer malware attack is fended off, a completely anonymous report of this event is sent to G DATA SecurityLabs. The data about the malware is collected and statistically assessed by G DATA SecurityLabs.

Total percentage of the top 10: 37.47 %

RankNamePercentage Malware distribution by percentage within the top 10
1Script.Adware.DealPly.G19.45 % Top10 Chart

The malware family DealPly belongs to the category Adware. This tool is often bundled with some third-party installation program and thereby possibly unintentionally installed by the user (Potentially Unwanted Program = PUP). The tool installs itself as browser helper object (BHO)/extension/add-on to the popular browsers if any of these is installed. DealPly monitors browsed pages for displaying advertisements of deals for various products and businesses, like discount coupons, on every page the user visits.

Win32.Application.OpenCandy.G is a Potentially Unwanted Program (PUP). It is installed alongside various legitimate freeware like DVD player, PDF reader, archiver and more, which have been bundled with the unwanted extra. The software detected as Win32.Application.OpenCandy.G is developed by SweetLabs, a company based in San Diego, USA. This PUP modifies the browser’s behavior, by changing its home page and search engine settings, it redirects the user to potentially unwanted websites and also displays pop-ups. The purpose of the modification: generate revenue by displaying advertisements.

Script.Application.Plush.D is a JavaScript used by Gen:Adware.Plush.1. It injects ad banners and pop-ups with ads into the browser.
As one example, we have seen it disguised in an application which promises the user to automatically switch the quality of all videos viewed on popular online platforms to HD. Instead, it will show ads in various forms.

BrowseFox is an adware family which disguises in many different programs, such as SwiftBrowse, MarketResearchHelper, SmarterPower, CommonShare, MegaBrowse, SpecialBox, NetCrawl, ClearThink, JumpFlip, BringStar, SmarterPower, WiseEnhance, EnterDigital, FramedDisplay, DigiHelp, RockTurner, InfiniNet, …
Those programs are usually installed without proper user consent, via third party installers. It installs add-ons to Microsoft's Internet Explorer, Mozilla Firefox and Google Chrome but also installs a local proxy, a driver and a service. BrowseFox and its variants also change the browser's start page and search engine. Advertisements are injected into websites the user visits but also on the start page as well as in pop-ups.

Adware.BrowseFox.BU is the detection of a potentially unwanted program (PUP). It installs plug-ins into Microsoft's Internet Explorer and Google's Chrome, which changes the browsers' settings to generate profit for the attackers. The plug-ins change the start page and the default search engine as well as the browsers' security settings to prepare the browser for the following actions: During the browser use, JavaScripts are injected into the visited websites, to show advertisements.

Script.Spyware.Skrum.A is an add-on for Mozilla's Firefox browser. It gets installed without the user's permission. It sends reports about other add-ons installed in Firefox to the outside; therefore spies on the user.

Adware.Agent.PJT is the detection of a potentially unwanted program (PUP), especially browser add-ons. They are brought onto the machines via e.g. installers like Opencandy, Installcore or similar packages. The software changes the browser's start page as well as the user's default search engine and also the browser's security settings. This ensures the possibility to inject ads into the visited websites. Futhermore, services and drivers are installed to ensure control of the network traffic and remain on the PC (persistence).
Some examples of such software: MarketResearchHelper|SmarterPower|CommonShare|MegaBrowse|SpecialBox|NetCrawl| ClearThink|JumpFlip|BringStar|SmarterPower|WiseEnhance|EnterDigital|FramedDisplay|DigiHelp|RockTurner|InfiniNet|…

Win32.Adware.IObit.A is a rogue spyware removal tool. The author of the tool tries to persuade the user to buy the full version of the tool. To scare the user, the application displays popups which suggest that the machine is infected with several malware families, even if the machine is perfectly clean. The user must pay for the full version in order to clean the unreal malware.

