Adware.Saveshare

Adware.Saveshare Description


SaveShare is adware that usually is bundled with compromised installers for legitimate freeware programs. After infecting your PC through such dishonest methods, SaveShare will display advertisements in your browser – particularly whenever you visit popular pages like Facebook or Youtube, although SaveShare’s advertisements are not limited to these sites. Although SaveShare is only a low-level PC threat that should be considered a very minor danger to your PC, SpywareRemove.com malware experts still suggest deleting SaveShare, like any adware, through appropriate anti-malware solutions that can preserve the integrity of your Web-browsing experience.

SaveShare: Sharing All the Advertisements You Don’t Want


SaveShare (or Adware.Saveshare), which should not be confused with the game savefile-sharing Android app of the same name, is an adware program designed to display advertisements. SpywareRemove.com malware researchers have noted two distinct methods of advertisement delivery implemented by SaveShare as explained below:
  • SaveShare will display graphical advertisements on major media and social networking websites. These advertisements appear regardless of what your advertisement-filtering settings may happen to be.
  • SaveShare also injects hyperlink-based advertisements into the text content of other sites. For example, the word ‘eggs’ in an article may provide a link to a grocery site promoted by SaveShare.
    DOWNLOAD NOW

    » Learn more about SpyHunter's Spyware Detection Tool
    and steps to uninstall SpyHunter.

    These attacks can occur on essentially any site that has text-based content.

As a silver lining to these non-consensual advertisements, SpywareRemove.com malware researchers were glad to note that SaveShare does, at least, clearly mark its advertisements so that they can be distinguished from your normal website content.

Saving Your Eyes the Trouble of Surveying SaveShare Advertisements


Like adware of any stripe, SaveShare isn’t beneficial to your PC and should be removed as a general rule of thumb for keeping your browser’s performance and security at optimal levels. SpywareRemove.com malware experts recommend using anti-malware software for deleting SaveShare and similar adware – particularly since SaveShare sometimes uses some non-consensual installation methods that also may install other PC threats.

SaveShare has been known to install itself to more than one browser at a time. Unlike a legitimate browser add-on, SaveShare’s modifications don’t include visible components (such as a toolbar) that would allow you to find and delete the source of your SaveShare advertisements with a minimum of difficulty. Other than its advertisements, there are no discreet symptoms of a SaveShare infection.

SaveShare sometimes is installed through compromised packages for other programs such as Daemon Tools Lite. These installers should be avoided in favor of official installers that don’t include unwanted ‘additions’ like SaveShare or other adware. SpywareRemove.com malware experts also urge you to pay careful attention to any browser-changing options presented while you’re installing any new application since such options often are vehicles for SaveShare and other low-level PC threats.

Aliases


Adware.Win32.MultiPlug.I [Baidu-International]Generic5.AFXS [AVG]AdWare.Win32.Plugie.a [Rising]a variant of Win32/Adware.MultiPlug.I [ESET-NOD32]Win32.Troj.Generic.a.(kcloud) [Kingsoft]Trojan.Win32.Generic!BT [VIPRE]ApplicUnwnt [Comodo]Win32:BHO-AML [Spy] [Avast]PUP.Optional.MultiPlug.A [Malwarebytes]Artemis!E9B27306A18F [McAfee]

More aliases (11)


Adware.Saveshare Automatic Detection Tool (Recommended)


Is your PC infected with Adware.Saveshare? To safely & quickly detect Adware.Saveshare we highly recommend you run the malware scanner listed below.



Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
  • The following files were created in the system:
    # File Name Detection Count
    1 %AllUsersProfile%\saVenshaare! 300
    2 %ALLUSERSPROFILE%\Application Data\saveanShaare 284
    3 %ALLUSERSPROFILE%\saveanShaare 281
    4 %ProgramFiles%\Saveshare 269
    5 %ProgramFiles(x86)%\Saveshare 265
    6 %ALLUSERSPROFILE%\Application Data\saveaNshare 259
    7 %ALLUSERSPROFILE%\saveaNshare 253
    8 chrome-extension_mefmcjgepokbgnkmcikhbcljihdnoggl_0.localstorage-journal 203
    9 chrome-extension_mefmcjgepokbgnkmcikhbcljihdnoggl_0.localstorage 200
    10 %ALLUSERSPROFILE%\ Siaveensharee\ O1.dll 197

    More files

Registry Modifications

Tutorial: To edit and delete registry entries manually, read the tutorial on how to remove malicious registry entries.

Tip & Warning: Editing and removing the wrong registry keys can severely damage your PC, so remember to backup your Windows Registry! To optimize your Windows Registry and speed up your PC, download RegHunter's registry cleaner.
  • The following newly produced Registry Values are:
    HKEY..\..\..\..{RegistryKeys}Classes\saviENshare..saviENshare..5.10i.ssaivensharesaVensshare.saVenssharesaVensshare.saVensshare.5.10savueinshare.savueinsharesavueinshare.savueinshare.5.10SOFTWARE\Classes\i.ssaivenshareSOFTWARE\Classes\saavensuharE.saavensuharE.5.10SOFTWARE\Classes\saveanshaare.saveanshaareSOFTWARE\Classes\saveanshaare.saveanshaare.5.10SOFTWARE\Classes\saveenshare.saveenshareSOFTWARE\Classes\saveenshare.saveenshare.5.10SOFTWARE\Classes\saVensshare.saVensshareSOFTWARE\Classes\saVensshare.saVensshare.5.10SOFTWARE\Classes\savueinshare.savueinshareSOFTWARE\Classes\savueinshare.savueinshare.5.10Software\Microsoft\Internet Explorer\Approved Extensions, value: {5B5E60F5-7778-D8BF-4529-4EC3D2069A6A}Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{5B5E60F5-7778-D8BF-4529-4EC3D2069A6A}SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{1993DC35-823E-1989-1DC7-3924AAF12C42}SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{2044E087-C17A-6E4C-45FD-35650A67A2C6}SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{2C40E766-EAC3-3031-2134-913A70B30BCB}SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3C081C04-E1A7-BE90-9F9A-9B5C41C054EC}SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{5A7EE4D9-D365-B41A-7C58-42097F19E9E3SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{869B536E-874E-DD39-3132-C5CEE5DC1699}SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{8E3F38F6-D331-1651-97D1-F195176F2922}SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{AA8DFEC9-9B34-4F4C-8E2B-796D96302798}SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1993DC35-823E-1989-1DC7-3924AAF12C42}SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2044E087-C17A-6E4C-45FD-35650A67A2C6}Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3C081C04-E1A7-BE90-9F9A-9B5C41C054EC}Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5B5E60F5-7778-D8BF-4529-4EC3D2069A6A}Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3C081C04-E1A7-BE90-9F9A-9B5C41C054EC}Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5B5E60F5-7778-D8BF-4529-4EC3D2069A6A}SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID, value: {3C081C04-E1A7-BE90-9F9A-9B5C41C054EC}SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID, value: {1993DC35-823E-1989-1DC7-3924AAF12C42}SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID, value: {5B5E60F5-7778-D8BF-4529-4EC3D2069A6A}SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID, value: {5B5E60F5-7778-D8BF-4529-4EC3D2069A6A}SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{1993DC35-823E-1989-1DC7-3924AAF12C42}SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{2C40E766-EAC3-3031-2134-913A70B30BCB}SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3C081C04-E1A7-BE90-9F9A-9B5C41C054EC}SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{5A7EE4D9-D365-B41A-7C58-42097F19E9E3SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{5B5E60F5-7778-D8BF-4529-4EC3D2069A6A}SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{8E3F38F6-D331-1651-97D1-F195176F2922}SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{AA8DFEC9-9B34-4F4C-8E2B-796D96302798}SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1993DC35-823E-1989-1DC7-3924AAF12C42}SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2044E087-C17A-6E4C-45FD-35650A67A2C6}SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5B5E60F5-7778-D8BF-4529-4EC3D2069A6A}SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID, value: {1993DC35-823E-1989-1DC7-3924AAF12C42}HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}{62D82EC1-0D3A-DF54-8E3E-07E1337A5311}
  • The following CLSID's were detected:
    HKEY..\..\{CLSID Path} {5B5E60F5-7778-D8BF-4529-4EC3D2069A6A}{2044E087-C17A-6E4C-45FD-35650A67A2C6}{869B536E-874E-DD39-3132-C5CEE5DC1699}{63E95A0E-83F3-DFAB-5C0F-D9B381ABAAE4}{1993DC35-823E-1989-1DC7-3924AAF12C42}{8E3F38F6-D331-1651-97D1-F195176F2922}{AA8DFEC9-9B34-4F4C-8E2B-796D96302798}{5A7EE4D9-D365-B41A-7C58-42097F19E9E3}{62D82EC1-0D3A-DF54-8E3E-07E1337A5311}{3C081C04-E1A7-BE90-9F9A-9B5C41C054EC}
Posted: August 8, 2013 | By
Share:
Rate this article:
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...
Threat Metric
Threat Level: 2/10
Detection Count: 41,572

Leave a Reply

What is 13 + 6 ?
Please leave these two fields as-is:
IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)