Adware:Win32/Vidsaver

Posted: January 18, 2013

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Ranking:	4,308
Threat Level:	2/10
Infected PCs:	17,814

First Seen:	January 18, 2013
Last Seen:	October 16, 2023
OS(es) Affected:	Windows

Adware:Win32/Vidsaver is an adware program that displays offers linked to a victim's web browsing habits. Adware:Win32/Vidsaver can be downloaded from the applications's website. Adware:Win32/Vidsaver displays offers in the affected web browser which claim 'ads not by this site' or show the text 'Ads by Vid-Saver plugin' when a PC user places the mouse cursor over them may indicate the existence of Adware:Win32/Vidsaver on their computers. When launched, the installer for Adware:Win32/Vidsaver creates a folder named 'Vidsaver' and installs the files there. The icon for Adware:Win32/Vidsaver will appear. Adware:Win32/Vidsaver installs itself as a BHO (browser helper object), which can be seen in Internet Explorer's Manage Add-ons window. Adware:Win32/Vidsaver also installs itself as a Google Chrome extension by dropping the files. Adware:Win32/Vidsaver creates an installation entry in the Programs and Features section of the Control Panel, and running this uninstaller may remove Adware:Win32/Vidsaver from the PC. When installed, Adware:Win32/Vidsaver displays offers to a computer user as he/she browses the web. Adware:Win32/Vidsaver also changes certain keywords on websites with a hyperlink. The destination of the hyperlink is based on the keyword.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

43CF451E785F3EEF571F1E4E6319B6002AADC46C.exe

File name: 43CF451E785F3EEF571F1E4E6319B6002AADC46C.exe
Size: 1.98 MB (1988472 bytes)
MD5: d9ba18c428c84f6d120c405f88fa09dd
Detection count: 71
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: January 22, 2013

cdc07802fa8a66e08f84c5eeb44a7ef1

File name: cdc07802fa8a66e08f84c5eeb44a7ef1
Size: 1.98 MB (1989096 bytes)
MD5: c99517dcbb192427b4da5db30c12bec6
Detection count: 68
Group: Malware file
Last Updated: January 22, 2013

5560cb14577d42dbb336b515f4c3d49d

File name: 5560cb14577d42dbb336b515f4c3d49d
Size: 1.98 MB (1988456 bytes)
MD5: de7db704ad0d4453239aeba2bd7fe378
Detection count: 66
Group: Malware file
Last Updated: January 22, 2013

buttonutil.dll

File name: buttonutil.dll
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file

vid-saver.ico

File name: vid-saver.ico
Mime Type: unknown/ico
Group: Malware file

vid-saver-bg.exe

File name: vid-saver-bg.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

vid-saver.exe

File name: vid-saver.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

vid-saver.ini

File name: vid-saver.ini
Mime Type: unknown/ini
Group: Malware file

vid-saver.dll

File name: vid-saver.dll
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file

%LOCALAPPDATA%\Google\Chrome\user data\Default\databases\chrome-extension_pgmfkblbflahhponhjmkcnpjinenhlnc_0\3

File name: %LOCALAPPDATA%\Google\Chrome\user data\Default\databases\chrome-extension_pgmfkblbflahhponhjmkcnpjinenhlnc_0\3
Group: Malware file

%LOCALAPPDATA%\Google\Chrome\user data\Default\databases\databases.db-journal

File name: %LOCALAPPDATA%\Google\Chrome\user data\Default\databases\databases.db-journal
Mime Type: unknown/db-journal
Group: Malware file

%LOCALAPPDATA%\Google\Chrome\user data\Default\databases\databases.db

File name: %LOCALAPPDATA%\Google\Chrome\user data\Default\databases\databases.db
Mime Type: unknown/db
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

CLSID{11111111-1111-1111-1111-110011341191}{22222222-2222-2222-2222-220022342291}{33333333-3333-3333-3333-330033343391}{44444444-4444-4444-4444-440044344491}{55555555-5555-5555-5555-550055345591}{66666666-6666-6666-6666-660066346691}{77777777-7777-7777-7777-770077347791}HKEY..\..\..\..{RegistryKeys}Software\AppDataLow\Software\Vid-SaverSOFTWARE\Classes\CrossriderApp0003491.BHOSOFTWARE\Classes\CrossriderApp0003491.BHO.1SOFTWARE\Classes\CrossriderApp0003491.FBApiSOFTWARE\Classes\CrossriderApp0003491.FBApi.1SOFTWARE\Classes\CrossriderApp0003491.SandboxSOFTWARE\Classes\CrossriderApp0003491.Sandbox.1Software\Cr_Installer\3491Software\InstalledBrowserExtensions\215 Apps\3491SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Vid-Saver-repairJobSOFTWARE\Vid-SaverSOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191}SOFTWARE\Wow6432Node\Microsoft\Tracing\Vid-Saver_RASAPI32SOFTWARE\Wow6432Node\Microsoft\Tracing\Vid-Saver_RASMANCSSOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Vid-Saver-repairJobHKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}Vid-Saver

Additional Information

The following directories were created:

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Vid-Saver%LOCALAPPDATA%\Updater3491%LOCALAPPDATA%\Vid-Saver%PROGRAMFILES%\Vid-Saver%PROGRAMFILES(x86)%\Vid-Saver

The following URL's were detected:

Vid-Savervid-saver.com