Ads By FocusBase
Posted: June 20, 2014
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Ranking: | 13,398 |
---|---|
Threat Level: | 2/10 |
Infected PCs: | 4,113 |
First Seen: | June 20, 2014 |
---|---|
Last Seen: | September 8, 2023 |
OS(es) Affected: | Windows |
'Ads by FocusBase' is an adware application sometimes related to the presence of the Yontoo Adware and other browser-modifying PC threats. Ordinarily, adware programs aren't classified as threats and don't commit illicit acts, but 'Ads by FocusBase' and add-ons like 'Ads by FocusBase' do tend to create a range of inadvertent problems that may harm your Web browser's safety or performance. For now, malware researchers find removing 'Ads by FocusBase' through appropriate anti-adware solutions to be the optimal choice, by allowing you to determine what content is loaded into your browser without a third party inserting its own opinion.
Ads by FocusBase: When Advertisements Become Your Browser's Home Base
'Ads by FocusBase' is a likely variant of previous versions of the Yontoo Adware and associated advertising add-ons, all of which take over your browser to generate advertising content automatically. Symptoms of an 'Ads by FocusBase' installation may include redirects to advertising sites, pop-ups or injected hyperlink advertisements. However, the most common format of an 'Ads by FocusBase' advertisement is the addition of graphical elements, such as banners, which overlay on top of a Web page. Like most of its kindred, 'Ads by FocusBase' ignores advertisement-blocking settings and add-ons that are intended to block this kind of content.
It's relatively rare for adware programs to be planted on a PC with the full approval and awareness of the person at the keyboard, and 'Ads by FocusBase' is just one of many of its kind that lacks any normalized distribution technique. Since 'Ads by FocusBase' has neither a company website nor official download links, malware researchers suspect that 'Ads by FocusBase' is being installed through pay-per-install utilities that may tend to bundle more than one program together. As always, avoiding downloading sites with bad security is a simple way to keep your browser untroubled by adware, but anti-adware file scanners also should be able to identify 'Ads by FocusBase' prior to its installation.
A Focus on Clearing Up 'Ads by FocusBase' Advertisements
'Ads by FocusBase' has been found in Firefox, in particular, but also may modify other Windows browsers with relative ease. Malware experts have yet to find evidence of FocusBase Ads in non-Windows Web browsers, although adware of other origins has long since invaded Linux and OS X. Because Ads by FocusBase's advertisements may load on sites not intended to display them and may deliver unsafe content, malware experts find little reason to keep 'Ads by FocusBase' around whether 'Ads by FocusBase' was there with your consent or without it.
If FocusBase Ads was polite enough to install itself only upon request and, likewise, uninstall itself when you asked, there would be little reason for 'Ads by FocusBase' to require much explanation. However, its historical leanings towards concealing components and avoiding deletion by the usual means points out how necessary it still is to use anti-adware tools to protect your computer. When using these tools to delete FocusBase Ads, you should consider the potential for the installation of other PC threats through similar methods (or via FocusBase Ads's own advertisements), and scan your entire hard drive.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:system32\drivers\{2b929fe1-284b-4766-afb9-19b0915b99b0}Gw64.sys
File name: {2b929fe1-284b-4766-afb9-19b0915b99b0}Gw64.sysSize: 61.12 KB (61120 bytes)
MD5: ba52be402299cfcc7c74bf2111b10ace
Detection count: 178
File type: System file
Mime Type: unknown/sys
Path: system32\drivers
Group: Malware file
Last Updated: August 27, 2014
%TEMP%\focusbase\focusbase_Setup.exe
File name: focusbase_Setup.exeSize: 2.09 MB (2096784 bytes)
MD5: aa46cc12872b94502c5f21f6247a1cf5
Detection count: 64
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%\focusbase
Group: Malware file
Last Updated: June 20, 2014
%PROGRAMFILES(x86)%\focusbase\focusbase.FirstRun.exe
File name: focusbase.FirstRun.exeSize: 1.12 MB (1123616 bytes)
MD5: 719e12883bea1ade0fedd76e3be677b2
Detection count: 61
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES(x86)%\focusbase
Group: Malware file
Last Updated: June 20, 2014
%PROGRAMFILES(x86)%\focusbase\bin\focusbase.BrowserAdapter.exe
File name: focusbase.BrowserAdapter.exeSize: 96.54 KB (96544 bytes)
MD5: 5c2cdfbc74c285894e00e238bc8a01fc
Detection count: 30
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES(x86)%\focusbase\bin
Group: Malware file
Last Updated: June 20, 2014
%PROGRAMFILES%\focusbase\bin\focusbase.PurBrowse.exe
File name: focusbase.PurBrowse.exeSize: 239.39 KB (239392 bytes)
MD5: be2d3e9ae93f7e0e7bf36ad73bd3dbaa
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES%\focusbase\bin
Group: Malware file
Last Updated: June 20, 2014
%PROGRAMFILES%\focusbase\updater.exe
File name: updater.exeSize: 109.56 KB (109568 bytes)
MD5: c2bac118df1670f2118e26057979391c
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES%\focusbase
Group: Malware file
Last Updated: June 20, 2014
Registry Modifications
CLSID{118F3505-1A27-4ADF-B869-BD7DED2F9774}{52074C36-6B6E-47A0-B7BC-A9D44BCB404E}{59154b14-996c-4253-9901-a303ee2e613b}{8fda85d4-b14a-49f5-9de6-f91c4ec5aaf4}{95A526CE-38F4-4B1C-927D-A695EDA1BBBA}{E1416C97-45B6-42FE-8C0C-87623037ADD2}Regexp file mask%WINDIR%\System32\Drivers\{2b929fe1-284b-4766-afb9-19b0915b99b0}Gw64.sysHKEY..\..\..\..{RegistryKeys}SOFTWARE\focusbaseSoftware\Microsoft\Internet Explorer\Approved Extensions\{B02D4A40-53B7-4EBF-AFBA-E390A153D926}SOFTWARE\Microsoft\Tracing\focusbase_RASAPI32SOFTWARE\Microsoft\Tracing\focusbase_RASMANCSSOFTWARE\Microsoft\Tracing\updatefocusbase_RASAPI32SOFTWARE\Microsoft\Tracing\updatefocusbase_RASMANCSSOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{8fda85d4-b14a-49f5-9de6-f91c4ec5aaf4}Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8FDA85D4-B14A-49F5-9DE6-F91C4EC5AAF4}Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8FDA85D4-B14A-49F5-9DE6-F91C4EC5AAF4}Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{8fda85d4-b14a-49f5-9de6-f91c4ec5aaf4}SOFTWARE\Wow6432Node\focusbaseSOFTWARE\Wow6432Node\Microsoft\Tracing\focusbase_RASAPI32SOFTWARE\Wow6432Node\Microsoft\Tracing\focusbase_RASMANCSSOFTWARE\Wow6432Node\Microsoft\Tracing\updatefocusbase_RASAPI32SOFTWARE\Wow6432Node\Microsoft\Tracing\updatefocusbase_RASMANCSSOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{59154b14-996c-4253-9901-a303ee2e613b}SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{8fda85d4-b14a-49f5-9de6-f91c4ec5aaf4}SYSTEM\ControlSet001\services\eventlog\Application\Update focusbaseSYSTEM\ControlSet001\services\eventlog\Application\Util focusbaseSYSTEM\ControlSet001\services\Update focusbaseSYSTEM\ControlSet001\services\Util focusbaseSYSTEM\ControlSet001\Services\{2b929fe1-284b-4766-afb9-19b0915b99b0}Gw64SYSTEM\ControlSet002\services\eventlog\Application\Util focusbaseSYSTEM\ControlSet002\services\Util focusbaseSYSTEM\ControlSet002\Services\{2b929fe1-284b-4766-afb9-19b0915b99b0}Gw64SYSTEM\CurrentControlSet\services\eventlog\Application\Update focusbaseSYSTEM\CurrentControlSet\services\eventlog\Application\Util focusbaseSYSTEM\CurrentControlSet\services\Update focusbaseSYSTEM\CurrentControlSet\services\Util focusbaseSYSTEM\CurrentControlSet\Services\{2b929fe1-284b-4766-afb9-19b0915b99b0}Gw64HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}focusbase
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.