NetGroove infection is a tabbed browser based on Cromium. It is a freeware tool, created by RCPSoft company. While this browsing application seems legitimate and the company even encourages its clients to inform them of any bugs, we have our suspicions that this tool is not as reliable as it appears. First of all, the company has been producing browser hijackers like Webstart.me and users have been reporting difficulties in their removal process. Furthermore, after scanning the NetGroove Setup.exe through multiple security tools, our suspicions turned out to be correct (VirusTotal analysis).
Thorough investigation about NetGroove rogue browsing tool
NetGroove virus can be indicated as simply as a potentially unwanted program (PUP) due to its arrival into operating systems through bundles of freeware. However, the VirusTotal analysis reveals that it is detected as a Trojan. More importantly, it is treated as Key-logger malware.
Take a look at a few labels that respectable scanners put on NetGroove: Troj.Spy.Msil.Keylogger!c, Win32:Malware-gen, TrojanSpy.KeyLogger, Trojan-Spy.MSIL.Keylogger.ckfi and TrojanSpy.MSIL.KeyLogger. It is evident that the setup will prepare a malicious browsing application which will have capacities of gathering information about its users. These details can include personally identifiable information like names, email addresses, geolocations, credentials to accounts you access, credit card details and browsing history.
Furthermore, once installed, NetGroove Trojan virus will most definitely link browsers’ preferences to its search engine, producing results to search queries with the help from Duckduckgo.com. While this is a legitimate platform for searching, it does not reduce our suspicion about this browsing tool. The new default search engine is going to be Myhomepage.pro, which is the exact copy of Mybrowserhome.com.
An even more disturbing fact is that the NetGroove virus will read terminal service which is often related to Remote Desktop Protocol (RDP) (Hybrid results). Will the infection attempt to gain remote access to their clients’ operating systems? This frightening feature is possible. Furthermore, network behavior of this application is equally alarming as it will contact 17 domains and 15 hosts. The default location for the suspicious tool is %ProgramFiles% folder in which users should find NetGroove sub-folder. If you have installed this suspicious tool, we encourage you to remove it.
A browsing application you are using should not be suspected of key-logging. If your every key stroke is captured, this information could be used for identity theft or make you suffer severe financial losses. Nowadays, there are many people that access their banking accounts through the Internet. Accessing accounts through the Internet is a convenient feature, but not when a device is infected with a key-logger malware. It will be able to:
- gather all passwords you type in;
- send collected data to remote locations;
- take screenshots;
- learn which software tools are currently installed;
- gather logs of al instant messaging;
- take screenshots of the domains you visit.
Detecting a key-logger might be difficult as they are usually able to hide their presence. The NetGroove virus has been determined to be evasive as the program tries to sleep for a long time. We strongly urge you to use more appropriate browsing tools like Google Chrome or Mozilla Firefox to be certain of the security of your private details.
How to avoid such deceptive and dangerous software?
This is way we always recommend our users to do some research about an application they wish to install. To be extremely careful, you can run the setup installer you download through some scanners and see whether they find anything of a suspicious kind. If a tool is determined to be malicious, please remove the installer.
However, NetGroove Trojan virus can also travel via bundles of programs. Therefore, during installation processes always choose advanced/custom modes. During your installation of a random application, you could be recommend to get more than one tool. For your own safety, refuse these propositions. If you don’t, your cybersecurity will be put in jeopardy, together with your personally-identifiable information. Run a scan with Spyhunter and remove this suspicious tool as soon as possible.
How to remove NetGroove Trojan using Windows Control PanelMany hijackers and adware like NetGroove Trojan install some of their components as regular Windows programs as well as additional software. This part of malware can be uninstalled from the Control Panel. To access it, do the following.
- Start→Control Panel (older Windows) or press Windows Key→Search and enter Control Panel and then press Enter (Windows 8, Windows 10).
- Choose Uninstall Program (if you don't see it, click in the upper right next to "View by" and select Category).
- Go through the list of programs and select entries related to NetGroove Trojan . You can click on "Name" or "Installed On" to reorder your programs and make NetGroove Trojan easier to find.
- Click the Uninstall button. If you're asked if you really want to remove the program, click Yes.
- In many cases anti-malware programs are better at detecting related parasites, thus I recommend installing Spyhunter to identify other programs that might be a part of this infection.
Automatic Malware removal tools