We came across a browser modifier that sports rootkit capabilities. Not only does the threat, detected as BrowserModifier:Win32/Soctuseer, cross the line that separates legitimate software from unwanted, it also takes staying under the radar to the next level.

Rootkit capabilities, which make it difficult to detect and remove applications, are usually associated with malware. Yet Soctuseer uses rootkit capabilities to conceal its presence on a computer, ultimately making it difficult for affected users to control their device and browsing experience.

Apart from hiding its presence, Soctuseer installs itself without using your browser’s supported extensibility model for installation. And, once installed and running, it takes away the control you should have about how it operates. You can’t enable or disable it from your browser settings. The result is that you can be served webpage content that is modified without your consent.

No matter how it attempts to hide, though, most Soctuseer installations and system modifications will be uncovered and removed by the Microsoft Malicious Software Removal Tool (MSRT). We’re adding detections for BrowserModifier:Win32/Soctuseer in this month’s MSRT release, helping to lessen interference to your browsing experience...


Read more: MSRT November 2016: Unwanted software has nowhere to hide in this month's release Microsoft Malware Protection Center