Should I block it?

98%
Yes, 98% block recommendation.
Possible reasons:
Multiple malware detections
Performance resource utilization

VersionsAdditional versions

2,6,1519,190 6.49%
2,6,1339,144 20.78%
2,6,1125,80 1.30%
2,6,1095,52 28.57%
2,6,1095,52 14.29%
2,6,1070,41 5.19%
2,6,1040,25 9.09%
2,5,1005,80 5.19%
2,5,986,67 9.09%

Relationships

Parent process
Child process
Related files

PE structurePE file structure
Show functions
Import table
advapi32.dll
RegisterEventSourceA, GetLengthSid, ConvertSidToStringSidW, ControlService, StartServiceW, ChangeServiceConfig2W, CreateServiceW, RegEnumValueW, ConvertStringSecurityDescriptorToSecurityDescriptorW, RegQueryInfoKeyW, RegEnumKeyExW, StartServiceCtrlDispatcherW, RegisterServiceCtrlHandlerW, GetTokenInformation, DuplicateTokenEx, CreateProcessAsUserW, OpenSCManagerW, OpenServiceW, QueryServiceConfigW, ChangeServiceConfigW, CloseServiceHandle, SetServiceStatus, RegEnumKeyW, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, ConvertStringSecurityDescriptorToSecurityDescriptorA, GetSecurityDescriptorSacl, SetSecurityDescriptorSacl, RegSetValueExW, RegQueryValueExW, RegCloseKey, RegCreateKeyExW, RegOpenKeyExW, IsValidSid, DeregisterEventSource, InitializeAcl, ReportEventA, AddAce, OpenThreadToken, OpenProcessToken, GetSecurityInfo, GetAclInformation, GetAce, DeleteAce, SetSecurityInfo, RegDeleteKeyW, RegDeleteValueW, DeleteService
gdi32.dll
CreateDIBSection, CreateFontIndirectW, GetObjectW, DeleteObject, SelectObject, SetBkMode, SetTextColor, Rectangle, CreatePen, DeleteDC, RoundRect, CreateSolidBrush, CreatePatternBrush, CreateCompatibleDC, CreateCompatibleBitmap, BitBlt
kernel32.dll
DllMain
ole32.dll
StringFromGUID2, CoInitializeEx, CoInitializeSecurity, CoInitialize, CoUninitialize, CoCreateInstance, CoSetProxyBlanket
rpcrt4.dll
UuidFromStringA
shell32.dll
SHFileOperationW, CommandLineToArgvW, SHGetSpecialFolderPathW
shlwapi.dll
PathFileExistsW, PathAddExtensionW, PathAppendW, PathFindExtensionW, PathRemoveExtensionW, PathStripPathW, StrCpyW, PathFindFileNameW, PathIsDirectoryW, PathRemoveFileSpecW, SHGetValueW, StrCmpNIW, PathIsRootW, PathRenameExtensionW, PathRemoveFileSpecA, PathStripToRootW, StrCmpW
user32.dll
EndPaint, BeginPaint, GetClientRect, GetWindowTextLengthW, GetWindowTextW, DrawTextW, GetSystemMetrics, LoadImageW, GetCursorPos, TrackMouseEvent, GetClassInfoExW, LoadCursorW, InvalidateRect, FindWindowW, DestroyWindow, RegisterClassExW, CreateWindowExW, GetUserObjectInformationW, GetProcessWindowStation, GetDesktopWindow, MessageBoxA, MessageBoxW, SetFocus, SetWindowPos, MapWindowPoints, GetMonitorInfoW, MonitorFromWindow, GetWindow, UnregisterClassA, GetTopWindow, ChildWindowFromPoint, KillTimer, ScreenToClient, ShowWindow, GetParent, GetSysColorBrush, GetSysColor, GetWindowRect, MoveWindow, EndDialog, GetDlgItem, GetDC, ReleaseDC, FillRect, SetLayeredWindowAttributes, LoadStringA, SendMessageW, SetWindowTextW, SetTimer, PeekMessageW, GetMessageW, TranslateMessage, DispatchMessageW, SystemParametersInfoW, GetActiveWindow, DialogBoxParamW, CallWindowProcW, GetWindowLongW, DefWindowProcW, SetWindowsHookExW, UnhookWindowsHookEx, SetWindowLongW, IsWindow
userenv.dll
CreateEnvironmentBlock
uxtheme.dll
DrawThemeBackground, IsThemeBackgroundPartiallyTransparent, OpenThemeData, CloseThemeData, DrawThemeParentBackground
version.dll
GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW
winhttp.dll
WinHttpReceiveResponse, WinHttpAddRequestHeaders, WinHttpQueryDataAvailable, WinHttpReadData, WinHttpConnect, WinHttpSetStatusCallback, WinHttpOpenRequest, WinHttpGetIEProxyConfigForCurrentUser, WinHttpGetProxyForUrl, WinHttpCloseHandle, WinHttpOpen, WinHttpSendRequest, WinHttpQueryHeaders, WinHttpSetOption
wtsapi32.dll
WTSQueryUserToken

browserprotect.exe

Application Manager by Bit89 Inc. (Signed)

Remove browserprotect.exe
Version:   2,6,1070,41
MD5:   b2958f59c2dafb76348224832fb7c26f
SHA1:   56affa25cd84b946cfd6870fa7c41916fa24c61c
SHA256:   b3e45cf8d1d662851c2a7faea1950c5ae21c02d9b635aa9b5204de4b691ecad6
Warning 5 antivirus scanners has detected malware.

