Application.BrowsEx.Apps.J Virus ?
Hello,
Does anyone know anything about a virus called Application.BrowsEx.Apps.J ? I can't find much of anything on-line. I picked this up recently from an infected on-line update for a commercial program called LTspice. It apparently infects update.exe and .msi installation files that it finds on the affected PC. Bitdefender can remove the virus itself but can't repair the damaged installation files. I was able to remove it by doing a complete system restore from a clean backup, and Bitdefender now reports no infection.
I would still very much like to know what the virus might have been doing during the two weeks or so that it was active on my PC.
Thanks in advance !
Answers
-
The detection is related to adware, potentially unwanted programs (PUP), or potentially unwanted applications (PUA) associated with web browser extensions that are either installed manually or somehow installed without the user notice through bundled application software. More information about adware and PUP/PUA can be found in the link below.
Threat Breakdown:
- Application: Refers to any application that poses a potential threat to the system.
- BrowsEx: Indicates that the threat is related to a web browser extension.
- Apps: Denotes that the threat is part of a broader application package that may contain bundled software. This bundled software could automatically install extensions in the web browser without the user consent or awareness.
- J: The "J" is a placeholder or identifier—often a random letter or number used in the detection signature by anti-malware software. It doesn’t carry specific meaning but helps differentiate between various threats.
I recently downloaded the latest version of the LTspice software application and conducted a security scan using VirusTotal. Initially, Bitdefender flagged the file as a potential threat. However, after rescanning, Bitdefender removed the detection, suggesting that the initial result was likely a false positive. Below is the link to the latest VirusTotal scan result.
https://www.virustotal.com/gui/file/032a2331ef99ec31a3736147c35abb48ce1a48077b2825bca5f5baccd9fa9d73?nocache=1
Regards
Life happens, Coffee helps!
Show your Attitude, when you reach that Altitude!
Bitdefender Ultimate Security Plus (user)
0 -
Hello Flexx,
Thank you for your very helpful reply. However, I'm still somewhat confused. I looked at the VirusTotal scan result that you sent, and it appears that 3 out of 48 anti-malware resources identified infections in the LTspice64.msi installer. Were these false positives, and why was a different infection flagged in each of the 3 positives ?
You also said, if I'm not misunderstanding, that Bitdefender initially identified an infection but not upon rescanning. So Bitdefender removed the infection during the first scan ?
I believe that Application.BrowsEx.Apps.J is more than just simple adware. As I mentioned previously it appears to spread to update.exe and .msi installer files on the affected computer. For example, with the virus active several attempts to update the DuckDuckGo browser failed, and Bitdefender identified that update installation file as one of the ones that was infected. After removing the virus (by restoring the system from a clean backup) there was no problem with the DuckDuckGo update. There's also the fact that I never saw any actual pop-up ads when the supposed adware was active.
Best Wishes,
VicB
0 -
Thank you for your very helpful reply. However, I'm still somewhat confused. I looked at the VirusTotal scan result that you sent, and it appears that 3 out of 48 anti-malware resources identified infections in the LTspice64.msi installer. Were these false positives, and why was a different infection flagged in each of the 3 positives ?
As of now, the VirusTotal scan results for the file show that only 2 antimalware vendors are flagging it as malicious out of more than 40 reputable antimalware vendors. This trend generally indicates that the file is increasingly being recognized as a false positive — an incorrect detection — and that most vendors are gradually removing their alerts as their signature databases are updated.
You also said, if I'm not misunderstanding, that Bitdefender initially identified an infection but not upon rescanning. So Bitdefender removed the infection during the first scan ?
So, when you scanned the file, Bitdefender still had the detection in place. By the time I checked, that detection had already been removed — possibly due to it being reclassified as a false positive after further investigation by Bitdefender malware researchers. It’s likely that, in the time between your scan and mine, someone — perhaps one of the many users of the software — submitted the file to Bitdefender for review. Given the software widespread use, Bitdefender malware research team may have reanalyzed the file, concluded it was not malicious, and subsequently removed the detection in a malware definition update.
I believe that Application.BrowsEx.Apps.J is more than just simple adware. As I mentioned previously it appears to spread to update.exe and .msi installer files on the affected computer. For example, with the virus active several attempts to update the DuckDuckGo browser failed, and Bitdefender identified that update installation file as one of the ones that was infected. After removing the virus (by restoring the system from a clean backup) there was no problem with the DuckDuckGo update. There's also the fact that I never saw any actual pop-up ads when the supposed adware was active.
Bitdefender typically uses the Application.BrowsEx detection name for adware, potentially unwanted programs (PUP), or potentially unwanted applications (PUA) that are specifically related to web browser extensions. The BrowsEx label refers to browser extensions, and I can say this with confidence because I have submitted many browser-based adware, PUP, and PUA samples to Bitdefender's malware research team over time. When these files were confirmed as malicious, the detections were consistently categorized under the BrowsEx label.
That said, I understand your concerns. While Application.BrowsEx usually refers to adware or browser-related PUP/PUA detections, the behavior you observed — including difficulties updating the DuckDuckGo browser and detections involving update.exe and .msi files — may suggest more aggressive or abnormal behavior. In some cases, a PUP/PUA or adware may carry additional components or deliver secondary payloads. These secondary payloads are often malicious or unwanted software that is silently installed or executed alongside the original program, typically without the user knowledge.