Win32.Adware.OpenCandy.O is a Potentially Unwanted Program (PUP). This program is included in other legitimate applications in order to generate money for the distributor by showing advertisements. The application is developed by a company called OpenCandy.
This application modifies the browser’s behavior by changing its home page and the search engine. Ad Pop-ups are displayed to the user of the infected machine.

Script.Malware.Redirector.AA is code that attackers install on e.g. hacked webservers. They embed this code into websites lying on those servers. Its purpose is to automatically redirect website visitors to websites with malicious content., e.g. exploits. The URLs the visitor is redirected to are obfuscated.

2Win32.Application.OpenCandy.G3.35 % Top10 Chart
3Script.Application.Plush.D2.78 % Top10 Chart
4Gen:Adware.BrowseFox.12.32 % Top10 Chart
5Adware.BrowseFox.BU1.97 % Top10 Chart
6Script.Spyware.Skrum.A1.89 % Top10 Chart
7Adware.Agent.PJT1.79 % Top10 Chart
8Win32.Adware.IObit.A1.68 % Top10 Chart
9Win32.Application.OpenCandy.O1.33 % Top10 Chart
10Script.Malware.Redirector.AA0.91 % Top10 Chart

Methodology

The Malware Information Initiative (MII) relies on the power of the online community and any customer that purchases a G DATA security solution can take part in this initiative. The prerequisite for this is that they must have activated this function in their G DATA program. If a computer malware attack is fended off, a completely anonymous report of this event is sent to G DATA SecurityLabs. The data about the malware is collected and statistically assessed by G DATA SecurityLabs.

Total percentage of the top 10: 44.18 %

RankNamePercentage Malware distribution by percentage within the top 10
1Script.Adware.DealPly.G24.51 % Top10 Chart

The malware family DealPly belongs to the category Adware. This tool is often bundled with some third-party installation program and thereby possibly unintentionally installed by the user (Potentially Unwanted Program = PUP). The tool installs itself as browser helper object (BHO)/extension/add-on to the popular browsers if any of these is installed. DealPly monitors browsed pages for displaying advertisements of deals for various products and businesses, like discount coupons, on every page the user visits.

Script.Application.Plush.D is a JavaScript used by Gen:Adware.Plush.1. It injects ad banners and pop-ups with ads into the browser.
As one example, we have seen it disguised in an application which promises the user to automatically switch the quality of all videos viewed on popular online platforms to HD. Instead, it will show ads in various forms.

Script.Adware.VBates.A is an adware which gets installed by third party installers, without the user's consent. It gathers information about visited websites and will inject advertisements, including alternative offers for similar products, in case the user shows interest in purchasing in a webstore.
Some installations of Script.Adware.VBates.A may re-install themselves after the user has deleted them, using a scheduled task or autorun.

Win32.Application.OpenCandy.G is a Potentially Unwanted Program (PUP). It is installed alongside various legitimate freeware like DVD player, PDF reader, archiver and more, which have been bundled with the unwanted extra. The software detected as Win32.Application.OpenCandy.G is developed by SweetLabs, a company based in San Diego, USA. This PUP modifies the browser’s behavior, by changing its home page and search engine settings, it redirects the user to potentially unwanted websites and also displays pop-ups. The purpose of the modification: generate revenue by displaying advertisements.

Script.Spyware.Skrum.A is an add-on for Mozilla's Firefox browser. It gets installed without the user's permission. It sends reports about other add-ons installed in Firefox to the outside; therefore spies on the user.

Adware.BrowseFox.BU is the detection of a potentially unwanted program (PUP). It installs plug-ins into Microsoft's Internet Explorer and Google's Chrome, which changes the browsers' settings to generate profit for the attackers. The plug-ins change the start page and the default search engine as well as the browsers' security settings to prepare the browser for the following actions: During the browser use, JavaScripts are injected into the visited websites, to show advertisements.