What is browserprotect.exe?

The PerformerSoft Browser Manager (Application Manager) program classified mostly as exhibiting adware like actions, is bundled with PerformerSoft products including PC Performer. Browser Manager is designed to protect its bundled programs and make sure they remain installed or unchanged by other thrid party programs. The Browser Manager program was developed by Bit89 (Bit89.com) a know adware maker.

Overview

browserprotect.exe is malware that runs as a service under the name BrowserDefendert (FindAmo Manager) within the local user context as a shared service. This is typically installed with the program BrowserProtect published by Bit89 Inc and is most likely removed by most users once installed (88% removed). The file is digitally signed by Bit89 Inc. which was issued by the GoDaddy.com certificate authority (CA).

DetailsDetails

File name:browserprotect.exe
Publisher:PerformerSoft LLC
Product name:Application Manager
Typical file path:C:\ProgramData\browserprotect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\browserprotect.exe
File version:2,6,1070,41
Size:2.44 MB (2,554,472 bytes)
Certificate
Issued to:Bit89 Inc.
Authority (CA):GoDaddy.com
Effective date:Tuesday, September 4, 2012
Expiration date:Friday, September 4, 2015
Digital DNA
PE subsystem:Windows GUI
File packed:No
.NET CLR:No
More details

ResourcesPrograms

The following program will install this file
BrowserProtect
 Bit89 Inc
  88% remove
PerformerSoft BrowserProtect is a third party web browser add-in classified mostly as a potentially unwanted software application that used to be bundled with PerformerSoft products including PC Performer. The maker of this program is a known adware/malware distributor, so caution should be taken. The PerformerSoft BrowserProtect (Browser Manager) program classified mostly as exhibiting adware like actions, is bundled with PerformerSoft...

BehaviorsBehaviors

Services
Runs under 'SYSTEM\CurrentControlSet\Services' as a shared service by the Service Host (svchost.exe)
  • BrowserDefendert
  • 'FindAmo Manager'
  • 'BrowserProtect'

MalwareMalware detections

Based on 40+ industry antivirus scanners, 5 of them detected the following malware.
Antivirus engineEngine versionDetection
ESET NOD32 7.8032 a variant of Win32/bProtector.A
Jiangmin 16.0.100 Backdoor/RBot.afye
Kingsoft 2013.1.8.219 Win32.Hack.Rbot.f.(kcloud)
Trend Micro HouseCall 9.700.0.1001 TROJ_GEN.RCBH1AC
VIPRE Antivirus 15660 Bprotector (fs)

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.00018045%
0.028634%
Kernel CPU:0.00013128%
0.013761%
User CPU:0.00004917%
0.014873%
Kernel CPU time:3,189,094 ms/min
100,923,805ms/min
CPU cycles:11,744,776/sec
17,470,203/sec
Memory
Private memory:2.34 MB
21.59 MB
Private (maximum):5.09 MB
Private (minimum):392 KB
Non-paged memory:2.34 MB
21.59 MB
Virtual memory:97.63 MB
140.96 MB
Virtual memory (peak):128.09 MB
169.69 MB
Working set:542 KB
18.61 MB
Working set (peak):5.32 MB
37.95 MB
Page faults:809,646,073/min
2,039/min
I/O
I/O read transfer:16 Bytes/sec
1.02 MB/min
I/O read operations:1/sec
343/min
I/O write transfer:2 Bytes/sec
274.99 KB/min
I/O write operations:1/sec
227/min
I/O other transfer:5 Bytes/sec
448.09 KB/min
I/O other operations:1/sec
1,671/min
Resource allocations
Threads:4
12
Handles:158
600
GUI GDI count:4
103
GUI USER count:7
49

BehaviorsProcess properties

Integrety level:High
Platform:32-bit
Command lines:
  • "C:\ProgramData\browserprotect\2.6.1070.41\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\browserprotect.exe" /protect
  • C:\ProgramData\browserprotect\2.6.1070.41\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\browserprotect.exe
Owner:User
Windows Service
Service name:FindAmo Manager
Display name:BrowserDefendert
Description:“Your browser protector service”
Type:Win32ShareProcess
Parent processes:

ResourcesThreads

Averages
 
BrowserProtect.exe (main module)
Total CPU:0.32343322%
0.272967%
Kernel CPU:0.29792559%
0.107585%
User CPU:0.02550763%
0.165382%
CPU cycles:9,606,269/sec
5,741,424/sec
Memory:2.51 MB
1.16 MB
ADVAPI32.dll
Total CPU:0.00020074%
Kernel CPU:0.00012044%
User CPU:0.00008029%
CPU cycles:46,205/sec
Memory:792 KB

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Home Premium 27.27%
Windows 7 Ultimate 14.29%
Microsoft Windows XP 14.29%
Windows 8 Pro 11.69%
Windows Vista Home Premium 10.39%
Windows 8 7.79%
Windows 7 Professional 5.19%
Windows 7 Starter 3.90%
Windows 8 Pro with Media Center 3.90%
Windows 8 Single Language 1.30%

Distribution by countryDistribution by country

United States installs about 28.57% of Application Manager.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Hewlett-Packard 26.67%
Acer 25.00%
Sony 13.33%
Toshiba 13.33%
Dell 10.00%
GIGABYTE 5.00%
Intel 3.33%
ASUS 3.33%
Back to top
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE