www.microsoft.com
Open in
urlscan Pro
2a02:26f0:1700:190::356e
Public Scan
Submitted URL: http://go.microsoft.com/fwlink/?linkid=37020&name=PUA:Win32/AskToolbar&threatid=227072&enterprise=1
Effective URL: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=PUA%3AWin32%2FAskToolbar&threatid=22707...
Submission: On November 25 via manual from GB — Scanned from GB
Effective URL: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=PUA%3AWin32%2FAskToolbar&threatid=22707...
Submission: On November 25 via manual from GB — Scanned from GB
Form analysis
1 forms found in the DOMName: searchForm — GET https://www.microsoft.com/en-us/search/explore
<form class="c-search" autocomplete="off" id="searchForm" name="searchForm" role="search" action="https://www.microsoft.com/en-us/search/explore" method="GET"
data-seautosuggest="{"queryParams":{"market":"en-us","clientId":"7F27B536-CF6B-4C65-8638-A0F8CBDFCA65","sources":"Iris-Products,DCatAll-Products,Microsoft-Terms","filter":"+ClientType:StoreWeb","counts":"1,5,5"},"familyNames":{"Apps":"App","Books":"Book","Bundles":"Bundle","Devices":"Device","Fees":"Fee","Games":"Game","MusicAlbums":"Album","MusicTracks":"Song","MusicVideos":"Video","MusicArtists":"Artist","OperatingSystem":"Operating System","Software":"Software","Movies":"Movie","TV":"TV","CSV":"Gift Card","VideoActor":"Actor"}}"
data-seautosuggestapi="https://www.microsoft.com/msstoreapiprod/api/autosuggest"
data-m="{"cN":"GlobalNav_Search_cont","cT":"Container","id":"c3c1c9c4c1m1r1a1","sN":3,"aN":"c1c9c4c1m1r1a1"}" aria-expanded="false"
style="overflow-x: visible;">
<div class="x-screen-reader" aria-live="assertive"></div>
<input id="cli_shellHeaderSearchInput" aria-label="Search Expanded" aria-autocomplete="list" aria-expanded="false" aria-controls="universal-header-search-auto-suggest-transparent" aria-owns="universal-header-search-auto-suggest-ul" type="search"
name="q" role="combobox" placeholder="Search Microsoft.com" data-m="{"cN":"SearchBox_nav","id":"n1c3c1c9c4c1m1r1a1","sN":1,"aN":"c3c1c9c4c1m1r1a1"}" data-toggle="tooltip"
data-placement="right" title="Search Microsoft.com" style="overflow-x: visible;">
<button id="search" aria-label="Search Microsoft.com" class="c-glyph" data-m="{"cN":"Search_nav","id":"n2c3c1c9c4c1m1r1a1","sN":2,"aN":"c3c1c9c4c1m1r1a1"}" data-bi-mto="true"
aria-expanded="false" style="overflow-x: visible;">
<span role="presentation" style="overflow-x: visible;">Search</span>
<span role="tooltip" class="c-uhf-tooltip c-uhf-search-tooltip" style="overflow-x: visible;">Search Microsoft.com</span>
</button>
<div class="m-auto-suggest" id="universal-header-search-auto-suggest-transparent" role="group" style="overflow-x: visible;">
<ul class="c-menu" id="universal-header-search-auto-suggest-ul" aria-label="Search Suggestions" aria-hidden="true" data-bi-dnt="true" data-bi-mto="true" data-js-auto-suggest-position="default" role="listbox" data-tel="jsll"
data-m="{"cN":"search suggestions_cont","cT":"Container","id":"c3c3c1c9c4c1m1r1a1","sN":3,"aN":"c3c1c9c4c1m1r1a1"}" style="overflow-x: visible;"></ul>
<ul class="c-menu f-auto-suggest-no-results" aria-hidden="true" data-js-auto-suggest-postion="default" data-js-auto-suggest-position="default" role="listbox" style="overflow-x: visible;">
<li class="c-menu-item" style="overflow-x: visible;"> <span tabindex="-1" style="overflow-x: visible;">No results</span></li>
</ul>
</div>
</form>
Text Content
Skip to main content Because your browser does not support JavaScript you are missing out on on some great image optimizations allowing this page to load faster. We use optional cookies to improve your experience on our websites, such as through social media connections, and to display personalized advertising based on your online activity. If you reject optional cookies, only cookies necessary to provide you the services will be used. You may change your selection by clicking “Manage Cookies” at the bottom of the page. Privacy Statement Third-Party Cookies Accept Reject Manage cookies Skip to main content Microsoft Microsoft Security Intelligence Microsoft Security Intelligence Microsoft Security Intelligence * Home * Threats * Blogs * Downloads * Updates Updates * Antimalware updates * Definition change log * Security software Security software * Windows security * Microsoft Defender ATP * Microsoft Threat Protection * Cleanup tools Cleanup tools * Malicious Software Removal Tool (MSRT) * Safety Scanner * Microsoft Defender Offline * Submissions * Submit a file * View submission history * Report unsafe site * Attack surface reduction * Help * Safety tips Safety tips * Sources of infection * Avoid tech support scams * Troubleshoot detection and removal * Up-to-date software * Developer resources * Our methodologies Our methodologies * Threat naming * Threat identification criteria * Security industry alliances * More * All Microsoft * GLOBAL * Microsoft Security * Azure * Dynamics 365 * Microsoft 365 * Microsoft Teams * Windows 365 * Tech & innovation Tech & innovation * Microsoft Cloud * AI * Azure Space * Mixed reality * Microsoft HoloLens * Microsoft Viva * Quantum computing * Sustainability * Industries Industries * Education * Automotive * Financial services * Government * Healthcare * Manufacturing * Retail * All industries * Partners Partners * Find a partner * Become a partner * Partner Network * Azure Marketplace * AppSource * Resources Resources * Blog * Microsoft Advertising * Developer Center * Documentation * Events * Licensing * Microsoft Learn * Microsoft Research * View Sitemap Search Search Microsoft.com * No results Cancel 0 Cart 0 items in shopping cart Sign in to your account Sign in Attention: We have transitioned to a new AAD or Microsoft Entra ID from the week of May 20, 2024. In