Home Malware Programs Adware Ads By FocusBase

Ads By FocusBase

Posted: June 20, 2014

Threat Metric

Ranking: 13,398
Threat Level: 2/10
Infected PCs: 4,113
First Seen: June 20, 2014
Last Seen: September 8, 2023
OS(es) Affected: Windows

'Ads by FocusBase' is an adware application sometimes related to the presence of the Yontoo Adware and other browser-modifying PC threats. Ordinarily, adware programs aren't classified as threats and don't commit illicit acts, but 'Ads by FocusBase' and add-ons like 'Ads by FocusBase' do tend to create a range of inadvertent problems that may harm your Web browser's safety or performance. For now, malware researchers find removing 'Ads by FocusBase' through appropriate anti-adware solutions to be the optimal choice, by allowing you to determine what content is loaded into your browser without a third party inserting its own opinion.

Ads by FocusBase: When Advertisements Become Your Browser's Home Base

'Ads by FocusBase' is a likely variant of previous versions of the Yontoo Adware and associated advertising add-ons, all of which take over your browser to generate advertising content automatically. Symptoms of an 'Ads by FocusBase' installation may include redirects to advertising sites, pop-ups or injected hyperlink advertisements. However, the most common format of an 'Ads by FocusBase' advertisement is the addition of graphical elements, such as banners, which overlay on top of a Web page. Like most of its kindred, 'Ads by FocusBase' ignores advertisement-blocking settings and add-ons that are intended to block this kind of content.

It's relatively rare for adware programs to be planted on a PC with the full approval and awareness of the person at the keyboard, and 'Ads by FocusBase' is just one of many of its kind that lacks any normalized distribution technique. Since 'Ads by FocusBase' has neither a company website nor official download links, malware researchers suspect that 'Ads by FocusBase' is being installed through pay-per-install utilities that may tend to bundle more than one program together. As always, avoiding downloading sites with bad security is a simple way to keep your browser untroubled by adware, but anti-adware file scanners also should be able to identify 'Ads by FocusBase' prior to its installation.

A Focus on Clearing Up 'Ads by FocusBase' Advertisements

'Ads by FocusBase' has been found in Firefox, in particular, but also may modify other Windows browsers with relative ease. Malware experts have yet to find evidence of FocusBase Ads in non-Windows Web browsers, although adware of other origins has long since invaded Linux and OS X. Because Ads by FocusBase's advertisements may load on sites not intended to display them and may deliver unsafe content, malware experts find little reason to keep 'Ads by FocusBase' around whether 'Ads by FocusBase' was there with your consent or without it.

If FocusBase Ads was polite enough to install itself only upon request and, likewise, uninstall itself when you asked, there would be little reason for 'Ads by FocusBase' to require much explanation. However, its historical leanings towards concealing components and avoiding deletion by the usual means points out how necessary it still is to use anti-adware tools to protect your computer. When using these tools to delete FocusBase Ads, you should consider the potential for the installation of other PC threats through similar methods (or via FocusBase Ads's own advertisements), and scan your entire hard drive.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

system32\drivers\{2b929fe1-284b-4766-afb9-19b0915b99b0}Gw64.sys File name: {2b929fe1-284b-4766-afb9-19b0915b99b0}Gw64.sys
Size: 61.12 KB (61120 bytes)
MD5: ba52be402299cfcc7c74bf2111b10ace
Detection count: 178
File type: System file
Mime Type: unknown/sys
Path: system32\drivers
Group: Malware file
Last Updated: August 27, 2014
%TEMP%\focusbase\focusbase_Setup.exe File name: focusbase_Setup.exe
Size: 2.09 MB (2096784 bytes)
MD5: aa46cc12872b94502c5f21f6247a1cf5
Detection count: 64
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%\focusbase
Group: Malware file
Last Updated: June 20, 2014
%PROGRAMFILES(x86)%\focusbase\focusbase.FirstRun.exe File name: focusbase.FirstRun.exe
Size: 1.12 MB (1123616 bytes)
MD5: 719e12883bea1ade0fedd76e3be677b2
Detection count: 61
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES(x86)%\focusbase
Group: Malware file
Last Updated: June 20, 2014
%PROGRAMFILES(x86)%\focusbase\bin\focusbase.BrowserAdapter.exe File name: focusbase.BrowserAdapter.exe
Size: 96.54 KB (96544 bytes)
MD5: 5c2cdfbc74c285894e00e238bc8a01fc
Detection count: 30
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES(x86)%\focusbase\bin
Group: Malware file
Last Updated: June 20, 2014
%PROGRAMFILES%\focusbase\bin\focusbase.PurBrowse.exe File name: focusbase.PurBrowse.exe
Size: 239.39 KB (239392 bytes)
MD5: be2d3e9ae93f7e0e7bf36ad73bd3dbaa
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES%\focusbase\bin
Group: Malware file
Last Updated: June 20, 2014
%PROGRAMFILES%\focusbase\updater.exe File name: updater.exe
Size: 109.56 KB (109568 bytes)
MD5: c2bac118df1670f2118e26057979391c
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES%\focusbase
Group: Malware file
Last Updated: June 20, 2014