Adware.Agent.PJT is the detection of a potentially unwanted program (PUP), especially browser add-ons. They are brought onto the machines via e.g. installers like Opencandy, Installcore or similar packages. The software changes the browser's start page as well as the user's default search engine and also the browser's security settings. This ensures the possibility to inject ads into the visited websites. Futhermore, services and drivers are installed to ensure control of the network traffic and remain on the PC (persistence).
Some examples of such software: MarketResearchHelper|SmarterPower|CommonShare|MegaBrowse|SpecialBox|NetCrawl| ClearThink|JumpFlip|BringStar|SmarterPower|WiseEnhance|EnterDigital|FramedDisplay|DigiHelp|RockTurner|InfiniNet|…

Win32.Adware.IObit.A is a rogue spyware removal tool. The author of the tool tries to persuade the user to buy the full version of the tool. To scare the user, the application displays popups which suggest that the machine is infected with several malware families, even if the machine is perfectly clean. The user must pay for the full version in order to clean the unreal malware.

Win32.Adware.OpenCandy.O is a Potentially Unwanted Program (PUP). This program is included in other legitimate applications in order to generate money for the distributor by showing advertisements. The application is developed by a company called OpenCandy.
This application modifies the browser’s behavior by changing its home page and the search engine. Ad Pop-ups are displayed to the user of the infected machine.

BrowseFox is an adware family which disguises in many different programs, such as SwiftBrowse, MarketResearchHelper, SmarterPower, CommonShare, MegaBrowse, SpecialBox, NetCrawl, ClearThink, JumpFlip, BringStar, SmarterPower, WiseEnhance, EnterDigital, FramedDisplay, DigiHelp, RockTurner, InfiniNet, …
Those programs are usually installed without proper user consent, via third party installers. It installs add-ons to Microsoft's Internet Explorer, Mozilla Firefox and Google Chrome but also installs a local proxy, a driver and a service. BrowseFox and its variants also change the browser's start page and search engine. Advertisements are injected into websites the user visits but also on the start page as well as in pop-ups.

2Script.Application.Plush.D4.23 % Top10 Chart
3Script.Adware.VBates.A3.62 % Top10 Chart
4Win32.Application.OpenCandy.G2.91 % Top10 Chart
5Script.Spyware.Skrum.A1.97 % Top10 Chart
6Adware.BrowseFox.BU1.75 % Top10 Chart
7Adware.Agent.PJT1.62 % Top10 Chart
8Win32.Adware.IObit.A1.22 % Top10 Chart
9Win32.Application.OpenCandy.O1.20 % Top10 Chart
10Gen:Adware.BrowseFox.11.15 % Top10 Chart

Methodology

The Malware Information Initiative (MII) relies on the power of the online community and any customer that purchases a G DATA security solution can take part in this initiative. The prerequisite for this is that they must have activated this function in their G DATA program. If a computer malware attack is fended off, a completely anonymous report of this event is sent to G DATA SecurityLabs. The data about the malware is collected and statistically assessed by G DATA SecurityLabs.

Total percentage of the top 10: 44.9 %

RankNamePercentage Malware distribution by percentage within the top 10
1Script.Adware.DealPly.G24.58 % Top10 Chart

The malware family DealPly belongs to the category Adware. This tool is often bundled with some third-party installation program and thereby possibly unintentionally installed by the user (Potentially Unwanted Program = PUP). The tool installs itself as browser helper object (BHO)/extension/add-on to the popular browsers if any of these is installed. DealPly monitors browsed pages for displaying advertisements of deals for various products and businesses, like discount coupons, on every page the user visits.

Script.Application.Plush.D is a JavaScript used by Gen:Adware.Plush.1. It injects ad banners and pop-ups with ads into the browser.
As one example, we have seen it disguised in an application which promises the user to automatically switch the quality of all videos viewed on popular online platforms to HD. Instead, it will show ads in various forms.

