Adware.FrameFox

By ESGI Advisor in Adware

Threat Scorecard

Popularity Rank:	15,166
Threat Level:	20 % (Normal)
Infected Computers:	22,113

First Seen:	December 23, 2013
Last Seen:	October 24, 2025
OS(es) Affected:	Windows

Framefox is a Web browser extension that may have numerous unwanted effects on affected computer systems. Although security researchers have classified Framefox as a Potentially Unwanted Program, there are extremely harmful characteristics associated with Framefox, including the fact that Framefox is developed by Duuqu, which may be associated with Duqu. Duqu was associated with high profile attacks on various targets in 2011 as well as with the infamous Stuxnet, one of the most well-known threats in recent years. Although specific damaging intentions have not been observed in the case of Framefox, security researchers strongly recommend removing and avoiding Framefox immediately to prevent other threats or PUPs from making their way into the affected computer.

Table of Contents

Understanding How Framefox is Distributed

There are several ways in which Framefox may be distributed. Framefox and similar PUPs may be distributed using the following methods:

Framefox may be installed as a Web browser extension and is commonly bundled with low quality freeware. Even though PC users may opt out of the installation of Framefox, not paying attention to the installation process may allow marketers to install PUPs like Framefox on the affected Web browser. You can prevent this from happening by monitoring carefully all new software installations and opting out of installing unwanted components like Framefox.
Framefox may be distributed using social engineering techniques. In most cases, these consist in tricking inexperienced computer users into believing that Framefox is a useful Web browser extension and then prompting them to download and install Framefox by themselves. It is important to know that social engineering is an essential part of most modern threats and that most other threat distribution methods may involve social engineering to some degree (for example, spam email messages with corrupted attachments may use social engineering strategies to trick inexperienced computer users into opening the attached files).
Framefox may also be distributed through email, social media, or instant messaging spam. These messages may contain risky attachments that, when opened, install Framefox on the affected Web browser.

SpyHunter Detects & Remove Adware.FrameFox

File System Details

Adware.FrameFox may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	framefox.exe.vir	6017ca94be482bcb527d92c6d481b2cc	16,777
Name: framefox.exe.vir MD5: 6017ca94be482bcb527d92c6d481b2cc Size: 287.21 KB (287216 bytes) Detections: 16,777 Path: C:\$Recycle.Bin\S-1-5-21-1788207478-340930373-1749900118-1000\$RWA9VJ1\Quarantine\C\Program Files (x86)\FrameFox\Extensions\InternetExplorer\framefox.exe.vir Group: Malware file Last Updated: February 2, 2025
2.	FrameFoxSetup.exe	cfdfb01c8f4cc858dd098aaea145c5e1	6
Name: FrameFoxSetup.exe MD5: cfdfb01c8f4cc858dd098aaea145c5e1 Size: 492.23 KB (492232 bytes) Detections: 6 Type: Executable File Path: C:\Users\<username>\recup données\ACER\claire et david\AppData\Local\Temp\FrameFoxSetup.exe Group: Malware file Last Updated: October 24, 2025
3.	FrameFox_1909-357c9206.exe	f69ab43eb987667d54518527148c5528	5
Name: FrameFox_1909-357c9206.exe MD5: f69ab43eb987667d54518527148c5528 Size: 492.23 KB (492232 bytes) Detections: 5 Type: Executable File Path: %TEMP%\n1399 Group: Malware file Last Updated: November 2, 2020
4.	framefox.exe	112c2f2558abf9fb8dd77881b8f865ac	2
Name: framefox.exe MD5: 112c2f2558abf9fb8dd77881b8f865ac Size: 151.76 KB (151769 bytes) Detections: 2 Type: Executable File Path: %PROGRAMFILES%\FrameFox\Extensions\InternetExplorer Group: Malware file Last Updated: December 23, 2013

More files

Registry Details

Adware.FrameFox may create the following registry entry or registry entries:

HKEY..\..\..\..{RegistryKeys}

SOFTWARE\Classes\Installer\Features\098CCE33084C42149BB5AB630E521B02

SOFTWARE\Classes\Installer\Products\098CCE33084C42149BB5AB630E521B02

SOFTWARE\Duuqu\FrameFox

SOFTWARE\Duuqu\Update\Clients\{AC14D5E8-02B7-4849-B31E-35E81F72D121}

SOFTWARE\FrameFox

SOFTWARE\Microsoft\Windows\CurrentVersion\Run\FrameFox Extensions

SOFTWARE\Wow6432Node\Duuqu\FrameFox

SOFTWARE\Wow6432Node\Duuqu\Update\Clients\{AC14D5E8-02B7-4849-B31E-35E81F72D121}

SOFTWARE\Wow6432Node\FrameFox

SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\FrameFox Extensions

HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}

{010BE806-614F-48F2-B83A-29DF45E6AC7D}

{33ECC890-C480-4124-B95B-BA36E025B120}

Directories

Adware.FrameFox may create the following directory or directories:

%ProgramFiles%\FrameFox

%ProgramFiles(x86)%\FrameFox

%Windir%\Installer\{33ECC890-C480-4124-B95B-BA36E025B120}

URLs

Adware.FrameFox may call the following URLs:

FrameFox

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Adware.FrameFox

Threat Scorecard

EnigmaSoft Threat Scorecard

Understanding How Framefox is Distributed

SpyHunter Detects & Remove Adware.FrameFox

File System Details

Registry Details

Directories

URLs

Submit Comment

Trending

American Express - Sign-in Attempt Was Blocked Scam

OKX Rewards Scam

Chainspanhub.com

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Discord Is Stuck on Gray Screen

Discord Shows Black Screen when Sharing Screen