We came across a
browser modifier that sports
rootkit capabilities. Not only does the threat, detected as
BrowserModifier:Win32/Soctuseer, cross the line that separates legitimate software from
unwanted, it also takes staying under the radar to the next level.
Rootkit capabilities, which make it difficult to detect and remove applications, are usually associated with
malware. Yet
Soctuseer uses rootkit capabilities to conceal its presence on a computer, ultimately making it difficult for affected users to control their device and browsing experience.
Apart from hiding its presence,
Soctuseer installs itself without using your browser’s supported extensibility model for installation. And, once installed and running, it takes away the control you should have about how it operates. You can’t enable or disable it from your browser settings. The result is that you can be served webpage content that is modified without your consent.
No matter how it attempts to hide, though, most
Soctuseer installations and system modifications will be uncovered and removed by the
Microsoft Malicious Software Removal Tool (MSRT). We’re adding detections for
BrowserModifier:Win32/Soctuseer in this month’s MSRT release, helping to lessen interference to your browsing experience...
