www.microsoft.com Open in urlscan Pro
2a02:26f0:1700:190::356e  Public Scan

Submitted URL: http://go.microsoft.com/fwlink/?linkid=37020&name=PUA:Win32/AskToolbar&threatid=227072&enterprise=1
Effective URL: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=PUA%3AWin32%2FAskToolbar&threatid=22707...
Submission: On November 25 via manual from GB — Scanned from GB

Form analysis 1 forms found in the DOM

Name: searchFormGET https://www.microsoft.com/en-us/search/explore

<form class="c-search" autocomplete="off" id="searchForm" name="searchForm" role="search" action="https://www.microsoft.com/en-us/search/explore" method="GET"
  data-seautosuggest="{&quot;queryParams&quot;:{&quot;market&quot;:&quot;en-us&quot;,&quot;clientId&quot;:&quot;7F27B536-CF6B-4C65-8638-A0F8CBDFCA65&quot;,&quot;sources&quot;:&quot;Iris-Products,DCatAll-Products,Microsoft-Terms&quot;,&quot;filter&quot;:&quot;+ClientType:StoreWeb&quot;,&quot;counts&quot;:&quot;1,5,5&quot;},&quot;familyNames&quot;:{&quot;Apps&quot;:&quot;App&quot;,&quot;Books&quot;:&quot;Book&quot;,&quot;Bundles&quot;:&quot;Bundle&quot;,&quot;Devices&quot;:&quot;Device&quot;,&quot;Fees&quot;:&quot;Fee&quot;,&quot;Games&quot;:&quot;Game&quot;,&quot;MusicAlbums&quot;:&quot;Album&quot;,&quot;MusicTracks&quot;:&quot;Song&quot;,&quot;MusicVideos&quot;:&quot;Video&quot;,&quot;MusicArtists&quot;:&quot;Artist&quot;,&quot;OperatingSystem&quot;:&quot;Operating System&quot;,&quot;Software&quot;:&quot;Software&quot;,&quot;Movies&quot;:&quot;Movie&quot;,&quot;TV&quot;:&quot;TV&quot;,&quot;CSV&quot;:&quot;Gift Card&quot;,&quot;VideoActor&quot;:&quot;Actor&quot;}}"
  data-seautosuggestapi="https://www.microsoft.com/msstoreapiprod/api/autosuggest"
  data-m="{&quot;cN&quot;:&quot;GlobalNav_Search_cont&quot;,&quot;cT&quot;:&quot;Container&quot;,&quot;id&quot;:&quot;c3c1c9c4c1m1r1a1&quot;,&quot;sN&quot;:3,&quot;aN&quot;:&quot;c1c9c4c1m1r1a1&quot;}" aria-expanded="false"
  style="overflow-x: visible;">
  <div class="x-screen-reader" aria-live="assertive"></div>
  <input id="cli_shellHeaderSearchInput" aria-label="Search Expanded" aria-autocomplete="list" aria-expanded="false" aria-controls="universal-header-search-auto-suggest-transparent" aria-owns="universal-header-search-auto-suggest-ul" type="search"
    name="q" role="combobox" placeholder="Search Microsoft.com" data-m="{&quot;cN&quot;:&quot;SearchBox_nav&quot;,&quot;id&quot;:&quot;n1c3c1c9c4c1m1r1a1&quot;,&quot;sN&quot;:1,&quot;aN&quot;:&quot;c3c1c9c4c1m1r1a1&quot;}" data-toggle="tooltip"
    data-placement="right" title="Search Microsoft.com" style="overflow-x: visible;">
  <button id="search" aria-label="Search Microsoft.com" class="c-glyph" data-m="{&quot;cN&quot;:&quot;Search_nav&quot;,&quot;id&quot;:&quot;n2c3c1c9c4c1m1r1a1&quot;,&quot;sN&quot;:2,&quot;aN&quot;:&quot;c3c1c9c4c1m1r1a1&quot;}" data-bi-mto="true"
    aria-expanded="false" style="overflow-x: visible;">
    <span role="presentation" style="overflow-x: visible;">Search</span>
    <span role="tooltip" class="c-uhf-tooltip c-uhf-search-tooltip" style="overflow-x: visible;">Search Microsoft.com</span>
  </button>
  <div class="m-auto-suggest" id="universal-header-search-auto-suggest-transparent" role="group" style="overflow-x: visible;">
    <ul class="c-menu" id="universal-header-search-auto-suggest-ul" aria-label="Search Suggestions" aria-hidden="true" data-bi-dnt="true" data-bi-mto="true" data-js-auto-suggest-position="default" role="listbox" data-tel="jsll"
      data-m="{&quot;cN&quot;:&quot;search suggestions_cont&quot;,&quot;cT&quot;:&quot;Container&quot;,&quot;id&quot;:&quot;c3c3c1c9c4c1m1r1a1&quot;,&quot;sN&quot;:3,&quot;aN&quot;:&quot;c3c1c9c4c1m1r1a1&quot;}" style="overflow-x: visible;"></ul>
    <ul class="c-menu f-auto-suggest-no-results" aria-hidden="true" data-js-auto-suggest-postion="default" data-js-auto-suggest-position="default" role="listbox" style="overflow-x: visible;">
      <li class="c-menu-item" style="overflow-x: visible;"> <span tabindex="-1" style="overflow-x: visible;">No results</span></li>
    </ul>
  </div>
</form>