Registry Modifications

The following newly produced Registry Values are:

CLSID{118F3505-1A27-4ADF-B869-BD7DED2F9774}{52074C36-6B6E-47A0-B7BC-A9D44BCB404E}{59154b14-996c-4253-9901-a303ee2e613b}{8fda85d4-b14a-49f5-9de6-f91c4ec5aaf4}{95A526CE-38F4-4B1C-927D-A695EDA1BBBA}{E1416C97-45B6-42FE-8C0C-87623037ADD2}Regexp file mask%WINDIR%\System32\Drivers\{2b929fe1-284b-4766-afb9-19b0915b99b0}Gw64.sysHKEY..\..\..\..{RegistryKeys}SOFTWARE\focusbaseSoftware\Microsoft\Internet Explorer\Approved Extensions\{B02D4A40-53B7-4EBF-AFBA-E390A153D926}SOFTWARE\Microsoft\Tracing\focusbase_RASAPI32SOFTWARE\Microsoft\Tracing\focusbase_RASMANCSSOFTWARE\Microsoft\Tracing\updatefocusbase_RASAPI32SOFTWARE\Microsoft\Tracing\updatefocusbase_RASMANCSSOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{8fda85d4-b14a-49f5-9de6-f91c4ec5aaf4}Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8FDA85D4-B14A-49F5-9DE6-F91C4EC5AAF4}Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8FDA85D4-B14A-49F5-9DE6-F91C4EC5AAF4}Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{8fda85d4-b14a-49f5-9de6-f91c4ec5aaf4}SOFTWARE\Wow6432Node\focusbaseSOFTWARE\Wow6432Node\Microsoft\Tracing\focusbase_RASAPI32SOFTWARE\Wow6432Node\Microsoft\Tracing\focusbase_RASMANCSSOFTWARE\Wow6432Node\Microsoft\Tracing\updatefocusbase_RASAPI32SOFTWARE\Wow6432Node\Microsoft\Tracing\updatefocusbase_RASMANCSSOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{59154b14-996c-4253-9901-a303ee2e613b}SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{8fda85d4-b14a-49f5-9de6-f91c4ec5aaf4}SYSTEM\ControlSet001\services\eventlog\Application\Update focusbaseSYSTEM\ControlSet001\services\eventlog\Application\Util focusbaseSYSTEM\ControlSet001\services\Update focusbaseSYSTEM\ControlSet001\services\Util focusbaseSYSTEM\ControlSet001\Services\{2b929fe1-284b-4766-afb9-19b0915b99b0}Gw64SYSTEM\ControlSet002\services\eventlog\Application\Util focusbaseSYSTEM\ControlSet002\services\Util focusbaseSYSTEM\ControlSet002\Services\{2b929fe1-284b-4766-afb9-19b0915b99b0}Gw64SYSTEM\CurrentControlSet\services\eventlog\Application\Update focusbaseSYSTEM\CurrentControlSet\services\eventlog\Application\Util focusbaseSYSTEM\CurrentControlSet\services\Update focusbaseSYSTEM\CurrentControlSet\services\Util focusbaseSYSTEM\CurrentControlSet\Services\{2b929fe1-284b-4766-afb9-19b0915b99b0}Gw64HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}focusbase

Additional Information

The following directories were created: