We received the file BSEARCHSVC.EXE and detected that BSEARCHSVC.EXE is not good.
BSEARCHSVC.EXE is Adware. You should remove the file BSEARCHSVC.EXE.
Kill the process BSEARCHSVC.EXE and remove BSEARCHSVC.EXE from Windows.
Malware Analysis of BSEARCHSVC.EXE
Full path on a computer: %Program Files%\barosearch\bsearchsvc.exe
Detected by UnHackMe:
BSEARCHSVC.EXE
Default location: %Program Files%\barosearch\bsearchsvc.exe
Removal Results: Success
Number of reboot: 1
BSEARCHSVC.EXE is known as:
Adware.BaroSearch.A (ES), Adware.K.BaroSearch, Adware.BaroSearch.A, PUP.BaroSearch, Win32.Adware.Kraddare.GO, AdWare.BaroSearch
BSEARCHSVC.EXE hash:
- MD5: b10eae0f1196bbaa49cd01040ac077e8
The file tries to connect to the dangerous web site.
How to quickly detect BSEARCHSVC.EXE presence?
![]( "Registry")
Registry:
![]( "Folders")
Folders:
![]( "Files")
Files:
Registry:- HKLM\Software\Classes\CLSID\{36936EFC-0B55-4DF4-A01D-69CD27B4309E}\InprocServer32\: “C:\DOCUME~1\ADMINI~1\LOCALS~1\APPLIC~1\newtab\newtab32.dll”
- HKLM\Software\Classes\CLSID\{7CCA4EA6-CA02-4789-9419-34E85C7AC2DC}\InprocServer32\: “C:\PROGRA~1\WISELO~1\juso.dll”
- HKLM\System\CurrentControlSet\Services\BCSvc\Type: 0×00000110
- HKLM\System\CurrentControlSet\Services\BCSvc\Start: 0×00000002
- HKLM\System\CurrentControlSet\Services\BCSvc\ErrorControl: 0×00000001
- HKLM\System\CurrentControlSet\Services\BCSvc\ImagePath: “%Program Files%\barosearch\bsearchsvc.exe”
- HKLM\System\CurrentControlSet\Services\BCSvc\DisplayName: “BSearch Service”
- HKLM\System\CurrentControlSet\Services\BCSvc\ObjectName: “LocalSystem”
- HKLM\System\CurrentControlSet\Services\BCSvc\Description: “The Service in Windows.”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\WiseLook Application: “%Program Files%\WiseLook Application\WiseLook.exe”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\BSearch: “%Program Files%\barosearch\bsearch.exe”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\newtab: “%Local Appdata%\newtab\newtab.exe”
Folders:- %Local Appdata%\newtab
- %Program Files%\barosearch
- %Program Files%\newtab
- %Program Files%\WiseLook Application
Files:- %Favorites%\CJmall.url
- %Favorites%\GS SHOP.url
- %Favorites%\Hmall.url
- %Local Appdata%\barosearchinstall.exe
- %Local Appdata%\newtab\newtab.exe
- %Local Appdata%\newtab\newtab32.dll
- %Local Appdata%\newtab\newtab64.dll
- %Local Appdata%\newtab\newtabdel.exe
- %Local Appdata%\newtab\newtabin.exe
- %Local Appdata%\wiselook.exe
- %Program Files%\barosearch\11st.ico
- %Program Files%\barosearch\auction.ico
- %Program Files%\barosearch\bsearch.exe
- %Program Files%\barosearch\bsearchsvc.exe
- %Program Files%\barosearch\cjmall.ico
- %Program Files%\barosearch\cybermall.ico
- %Program Files%\barosearch\dnshop.ico
- %Program Files%\barosearch\emart.ico
- %Program Files%\barosearch\faple.ico
- %Program Files%\barosearch\gmarket.ico
- %Program Files%\barosearch\gseshop.ico
- %Program Files%\barosearch\halfclub.ico
- %Program Files%\barosearch\hmall.ico
- %Program Files%\barosearch\istore1.ico
- %Program Files%\barosearch\lotte01.ico
- %Program Files%\barosearch\lotteimall.ico
- %Program Files%\barosearch\mutnam01.ico
- %Program Files%\barosearch\nseshop.ico
- %Program Files%\barosearch\player.ico
- %Program Files%\barosearch\samsungmall.ico
- %Program Files%\newtab\r.exe
- %Program Files%\WiseLook Application\juso.dll
- %Program Files%\WiseLook Application\WiseLook.exe