Text Content

Skip to main content

Because your browser does not support JavaScript you are missing out on on some
great image optimizations allowing this page to load faster.

We use optional cookies to improve your experience on our websites, such as
through social media connections, and to display personalized advertising based
on your online activity. If you reject optional cookies, only cookies necessary
to provide you the services will be used. You may change your selection by
clicking “Manage Cookies” at the bottom of the page. Privacy Statement
Third-Party Cookies

Accept Reject Manage cookies
Skip to main content
Microsoft
Microsoft Security Intelligence
Microsoft Security Intelligence
Microsoft Security Intelligence
 * Home
 * Threats
 * Blogs
 * Downloads
    * Updates Updates
      * Antimalware updates
      * Definition change log
    * Security software Security software
      * Windows security
      * Microsoft Defender ATP
      * Microsoft Threat Protection
    * Cleanup tools Cleanup tools
      * Malicious Software Removal Tool (MSRT)
      * Safety Scanner
      * Microsoft Defender Offline

 * Submissions
    * Submit a file
    * View submission history
    * Report unsafe site
    * Attack surface reduction

 * Help
    * Safety tips Safety tips
      * Sources of infection
      * Avoid tech support scams
      * Troubleshoot detection and removal
      * Up-to-date software
    * Developer resources
    * Our methodologies Our methodologies
      * Threat naming
      * Threat identification criteria
    * Security industry alliances

 * More

 * All Microsoft
   
   
    * GLOBAL
      
      * Microsoft Security
      * Azure
      * Dynamics 365
      * Microsoft 365
      * Microsoft Teams
      * Windows 365
    * Tech & innovation Tech & innovation
      * Microsoft Cloud
      * AI
      * Azure Space
      * Mixed reality
      * Microsoft HoloLens
      * Microsoft Viva
      * Quantum computing
      * Sustainability
    * Industries Industries
      * Education
      * Automotive
      * Financial services
      * Government
      * Healthcare
      * Manufacturing
      * Retail
      * All industries
    * Partners Partners
      * Find a partner
      * Become a partner
      * Partner Network
      * Azure Marketplace
      * AppSource
    * Resources Resources
      * Blog
      * Microsoft Advertising
      * Developer Center
      * Documentation
      * Events
      * Licensing
      * Microsoft Learn
      * Microsoft Research
    * View Sitemap


Search Search Microsoft.com
 * No results

Cancel 0 Cart 0 items in shopping cart
Sign in to your account
Sign in

Attention: We have transitioned to a new AAD or Microsoft Entra ID from the week
of May 20, 2024. In case your tenant requires admin consent, please refer to
this document located at Overview of user and admin consent - Microsoft Entra ID
| Microsoft Learn and grant access to App ID:
6ba09155-cb24-475b-b24f-b4e28fc74365 with graph permissions for
Directory.Read.All and User.Read for continued access. While the app may appear
unverified, you can confirm its legitimacy by verifying the App ID provided.
Provide feedback

We're gradually updating threat actor names in our reports to align with the new
weather-themed taxonomy. Learn about Microsoft threat actor names

PUA:Win32/AskToolbar
Published Jun 29, 2016 | Updated Jul 11, 2017
Learn about other threats


PUA:WIN32/ASKTOOLBAR

Detected by Microsoft Defender Antivirus

Aliases: not-a-virus:WebToolbar.Win32.Agent.byv (Kaspersky) Generic
Malware.nl!ats (McAfee) a variant of Win32/Bundled.Toolbar.Ask.M potentially
unsafe application (ESET) DataApp Installer (Sophos) PUA_AdToolbar (Trend Micro)
Worm.Chir!1.A2F3 (Rising AV) Win32.Worm.Nimda.O (BitDefender) Bloodhound.MalPE
(Symantec)


SUMMARY

This application was stopped from running on your network because it has a poor
reputation. This application can affect the quality of your computing
experience. We have seen this leading to the following potentially unwanted
behaviors on PCs:

 * Adds files that run at startup
 * Installs browser extensions

These applications are most commonly software bundlers or installers for
applications such as toolbars, adware, or system optimizers. We have observed
this application installing software that you might not have intended on your
PC.