It’s important to note that not all PUP/PUA or adware behave the same way. Some may silently interfere with system processes, browser updates, or other background operations. If the infection spread to unrelated files or caused issues with installations, it could indicate behavior that goes beyond typical adware. In such cases, restoring your system from a clean backup, as you did, was the best course of action.
For more information, kindly contact Bitdefender support by visiting
Select, How to's & Troubleshooting Bitdefender products→Troubleshooting→I don't know→Contact Support→ You will get the option of chat, call or email.
To get immediate update, make use of the chat option. Once the AI chatbot recommends a series of solutions, you can type in the chat, 'transfer to an agent,' and you will be transferred to a Bitdefender support agent. Bitdefender support may require logs and will assist you in generating them.
Also, ensure you do not have any ad-blocker or privacy-blocker extensions enabled, as they might prevent the chat window from appearing.
Regards
Life happens, Coffee helps!
Show your Attitude, when you reach that Altitude!
Bitdefender Ultimate Security Plus (user)
0 -
Hello Flexx,
Thanks again for the very detailed response. Sorry if I'm being dense here, but I still seem to be missing something. The VirusTotal results are indicating that the PUP detection is in fact a false positive. But it's not, because when I ran the LTspice update there was real malware installed on my system.
Perhaps I should add that, whenever possible, I scan any downloaded update file with Bitdefender and, for a second opinion, with Trojan Remover before executing. In the future I will use VirusTotal. But in this case the LTspice update was done from within the program itself and not from a downloaded file. Therefore, my Bitdefender scan was done on the infected PC and not on the update installation file.
Was the VirusTotal scan done on the full LTspice installation file or on the update file ? We may be talking about two different files here. Perhaps what is being seen in the full installation file is a false positive, but what's in the update file is real.
Thanks Again,
VicB
0 -
Well, I cannot reproduce the malicious environment that you mentioned, because when I recently installed the LTspice software, it installed without causing any issues.
Furthermore, if you believe there is a genuine malicious threat or suspicious behavior, you can submit the sample to the Bitdefender Malware Research Team using the link provided below. In the Description section, kindly explain why you believe the file is a cause for concern so that the Bitdefender Malware Research Team can perform a thorough analysis based on your description.
If you believe that a website or file is not being detected by Bitdefender as malicious or phishing, kindly report it to Bitdefender malware research team using the form provided at the link below:
https://www.bitdefender.com/consumer/support/answer/29358/
If the website or file is found to be malicious or phishing, detection will be added within a maximum of 72 hours. However, if no detection is created after 72 hours, the website or file will be considered safe, as determined by our malware researchers.
Additionally, as far as I know, VirusTotal scans each file, including those inside compressed folders and subfiles within executable files. For more detailed information, you can reach out to VirusTotal Support using the link provided below.
https://www.virustotal.com/gui/contact-us/support
Regards
Life happens, Coffee helps!
Show your Attitude, when you reach that Altitude!
Bitdefender Ultimate Security Plus (user)
0 -
Hello Flexx,
Thanks again for all your help with this. Just one final comment before I sign off. It's good that you were able to download LTspice without incident. I'm going to assume that while all this was going on the parent company (Analog Devices) found and fixed the problem so that what's now available on-line is uninfected. The problem was first reported here (https://ez.analog.com/design-tools-and-calculators/ltspice/f/q-a/595204/updater-exe-application-browsex-apps-j) last Saturday. Interestingly, it was found using VirusTotal. So, Analog Device knows about this and has had time to fix their update installer.
Best Wishes,
VicB
0 -
Well, you're mixing things up a bit. The new, fixed version of LTspice has nothing to do with the older version. Let me explain how this works:
Every file on your computer (whether it's a document, video, installer, etc.) has a unique identifier called a file hash. A file hash is like a digital fingerprint. If a file changes even slightly (like a single byte), the file hash will also change.
Now, the version of LTspice that Bitdefender flagged as malicious had a different file hash compared to the one that LTspice may have updated later. When an issue like this happens, developers don’t go back and "fix" the old installer; instead, they release a new version with a different file hash.
So, when Bitdefender researchers worked on removing the detection, they did so for the older file version (the one originally flagged), not for any new version of the software. This means Bitdefender likely updated their detection database for that older file.
Your statement that "Analog Devices knows about this and has had time to fix their update installer" isn't verifiable unless we know the exact hashes for both the old and new files. If Analog Devices released a fixed installer, that would be a new version with a different file hash (e.g., version 1.1 instead of 1.0). If both files have the same version number, then the developers didn’t make any changes to the file itself, and it was just Bitdefender that stopped flagging the file.
In conclusion, if the new version of the LTspice installer has the same version number (e.g., LTspice v1), it means the developers didn't necessarily address the issue directly. Bitdefender could have just updated its detection to remove the false positive, and no developer fix would have been involved.
For more information related to file hash, you can check the below stated link.
https://nordvpn.com/cybersecurity/glossary/file-hash/
I hope this clears things up!
Regards
Life happens, Coffee helps!
Show your Attitude, when you reach that Altitude!
Bitdefender Ultimate Security Plus (user)
0
