SecurityHome.eu Adware:Win32/SaverExtension

Home / malware PDF

Adware:Win32/SaverExtension

First posted on 23 April 2020.
Source: Microsoft
Aliases :
Adware:Win32/SaverExtension is also known as SaverExtension, SaaverEExtenssioin, SaveNewaAppz, SaveNEiwoaAippz.
Explanation :
Installation

This program can be installed by third-party software bundlers.

It can add the following files:

%ALLUSERSPROFILE% SaaverEExtenssioin1aXycnQeQLl6Es.dat %ALLUSERSPROFILE% SaaverEExtenssioin1aXycnQeQLl6Es.exe %ALLUSERSPROFILE% SaveNEiwoaAippz6Mb3lTFyn0hyba.dat %ALLUSERSPROFILE% SaveNEiwoaAippz6Mb3lTFyn0hyba.exe %ProgramFiles%SaaverEExtenssioin1aXycnQeQLl6Es.dat %ProgramFiles% SaaverEExtenssioin1aXycnQeQLl6Es.dat %ProgramFiles% SaaverEExtenssioin1aXycnQeQLl6Es.dll %ProgramFiles% SaaverEExtenssioin1aXycnQeQLl6Es.exe %ProgramFiles% SaaverEExtenssioin1aXycnQeQLl6Es.tlb %ProgramFiles% SaaverEExtenssioin1aXycnQeQLl6Es.x64.dll %ProgramFiles% SaveNEiwoaAippz6Mb3lTFyn0hyba.dat %ProgramFiles% SaveNEiwoaAippz6Mb3lTFyn0hyba.dat %ProgramFiles% SaveNEiwoaAippz6Mb3lTFyn0hyba.dll %ProgramFiles% SaveNEiwoaAippz6Mb3lTFyn0hyba.exe %ProgramFiles% SaveNEiwoaAippz6Mb3lTFyn0hyba.tlb

It can create or modify the following registry entries:

In subkey: HKCUSoftwareMicrosoftInternet ExplorerApprovedExtensionsMigration{cea16584-6bea-4ade-b69a-63e2bb186854}

In subkey: HKCUSoftwareMicrosoftInternet ExplorerApprovedExtensionsMigration{7936c7ad-0222-40a5-a140-29374f4d72b8}

In subkey: HKCUSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{cea16584-6bea-4ade-b69a-63e2bb186854}

In subkey: HKCUSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{7936c7ad-0222-40a5-a140-29374f4d72b8}

In subkey: HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExtCLSID
Sets value: {cea16584-6bea-4ade-b69a-63e2bb186854}
With data: "1"

In subkey: HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExtCLSID
Sets value: {7936c7ad-0222-40a5-a140-29374f4d72b8}
With data: "1"

In subkey: HKLMSOFTWAREMicrosoftWindowsCurrentVersionexplorerBrowser Helper Objects{cea16584-6bea-4ade-b69a-63e2bb186854}
Sets value: "(Default)"
With data: "SaveNEiwoaAippz"

In subkey: HKLMSOFTWAREMicrosoftWindowsCurrentVersionexplorerBrowser Helper Objects{7936c7ad-0222-40a5-a140-29374f4d72b8}
Sets value: "(Default)"
With data: "SaaverEExtenssioin"

In subkey: HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstall{7304C9D1-98AD-55F0-636E-22D8DD57F176}
Sets value: "DisplayName"
With data: "SaveNEiwoaAippz"

In subkey: HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstall{274E3C5C-178E-EAE2-A52F-2863C0EECD46}
Sets value: "DisplayName"
With data: "SaaverEExtenssioin"

This program can install and enable the following web browser add-ons:

SaaverEExtenssioin SaveNEiwoaAippz

You can't disable or remove these add-ons, as shown below:

Behavior

Shows you extra advertisements

This program shows you ads with incorrect attribution as you browse the Internet, for example:

Extra ads in your search results:

Slider ads:

Ads on newly opened webpages or tabs:

You wouldn't see these extra advertisements if this program wasn't installed.

Analysis by James Dee
Last update 23 April 2020

TOP

Malware :

Last 20