Win32.Application.OpenCandy.G is a Potentially Unwanted Program (PUP). It is installed alongside various legitimate freeware like DVD player, PDF reader, archiver and more, which have been bundled with the unwanted extra. The software detected as Win32.Application.OpenCandy.G is developed by SweetLabs, a company based in San Diego, USA. This PUP modifies the browser’s behavior, by changing its home page and search engine settings, it redirects the user to potentially unwanted websites and also displays pop-ups. The purpose of the modification: generate revenue by displaying advertisements.

Win32.Adware.OpenCandy.O is a Potentially Unwanted Program (PUP). This program is included in other legitimate applications in order to generate money for the distributor by showing advertisements. The application is developed by a company called OpenCandy.
This application modifies the browser’s behavior by changing its home page and the search engine. Ad Pop-ups are displayed to the user of the infected machine.

Adware.BrowseFox.BU is the detection of a potentially unwanted program (PUP). It installs plug-ins into Microsoft's Internet Explorer and Google's Chrome, which changes the browsers' settings to generate profit for the attackers. The plug-ins change the start page and the default search engine as well as the browsers' security settings to prepare the browser for the following actions: During the browser use, JavaScripts are injected into the visited websites, to show advertisements.

Adware.Agent.PJT is the detection of a potentially unwanted program (PUP), especially browser add-ons. They are brought onto the machines via e.g. installers like Opencandy, Installcore or similar packages. The software changes the browser's start page as well as the user's default search engine and also the browser's security settings. This ensures the possibility to inject ads into the visited websites. Futhermore, services and drivers are installed to ensure control of the network traffic and remain on the PC (persistence).
Some examples of such software: MarketResearchHelper|SmarterPower|CommonShare|MegaBrowse|SpecialBox|NetCrawl| ClearThink|JumpFlip|BringStar|SmarterPower|WiseEnhance|EnterDigital|FramedDisplay|DigiHelp|RockTurner|InfiniNet|…

Script.Adware.VBates.A is an adware which gets installed by third party installers, without the user's consent. It gathers information about visited websites and will inject advertisements, including alternative offers for similar products, in case the user shows interest in purchasing in a webstore.
Some installations of Script.Adware.VBates.A may re-install themselves after the user has deleted them, using a scheduled task or autorun.

Gen:Variant.Adware.Graftor.243080 is the detection of a potentially unwanted program (PUP), especially browser add-ons. They are brought onto the machines via e.g. installers like Opencandy, Installcore or similar packages. The software changes the browser's start page as well as the user's default search engine and also the browser's security settings. This ensures the possibility to inject ads into the visited websites. Futhermore, services and drivers are installed to ensure control of the network traffic and remain on the PC (persistence).
Some examples of such software: MarketResearchHelper|SmarterPower|CommonShare|MegaBrowse|SpecialBox|NetCrawl|ClearThink|JumpFlip|BringStar|SmarterPower|WiseEnhance|EnterDigital|FramedDisplay|DigiHelp|RockTurner|InfiniNet|…

Win32.Adware.IObit.A is a rogue spyware removal tool. The author of the tool tries to persuade the user to buy the full version of the tool. To scare the user, the application displays popups which suggest that the machine is infected with several malware families, even if the machine is perfectly clean. The user must pay for the full version in order to clean the unreal malware.

This detection belongs to the category of potentially unwanted programs (PUP) and usually comes in free software packages from programs such as FLV Player, PDF Reader, etc., which are downloaded from sources other than the provider. Those software packages often come bundled with extras the user potentially does not want to have, such as a toolbar or a function to change the browser start page or similar.

2Script.Application.Plush.D6.02 % Top10 Chart
3Win32.Application.OpenCandy.G2.51 % Top10 Chart
4Win32.Application.OpenCandy.O2.30 % Top10 Chart
5Adware.BrowseFox.BU2.09 % Top10 Chart
6Adware.Agent.PJT1.89 % Top10 Chart
7Script.Adware.VBates.A1.68 % Top10 Chart
8Gen:Variant.Adware.Graftor.2430801.44 % Top10 Chart
9Win32.Adware.IObit.A1.24 % Top10 Chart
10Win32.Application.InstallCore.EG1.15 % Top10 Chart

Methodology

The Malware Information Initiative (MII) relies on the power of the online community and any customer that purchases a G DATA security solution can take part in this initiative. The prerequisite for this is that they must have activated this function in their G DATA program. If a computer malware attack is fended off, a completely anonymous report of this event is sent to G DATA SecurityLabs. The data about the malware is collected and statistically assessed by G DATA SecurityLabs.

Total percentage of the top 10: 48.61 %

RankNamePercentage Malware distribution by percentage within the top 10
1Script.Adware.DealPly.G25.52 % Top10 Chart

The malware family DealPly belongs to the category Adware. This tool is often bundled with some third-party installation program and thereby possibly unintentionally installed by the user (Potentially Unwanted Program = PUP). The tool installs itself as browser helper object (BHO)/extension/add-on to the popular browsers if any of these is installed. DealPly monitors browsed pages for displaying advertisements of deals for various products and businesses, like discount coupons, on every page the user visits.

Script.Application.Plush.D is a JavaScript used by Gen:Adware.Plush.1. It injects ad banners and pop-ups with ads into the browser.
As one example, we have seen it disguised in an application which promises the user to automatically switch the quality of all videos viewed on popular online platforms to HD. Instead, it will show ads in various forms.

Win32.Adware.OpenCandy.O is a Potentially Unwanted Program (PUP). This program is included in other legitimate applications in order to generate money for the distributor by showing advertisements. The application is developed by a company called OpenCandy.
This application modifies the browser’s behavior by changing its home page and the search engine. Ad Pop-ups are displayed to the user of the infected machine.

Adware.Agent.PJT is the detection of a potentially unwanted program (PUP), especially browser add-ons. They are brought onto the machines via e.g. installers like Opencandy, Installcore or similar packages. The software changes the browser's start page as well as the user's default search engine and also the browser's security settings. This ensures the possibility to inject ads into the visited websites. Futhermore, services and drivers are installed to ensure control of the network traffic and remain on the PC (persistence).
Some examples of such software: MarketResearchHelper|SmarterPower|CommonShare|MegaBrowse|SpecialBox|NetCrawl| ClearThink|JumpFlip|BringStar|SmarterPower|WiseEnhance|EnterDigital|FramedDisplay|DigiHelp|RockTurner|InfiniNet|…

Win32.Application.OpenCandy.G is a Potentially Unwanted Program (PUP). It is installed alongside various legitimate freeware like DVD player, PDF reader, archiver and more, which have been bundled with the unwanted extra. The software detected as Win32.Application.OpenCandy.G is developed by SweetLabs, a company based in San Diego, USA. This PUP modifies the browser’s behavior, by changing its home page and search engine settings, it redirects the user to potentially unwanted websites and also displays pop-ups. The purpose of the modification: generate revenue by displaying advertisements.

Win32.Adware.Browserfox.H is the detection of a potentially unwanted program (PUP). It installs plug-ins into Microsoft's Internet Explorer and Google's Chrome, which changes the browsers' settings to generate profit for the attackers. The plug-ins change the start page and the default search engine as well as the browsers' security settings to prepare the browser for the following actions: During the browser use, JavaScripts are injected into the visited websites, to show advertisements.

Win32.Application.Elex belongs into the category of potentially unwanted programs (PUP). Elex, a company, distributes various software, also using an affiliate program. Using this, they install e.g. browser hijacker which redirect infected users to advertisement websites owned by Elex.

Gen:Variant.Adware.Graftor.200035 is the detection of potentially unwanted programs (PUP) which changes the browser's settings to generate monetary profit for the attackers. They change the browser's start page as well as the custom set search engine. Furthermore, they display additional ad banners and pop-ups within the browser. The software blocks the browser, so the user can hardly reset the settings the PUP made.
The Software is often part of software packages that users load from third party websites and not directly from the original provider.