case your tenant requires admin consent, please refer to this document located at Overview of user and admin consent - Microsoft Entra ID | Microsoft Learn and grant access to App ID: 6ba09155-cb24-475b-b24f-b4e28fc74365 with graph permissions for Directory.Read.All and User.Read for continued access. While the app may appear unverified, you can confirm its legitimacy by verifying the App ID provided. Provide feedback We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names PUA:Win32/AskToolbar Published Jun 29, 2016 | Updated Jul 11, 2017 Learn about other threats PUA:WIN32/ASKTOOLBAR Detected by Microsoft Defender Antivirus Aliases: not-a-virus:WebToolbar.Win32.Agent.byv (Kaspersky) Generic Malware.nl!ats (McAfee) a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application (ESET) DataApp Installer (Sophos) PUA_AdToolbar (Trend Micro) Worm.Chir!1.A2F3 (Rising AV) Win32.Worm.Nimda.O (BitDefender) Bloodhound.MalPE (Symantec) SUMMARY This application was stopped from running on your network because it has a poor reputation. This application can affect the quality of your computing experience. We have seen this leading to the following potentially unwanted behaviors on PCs: * Adds files that run at startup * Installs browser extensions These applications are most commonly software bundlers or installers for applications such as toolbars, adware, or system optimizers. We have observed this application installing software that you might not have intended on your PC. If you were trying to install an application, you might have downloaded it from a source other than the official product's website. We usually see this application installed on PCs in the following countries. This list is sorted according to prevalence: * United States * Brazil * Mexico * Spain * Germany This detection is part of our extended Potentially Unwanted Application protection feature. WHAT TO DO NOW -------------------------------------------------------------------------------- You should contact your IT representative or network administrator to find how you can install legitimate programs while connected to your network. TECHNICAL INFORMATION -------------------------------------------------------------------------------- THREAT BEHAVIOR INSTALLATION This application can be downloaded from websites that offer third-party software downloads. For example, we have seen it downloaded from: * ak.pipoffers.apnpartners.com * www.avery.com We have seen this application use the following file names: * OffercastInstaller_AVR_U-0087-01-P_.exe * WeatherBugSetup.exe * SFInstaller_SFFZ_filezilla_8992693_.exe * YTDSetup.exe * OffercastInstaller_AVR_U-0090-01-P_.exe * Setup-SopCast-3.5.0-2012-3-22.exe * CuteWriter.exe * OffercastInstaller_AVR_U-0087-01-P_ (1).exe * OffercastInstaller_AVR_U-0112-01-P_.exe It can be digitally signed by the following vendors: * APN LLC * Ask.com * Greentree Applications SRL We have seen this application using product names such as: * Ask TBNotifier * Stub Installer * Toolbar * Offercast - APN Install Manager * APN Updater This application communicates with domains such as: * pipoffers.apnpartners.com * offers.offercast.com * 7500.biz * downloads.earthnetworks.com * files.goodgamestudios.com For example: * pipoffers.apnpartners.com/static/partners/generic/images/install.ico * offers.offercast.com/PIP/Server.jhtml? * offers.offercast.com/PIP/OfferAccept.jhtml? PAYLOAD Exhibits suspicious behaviors We have observed this application exhibit the following potentially unwanted behavior on PCs: * Installs programs that start automatically when your PC starts * Installs extensions into your browsers - often this is used to inject ads, add toolbars, or change how your browser works Installs other programs We have seen this application install other software on your PC. Some of these applications might be bundled during the installation process and not intended to be installed. We have seen it installing programs such as: * AskToolbar This description was published using automated analysis. PREVENTION Follow these general security tips to better protect your PC. SYMPTOMS -------------------------------------------------------------------------------- Alerts from your security software might be the only symptom you'll see. Follow us * * * What's new * Surface Pro * Surface Laptop * Surface Laptop Studio 2 * Surface Laptop Go 3 * Microsoft Copilot * AI in Windows * Explore Microsoft products * Windows 11 apps Microsoft Store * Account profile * Download Center * Microsoft Store support * Returns * Order tracking * Certified Refurbished * Microsoft Store Promise * Flexible Payments Education * Microsoft in education * Devices for education * Microsoft Teams for Education * Microsoft 365 Education * How to buy for your school * Educator training and development * Deals for students and parents * Azure for students Business * Microsoft Cloud * Microsoft Security * Dynamics 365 * Microsoft 365 * Microsoft Power Platform * Microsoft Teams * Microsoft 365 Copilot * Small Business Developer & IT * Azure * Developer Center * Documentation * Microsoft Learn * Microsoft Tech Community * Azure Marketplace * AppSource * Visual Studio Company * Careers * About Microsoft * Company news * Privacy at Microsoft * Investors * Diversity and inclusion * Accessibility * Sustainability English (United States) Your Privacy Choices Opt-Out Icon Your Privacy Choices Your Privacy Choices Opt-Out Icon Your Privacy Choices Consumer Health Privacy * Sitemap * Contact Microsoft * Privacy * Manage cookies * Terms of use * Trademarks * Safety & eco * Recycling * About our ads * © Microsoft 2024 Debug Version = 1.0.0.0; Send us feedback Tell us about your experience Submit feedback Thank you for your feedback