If you were trying to install an application, you might have downloaded it from
a source other than the official product's website.

We usually see this application installed on PCs in the following countries.
This list is sorted according to prevalence:

 * United States
 * Brazil
 * Mexico
 * Spain
 * Germany

This detection is part of our extended Potentially Unwanted Application
protection feature.


WHAT TO DO NOW

--------------------------------------------------------------------------------

You should contact your IT representative or network administrator to find how
you can install legitimate programs while connected to your network.


TECHNICAL INFORMATION

--------------------------------------------------------------------------------


THREAT BEHAVIOR

INSTALLATION

This application can be downloaded from websites that offer third-party software
downloads. For example, we have seen it downloaded from:

 * ak.pipoffers.apnpartners.com
 * www.avery.com

We have seen this application use the following file names:

 * OffercastInstaller_AVR_U-0087-01-P_.exe
 * WeatherBugSetup.exe
 * SFInstaller_SFFZ_filezilla_8992693_.exe
 * YTDSetup.exe
 * OffercastInstaller_AVR_U-0090-01-P_.exe
 * Setup-SopCast-3.5.0-2012-3-22.exe
 * CuteWriter.exe
 * OffercastInstaller_AVR_U-0087-01-P_ (1).exe
 * OffercastInstaller_AVR_U-0112-01-P_.exe

It can be digitally signed by the following vendors:

 * APN LLC
 * Ask.com
 * Greentree Applications SRL

We have seen this application using product names such as:

 * Ask TBNotifier
 * Stub Installer
 * Toolbar
 * Offercast - APN Install Manager
 * APN Updater

This application communicates with domains such as:

 * pipoffers.apnpartners.com
 * offers.offercast.com
 * 7500.biz
 * downloads.earthnetworks.com
 * files.goodgamestudios.com

For example:

 * pipoffers.apnpartners.com/static/partners/generic/images/install.ico
 * offers.offercast.com/PIP/Server.jhtml?
 * offers.offercast.com/PIP/OfferAccept.jhtml?

PAYLOAD

Exhibits suspicious behaviors

We have observed this application exhibit the following potentially unwanted
behavior on PCs:

 * Installs programs that start automatically when your PC starts
 * Installs extensions into your browsers - often this is used to inject ads,
   add toolbars, or change how your browser works

Installs other programs

We have seen this application install other software on your PC. Some of these
applications might be bundled during the installation process and not intended
to be installed. We have seen it installing programs such as:

 * AskToolbar

This description was published using automated analysis.


PREVENTION

Follow these general security tips to better protect your PC.


SYMPTOMS

--------------------------------------------------------------------------------




Alerts from your security software might be the only symptom you'll see.

Follow us
 * 
 * 
 * 

What's new
 * Surface Pro
 * Surface Laptop
 * Surface Laptop Studio 2
 * Surface Laptop Go 3
 * Microsoft Copilot
 * AI in Windows
 * Explore Microsoft products
 * Windows 11 apps

Microsoft Store
 * Account profile
 * Download Center
 * Microsoft Store support
 * Returns
 * Order tracking
 * Certified Refurbished
 * Microsoft Store Promise
 * Flexible Payments

Education
 * Microsoft in education
 * Devices for education
 * Microsoft Teams for Education
 * Microsoft 365 Education
 * How to buy for your school
 * Educator training and development
 * Deals for students and parents
 * Azure for students

Business
 * Microsoft Cloud
 * Microsoft Security
 * Dynamics 365
 * Microsoft 365
 * Microsoft Power Platform
 * Microsoft Teams
 * Microsoft 365 Copilot
 * Small Business

Developer & IT
 * Azure
 * Developer Center
 * Documentation
 * Microsoft Learn
 * Microsoft Tech Community
 * Azure Marketplace
 * AppSource
 * Visual Studio

Company
 * Careers
 * About Microsoft
 * Company news
 * Privacy at Microsoft
 * Investors
 * Diversity and inclusion
 * Accessibility
 * Sustainability

English (United States) Your Privacy Choices Opt-Out Icon Your Privacy Choices
Your Privacy Choices Opt-Out Icon Your Privacy Choices Consumer Health Privacy
 * Sitemap
 * Contact Microsoft
 * Privacy
 * Manage cookies
 * Terms of use
 * Trademarks
 * Safety & eco
 * Recycling
 * About our ads
 * © Microsoft 2024

Debug Version = 1.0.0.0;

Send us feedback


Tell us about your experience
Submit feedback
Thank you for your feedback