Win32.Adware.IObit.A is a rogue spyware removal tool. The author of the tool tries to persuade the user to buy the full version of the tool. To scare the user, the application displays popups which suggest that the machine is infected with several malware families, even if the machine is perfectly clean. The user must pay for the full version in order to clean the unreal malware.

This detection belongs to the category of potentially unwanted programs (PUP). It describes alleged system helpers, named BrowserProtect, BrowserProtector, Search Protect, BrowserDefender, BrowserManager or similar, which often come bundled with potentially unwanted extras. In many cases, the third party software packet providers earn money for each install (pay per install). The toolbars, signed by Conduit, change the browser start page and the default search engine permanently and also prepare the browser to show targeted ads. The Software is often part of software packages that users load from third party websites and not directly from the original provider.

2Script.Application.Plush.D5.49 % Top10 Chart
3Win32.Application.OpenCandy.O5.07 % Top10 Chart
4Adware.Agent.PJT3.31 % Top10 Chart
5Win32.Application.OpenCandy.G1.75 % Top10 Chart
6Win32.Adware.Browserfox.H1.68 % Top10 Chart
7Win32.Application.Elex.O1.56 % Top10 Chart
8Gen:Variant.Adware.Graftor.2000351.53 % Top10 Chart
9Win32.Adware.IObit.A1.44 % Top10 Chart
10Win32.Adware.Conduit.B1.26 % Top10 Chart

Methodology

The Malware Information Initiative (MII) relies on the power of the online community and any customer that purchases a G DATA security solution can take part in this initiative. The prerequisite for this is that they must have activated this function in their G DATA program. If a computer malware attack is fended off, a completely anonymous report of this event is sent to G DATA SecurityLabs. The data about the malware is collected and statistically assessed by G DATA SecurityLabs.

Total percentage of the top 10: 44.9 %

RankNamePercentage Malware distribution by percentage within the top 10
1Script.Adware.DealPly.G24.53 % Top10 Chart

The malware family DealPly belongs to the category Adware. This tool is often bundled with some third-party installation program and thereby possibly unintentionally installed by the user (Potentially Unwanted Program = PUP). The tool installs itself as browser helper object (BHO)/extension/add-on to the popular browsers if any of these is installed. DealPly monitors browsed pages for displaying advertisements of deals for various products and businesses, like discount coupons, on every page the user visits.

Script.Application.Plush.D is a JavaScript used by Gen:Adware.Plush.1. It injects ad banners and pop-ups with ads into the browser.
As one example, we have seen it disguised in an application which promises the user to automatically switch the quality of all videos viewed on popular online platforms to HD. Instead, it will show ads in various forms.

Adware.BrowseFox.BU is the detection of a potentially unwanted program (PUP). It installs plug-ins into Microsoft's Internet Explorer and Google's Chrome, which changes the browsers' settings to generate profit for the attackers. The plug-ins change the start page and the default search engine as well as the browsers' security settings to prepare the browser for the following actions: During the browser use, JavaScripts are injected into the visited websites, to show advertisements.

Win32.Adware.OpenCandy.C is a Potentially Unwanted Program (PUP). This program is included in other legitimate applications in order to generate money for the distributor by showing advertisements. The application is developed by a company called OpenCandy.
This application modifies the browser’s behavior by changing its home page and the search engine. Ad Pop-ups are displayed to the user of the infected machine.

Gen:Variant.Adware.Graftor.200035 is the detection of potentially unwanted programs (PUP) which changes the browser's settings to generate monetary profit for the attackers. They change the browser's start page as well as the custom set search engine. Furthermore, they display additional ad banners and pop-ups within the browser. The software blocks the browser, so the user can hardly reset the settings the PUP made.
The Software is often part of software packages that users load from third party websites and not directly from the original provider.

Gen:Variant.Adware.Graftor.197348 is the detection of potentially unwanted programs (PUP) which changes the browser's settings to generate monetary profit for the attackers. They change the browser's start page as well as the custom set search engine. Furthermore, they display additional ad banners and pop-ups within the browser. The software blocks the browser, so the user can hardly reset the settings the PUP made.
The Software is often part of software packages that users load from third party websites and not directly from the original provider.

Win32.Adware.IObit.A is a rogue spyware removal tool. The author of the tool tries to persuade the user to buy the full version of the tool. To scare the user, the application displays popups which suggest that the machine is infected with several malware families, even if the machine is perfectly clean. The user must pay for the full version in order to clean the unreal malware.

Win32.Application.BrowseFox.R is the detection of a potentially unwanted program (PUP). It installs plug-ins into Microsoft's Internet Explorer and Google's Chrome, which changes the browsers' settings to generate profit for the attackers. The plug-ins change the start page and the default search engine as well as the browsers' security settings to prepare the browser for the following actions: During the browser use, JavaScripts are injected into the visited websites, to show advertisements.

Win32.Adware.Browserfox.H is the detection of a potentially unwanted program (PUP). It installs plug-ins into Microsoft's Internet Explorer and Google's Chrome, which changes the browsers' settings to generate profit for the attackers. The plug-ins change the start page and the default search engine as well as the browsers' security settings to prepare the browser for the following actions: During the browser use, JavaScripts are injected into the visited websites, to show advertisements.

Win32.Application.OpenCandy.G is a Potentially Unwanted Program (PUP). It is installed alongside various legitimate freeware like DVD player, PDF reader, archiver and more, which have been bundled with the unwanted extra. The software detected as Win32.Application.OpenCandy.G is developed by SweetLabs, a company based in San Diego, USA. This PUP modifies the browser’s behavior, by changing its home page and search engine settings, it redirects the user to potentially unwanted websites and also displays pop-ups. The purpose of the modification: generate revenue by displaying advertisements.

2Script.Application.Plush.D5.58 % Top10 Chart
3Adware.BrowseFox.BU5.21 % Top10 Chart
4Win32.Adware.OpenCandy.C2.51 % Top10 Chart
5Gen:Variant.Adware.Graftor.2000351.29 % Top10 Chart
6Gen:Variant.Adware.Graftor.1973481.20 % Top10 Chart
7Win32.Adware.IObit.A1.17 % Top10 Chart
8Win32.Application.BrowseFox.R1.15 % Top10 Chart
9Win32.Adware.Browserfox.H1.13 % Top10 Chart
10Win32.Application.OpenCandy.G1.13 % Top10 Chart

Methodology

The Malware Information Initiative (MII) relies on the power of the online community and any customer that purchases a G DATA security solution can take part in this initiative. The prerequisite for this is that they must have activated this function in their G DATA program. If a computer malware attack is fended off, a completely anonymous report of this event is sent to G DATA SecurityLabs. The data about the malware is collected and statistically assessed by G DATA SecurityLabs.

Total percentage of the top 10: 50.54 %

RankNamePercentage Malware distribution by percentage within the top 10
1Script.Adware.DealPly.G25.01 % Top10 Chart

The malware family DealPly belongs to the category Adware. This tool is often bundled with some third-party installation program and thereby possibly unintentionally installed by the user (Potentially Unwanted Program = PUP). The tool installs itself as browser helper object (BHO)/extension/add-on to the popular browsers if any of these is installed. DealPly monitors browsed pages for displaying advertisements of deals for various products and businesses, like discount coupons, on every page the user visits.

Adware.BrowseFox.BU is the detection of a potentially unwanted program (PUP). It installs plug-ins into Microsoft's Internet Explorer and Google's Chrome, which changes the browsers' settings to generate profit for the attackers. The plug-ins change the start page and the default search engine as well as the browsers' security settings to prepare the browser for the following actions: During the browser use, JavaScripts are injected into the visited websites, to show advertisements.

Script.Application.Plush.D is a JavaScript used by Gen:Adware.Plush.1. It injects ad banners and pop-ups with ads into the browser.
As one example, we have seen it disguised in an application which promises the user to automatically switch the quality of all videos viewed on popular online platforms to HD. Instead, it will show ads in various forms.

Win32.Adware.OpenCandy.C is a Potentially Unwanted Program (PUP). This program is included in other legitimate applications in order to generate money for the distributor by showing advertisements. The application is developed by a company called OpenCandy.
This application modifies the browser’s behavior by changing its home page and the search engine. Ad Pop-ups are displayed to the user of the infected machine.

Win32.Application.BrowseFox.R is the detection of a potentially unwanted program (PUP). It installs plug-ins into Microsoft's Internet Explorer and Google's Chrome, which changes the browsers' settings to generate profit for the attackers. The plug-ins change the start page and the default search engine as well as the browsers' security settings to prepare the browser for the following actions: During the browser use, JavaScripts are injected into the visited websites, to show advertisements.

Win32.Adware.IObit.A is a rogue spyware removal tool. The author of the tool tries to persuade the user to buy the full version of the tool. To scare the user, the application displays popups which suggest that the machine is infected with several malware families, even if the machine is perfectly clean. The user must pay for the full version in order to clean the unreal malware.

Win32.Application.OpenCandy.G is a Potentially Unwanted Program (PUP). It is installed alongside various legitimate freeware like DVD player, PDF reader, archiver and more, which have been bundled with the unwanted extra. The software detected as Win32.Application.OpenCandy.G is developed by SweetLabs, a company based in San Diego, USA. This PUP modifies the browser’s behavior, by changing its home page and search engine settings, it redirects the user to potentially unwanted websites and also displays pop-ups. The purpose of the modification: generate revenue by displaying advertisements.

The malware family DealPly belongs to the category Adware. This tool is often bundled with some third-party installation program and thereby possibly unintentionally installed by the user (Potentially Unwanted Program = PUP). The tool installs itself as browser helper object (BHO)/extension/add-on to the popular browsers if any of these is installed. DealPly monitors browsed pages for displaying advertisements of deals for various products and businesses, like discount coupons, on every page the user visits.

Gen:Variant.Adware.Graftor.159134 is the detection of potentially unwanted programs (PUP) which changes the browser's settings to generate monetary profit for the attackers. They change the browser's start page as well as the custom set search engine. Furthermore, they display additional ad banners and pop-ups within the browser. The software blocks the browser, so the user can hardly reset the settings the PUP made.
The Software is often part of software packages that users load from third party websites and not directly from the original provider.

This detection belongs to the category of potentially unwanted programs (PUP). It describes alleged system helpers, named BrowserProtect, BrowserProtector, Search Protect, BrowserDefender, BrowserManager or similar, which often come bundled with potentially unwanted extras. In many cases, the third party software packet providers earn money for each install (pay per install). The toolbars, signed by Conduit, change the browser start page and the default search engine permanently and also prepare the browser to show targeted ads. The Software is often part of software packages that users load from third party websites and not directly from the original provider.

2Adware.BrowseFox.BU7.88 % Top10 Chart
3Script.Application.Plush.D7.39 % Top10 Chart
4Win32.Adware.OpenCandy.C3.34 % Top10 Chart
5Win32.Application.BrowseFox.R1.49 % Top10 Chart
6Win32.Adware.IObit.A1.25 % Top10 Chart
7Win32.Application.OpenCandy.G1.09 % Top10 Chart
8Win32.Application.Dealply.H1.04 % Top10 Chart
9Gen:Variant.Adware.Graftor.1591341.03 % Top10 Chart
10Win32.Adware.Conduit.B1.02 % Top10 Chart

Methodology

The Malware Information Initiative (MII) relies on the power of the online community and any customer that purchases a G DATA security solution can take part in this initiative. The prerequisite for this is that they must have activated this function in their G DATA program. If a computer malware attack is fended off, a completely anonymous report of this event is sent to G DATA SecurityLabs. The data about the malware is collected and statistically assessed by G DATA SecurityLabs.