Reverse Page - 42% Detection Rate *

Did you just find a download or a file on your computer that has been digitally signed by Reverse Page? Some of the security products refers to the detected files as Adware.SwiftBrowse.CH and Adware.BrowseFox.BQ. The detection rate for the Reverse Page files collected here is 42%. Please read on for more details.

You will probably notice Reverse Page when clicking to run the file. The publisher name is displayed as the "Verified publisher" in the UAC dialog as the screenshot shows:

Screenshot where Reverse Page appears as the verified publisher in the UAC dialog

You can view the digital signature details for Reverse Page with the following steps:

Open up Windows Explorer and locate the Reverse Page file
Right-click the file and select Properties
Click the Digital Signatures tab
Click on the View Certificate button

Here's a screenshot of a file signed by Reverse Page:

Screenshot of the Reverse Page certificate

As you can see in the screenshot above, Windows states that "This digital signature is OK". This means that the file has been published by Reverse Page and that no one has tampered with the file.

If you click the View Certificate button shown in the screenshot above, you can see all the details of the certificate, such as when it was issued, who issued the certificate, how long it is valid, etc. You can also view the address for Reverse Page, such as the street name, city and country.

VeriSign Class 3 Code Signing 2010 CA has issued the Reverse Page certificates. You can also view the details of the issuer by clicking the View Certificate button shown in the screenshot above.

Reverse Page Files

The following are the Reverse Page files I've gathered, thanks to the FreeFixer users.

Detection Ratio	File Name
8/56	updatereversepage.exe
20/56	{0abda027-2c85-448e-a2c7-19700d09943b}gw64.sys
6/56	updateReversePage.exe
21/56	{ced0cd5d-d90d-4de5-8a7e-4196208faea0}w64.sys
21/55	ReversePage.BrowserAdapter.exe
28/57	{873e9c4a-7b09-499b-bc47-9fc4bc35c8e9}w64.sys
21/56	{11ae8de1-edc8-48db-89f9-6fe01ea64977}w64.sys
21/56	ReversePagebho.dll
27/55	{9664e2fb-2479-4d9b-8d32-25d1e0f46b03}gw64.sys
27/56	{d0ca36b1-bd62-4977-87ba-dea2e8d612b2}gw64.sys

Scanner and Detection Names

Here is the detection names for the Reverse Page files. I've grouped the detection names by each scanner engine. Thanks to VirusTotal for the scan results.

Scanner	Detection Names
ALYac	Adware.SwiftBrowse.CH, Adware.BrowseFox.BQ
AVG	Generic.C90, BrowseFox.F
AVware	Trojan.Win32.Generic!BT
Ad-Aware	Adware.SwiftBrowse.CH, Adware.BrowseFox.BQ
Agnitum	Riskware.Agent!
AhnLab-V3	Win-PUP/BrowseFox.Gen
Antiy-AVL	RiskWare[WebToolbar:not-a-virus]/Win32.Agent, GrayWare[NetTool:not-a-virus]/Win64.NetFilter.a
Avira	ADWARE/BrowseFox.Gen7, ADWARE/BrowseFox.Gen, ADWARE/BrowseFox.Gen2
Baidu-International	Adware.MSIL.BrowseFox.bH, Adware.Win32.BrowseFox.BAC, Adware.Win64.BrowseFox.CG, Adware.Win32.BrowseFox.bO, Adware.Win64.BrowseFox.BCG
BitDefender	Adware.SwiftBrowse.CH, Adware.BrowseFox.BQ
ClamAV	Win.Adware.Swiftbrowse-497, Win.Adware.Swiftbrowse-1009
Comodo	Application.Win32.BrowseFox.JM
DrWeb	Trojan.Yontoo.400, Tool.NetFilter.313, Trojan.Yontoo.495, Trojan.BPlug.142
ESET-NOD32	a variant of MSIL/BrowseFox.H, a variant of Win64/BrowseFox.CG, a variant of Win32/BrowseFox.AC, a variant of Win32/BrowseFox.O
Emsisoft	Adware.SwiftBrowse.CH (B), Adware.BrowseFox.BQ (B)
F-Prot	W64/A-59c9c70a!Eldorado, W32/S-a777f78c!Eldorado, W32/S-7bed2e86!Eldorado
F-Secure	Adware.SwiftBrowse.CH, Adware.BrowseFox.BQ
Fortinet	Adware/BrowseFox
GData	Adware.SwiftBrowse.CH, Adware.BrowseFox.BQ
Jiangmin	AdWare/Yotoon.aq, Adware/Agent.amlx, AdWare/Kranet.ao
K7AntiVirus	Adware ( 700000121 ), Adware ( 0040f9f21 ), Trojan ( 0040f9921 )
K7GW	Adware ( 700000121 ), Adware ( 0040f9f21 )
Kaspersky	not-a-virus:NetTool.Win64.NetFilter.a
Malwarebytes	PUP.Optional.ReversePage.A
McAfee	Artemis!17AD95485600, Artemis!C3243193388F, Artemis!EAAEC06E8C11, Artemis!8670FAC62DA7
McAfee-GW-Edition	Artemis
MicroWorld-eScan	Adware.SwiftBrowse.CH, Adware.BrowseFox.BQ
NANO-Antivirus	Riskware.Win32.BrowseFox.dmmpgu, Trojan.Win32.BPlug.ddwtte, Riskware.Win64.NetFilter.dmmmkj, Riskware.Win64.NetFilter.dlpoid
Panda	Trj/CI.A
Qihoo-360	Win32/Virus.Adware.708, Win32/Virus.NetTool.32d, HEUR/QVM10.1.Malware.Gen
Symantec	Trojan.Gen.2
TrendMicro	HS_BROWSEFOX.SM, TROJ_GEN.F0C2C00AB15
TrendMicro-HouseCall	Suspicious_GEN.F47V0204, Suspicious_GEN.F47V0117, TROJ_GEN.F0C2C00AB15
VBA32	AdWare.Kranet
VIPRE	Trojan.Win32.Generic!BT
Zillya	Adware.Yotoon.Win64.14, Adware.Agent.Win32.38198
nProtect	Adware.SwiftBrowse.CH, Adware.BrowseFox.BQ

* How the Detection Percentage is Calculated

The detection percentage is based on that I have gathered 1291 scan results for the Reverse Page files. 547 of these scan reports came up with some sort of detection. If you like, you can review the full details of the scan reports by examining the files listed above.

Analysis Details

The analysis is based on certificates with the following serial numbers:

49b8c5928fd288cb8dbc7b5824ac1bf6

Comments

_Mike_ writes

1 thumb

{0abda027-2c85-448e-a2c7-19700d09943b}Gw.sys
How do I remove this?

# 26 Dec 2016, 12:46

Roger Karlsson writes

0 thumbs

@Mike: FreeFixer should be able to remove the .sys file. The file should appear under "Drivers" in FreeFixer's scan result.

# 17 May 2017, 6:27