RightSurf Description

RightSurf is adware that may show random pop-up ads and messages carrying discounts, offers and coupons when PC users are visiting online shopping or other similar websites. RightSurf may be embedded into Internet Explorer, Mozilla Firefox and Google Chrome Web browser without a computer user's approval. RightSurf may commonly propagate packed with freeware that PC users can download from the Internet. When the PC user decides to download and install a specific free program, it may carry extra toolbars, browser plug-ins and add-ons inserted into the installation wizard. These extra tools, specifically, RightSurf may be marked as optional apps, but if the PC user does not unmark a check box to embed them, he may end up facing undesired system modifications on the computer system. RightSurf may trace the PC user's browsing activity and transfer collected information to third-parties for the purpose of targeted advertising.

Aliases: a variant of Win32/BrowseFox.F [ESET-NOD32], a variant of Win32/BrowseFox.G [ESET-NOD32], AdWare/Win32.Agent [Antiy-AVL], Application.Win32.Altbrowse.AK [Comodo], Artemis!5215978785A6 [McAfee], Generic PUA PP [Sophos], not-a-virus:AdWare.Win32.Agent.ahbx [Kaspersky], PUP.Optional.RightSurf.A [Malwarebytes], Riskware.Win32.Agent.crkvek [NANO-Antivirus], Trojan/Win32.Zapchast [AhnLab-V3], TROJ_GEN.F47V0123 [TrendMicro-HouseCall], TROJ_GEN.F47V0125 [TrendMicro-HouseCall] and Win32.Troj.Agent.ah.(kcloud) [Kingsoft].

Do You Suspect Your PC May Be Infected with RightSurf & Other Threats? Scan Your PC with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like RightSurf as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Note: SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. Free Remover allows you to run a one-off scan and receive, subject to a 48-hour waiting period, one remediation and removal. Free Remover subject to promotional details and Special Promotion Terms. To understand our policies, please also review our EULA, Privacy Policy and Threat Assessment Criteria. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
If you still can't install SpyHunter? View other possible causes of installation issues.

Technical Information

File System Details

RightSurf creates the following file(s):
# File Name Size MD5 Detection Count
1 system32\drivers\wStLib64.sys 61,112 19f3aa4ab1fc1dd459422c30ade6310a 3,556
2 %WINDIR%\System32\drivers\wStLibG.sys 52,920 885f98228654316c8fbb53ce3d71c335 2,437
3 %WINDIR%\System32\drivers\tStLibG.sys 55,224 fb53cf4dc88f5264030bcaa29ee8e548 2,038
4 %WINDIR%\System32\drivers\tStLib.sys 55,224 d035871f2339c43d0af7ae9ffb73dfef 1,790
5 %PROGRAMFILES(x86)%\RightSurf\bin\FilterApp_C64.exe 287,008 cfb902dbe33f51294c4fcbdb061a5b7a 1,101
6 %PROGRAMFILES%\RightSurf\bin\FilterApp_C.exe 238,880 10ed03837ae22188cdf10b9fbd68fbc0 825
7 %PROGRAMFILES(x86)%\RightSurf\bin\RightSurf.BrowserAdapter.exe 95,520 97f1d9ad4f09939b1ae9d2af25644855 516
8 %PROGRAMFILES(x86)%\RightSurf\updateRightSurf.exe 97,056 4f59c31f94a05093e3c355823c9d42ef 453
9 %PROGRAMFILES(x86)%\RightSurf\bin\XTLSApp.exe 78,624 a8ea010e0885c649625a53aef35d957d 186
10 %PROGRAMFILES%\RightSurf\RightSurf.FirstRun.exe 1,088,800 defad782c537d8afbd5c84fbc83efd71 171
11 %TEMP%\is357113909\2984868_stp\RightSurfSetup.exe 231,744 7b6eeba32a72b72f92c55d7ac6f4a3bd 42
12 %PROGRAMFILES%\RightSurf\bin\RightSurfBrowserFilter.exe 42,272 58e76492408bd08d4e298ff036d42ccd 6
13 %TEMP%\RightSurf\RightSurf_Setup.exe 886,992 3bfd59c7d12847886b0692fe01ee3e4b 1
14 %PROGRAMFILES%\RightSurf\RightSurfbho.dll 249,632 526da03eed21c16f38fd35320a9b99ce 1
15 %PROGRAMFILES%\RightSurf\RightSurfuninstall.exe 241,288 af8f3986ec529b59e5a1bb73d56a8a7f 1
More files

Registry Details

RightSurf creates the following registry entry or registry entries:
SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{88be1aa9-6740-461c-9e3e-f35eb8fa741c}
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{88be1aa9-6740-461c-9e3e-f35eb8fa741c}
SYSTEM\ControlSet001\services\eventlog\Application\Update RightSurf
SYSTEM\ControlSet001\services\Update RightSurf
SYSTEM\CurrentControlSet\services\eventlog\Application\Update RightSurf
SYSTEM\CurrentControlSet\services\Update RightSurf
SYSTEM\ControlSet001\Services\Util RightSurf
SYSTEM\ControlSet002\Services\Util RightSurf
SYSTEM\CurrentControlSet\Services\Util RightSurf
The following CLSID's were found:
HKEY..\..\{CLSID Path}

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their PC with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your PC. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.