Don't Copy From This Blog...
Today we came across another adware application called Boxore. It's distributed the old-fashioned way: people search for free online movie streaming sites where they could watch their favorite movies and TV shows without actually downloading them. Let's take The Dark Knight Rises as an example which stormed its way to the top of the US box office. There are many websites that allow you to watch this movie online and for free. Sounds good to be true? You betcha!Most of the time, you either have to buy credits or download their "player" that is supposedly necessary to watch the movie. One of such streaming websites generated an error message claiming that we can't watch the movie because we don't have some fancy codecs installed on our machine. But that's not a problem, they immediately told us to download this free multimedia player called Player Plus which fixes everything right away. So, we did.
Surprisingly, the Player Plus setup wizard was in French even thought we were redirected from a video streaming site in English and the official download page was also in English. As you can see in the image below, we could choose not to install Boxore client and Babylon Toolbar but let's just say we were so excited or maybe inattentive and missed that option.
Everything went smoothly, we went back to the streaming site, clicked play button again and for our great disappointment we were able to watch The Dark Knight Rises trailer only, not the full movie. Darn scammers!
So, after all, we ended up with the Babylon toolbar and Boxore adware on our computer. You can read more about Babylon toolbar and Babylon search engine here. Now, let's have a look at Boxore client. There are two main components of this software: boxore.exe (client) and Update.exe (service). Both are set to start up automatically whenever you turn on your computer.
Going through boxore.exe file properties, comments section, quickly reveals what it's all about:
Get offers and recommendations matching with what you like (videos, games, music, ...)
The same information can be found at boxore.com. Furthermore, Boxore adware authors assure that their product is 100% safe, free and anonymous. It doesn't collect any information about the users. Boxore simply scans all the websites you visit searching for keywords that could help them determine what kind of topics you are interested in when browsing the net.
Boxore.exe sends ad requests regularly. If there's no ad available at that moment, it keeps monitoring your browsing habits. But we didn't have to wait very long for the first ad to show up. This advertisement (see the image below) was loaded after twenty or so minutes.
The ad came from openadserving.com. This website is currently ranking among 4000 most popular sites in the world. Even though, this data isn't very reliable we can still assume that Boxore network is serving ads to thousands of users each day.
And finally, one interesting fact about the multimedia player we downloaded: there are actually two versions of the Player Plus. If you download Player Plus from playerplus.com then you will get a clean version of this application. No toolbars, adware, etc. However, if you download Player Plus from a streaming site then you will get the evil version Player Plus X.
Last but but least, along with the Boxore adware came this Chrome extension called Smart Displat 1.1. We are not sure what it is, and we could find any information about this extension because it was removed from Chrome store. One way or another, this extension should be removed as well.
To remove Boxore adware and associated applications from your computer, please follow the removal instructions below. Good luck!
Source: http://spywareremovalx.blogspot.com
Boxore removal instructions:
1. First of all, download recommended anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this browser hijacker. Hopefully you won't have to do that.
2. Go to the Start Menu. Select Control Panel → Add/Remove Programs.
If you are using Windows Vista or Windows 7, select Control Panel → Uninstall a Program.
3. Search for Boxore Client in the list. Select the program and click Remove button.
If you are using Windows Vista/7, click Uninstall up near the top of that window.
4. To remove Babylon toolbar and Babylon Search, please follow this removal guide.
5. Remove Smart Display 1.1 extension in Google Chrome.
Click on Customize and control Google Chrome icon. Go to Tools → Extensions.
Select Smart Display 1.1 and click on the small recycle bin icon to remove the toolbar.
6. And finally, download recommended anti-malware software and run a full system scan to remove any associated malware or potentially unwanted applications from your computer.
Associated Boxore Adware files and registry values:
Files:
- C:\Program Files\Boxore
- C:\Program Files\Boxore\BoxoreClient
- C:\Program Files\Boxore\BoxoreClient\boxore.exe
- C:\Program Files\Boxore\BoxoreClient\COPYING
- C:\Program Files\Boxore\BoxoreClient\index.dat
- C:\Program Files\Boxore\BoxoreClient\rules.dat
- C:\Program Files\Boxore\SmartDisplay\SmartExtensions\GoogleChrome\SmartDisplayExtension.crx
- HKEY_LOCAL_MACHINE\SOFTWARE\Boxore
- HKEY_LOCAL_MACHINE\SOFTWARE\Boxore\BoxoreClient
- HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jeaihkehdlhkocphopopahkfjcfcphef
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Boxore Client"
0 comments:
Post a Comment