Deal Keeper
Posted: July 29, 2014
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Ranking: | 5,666 |
---|---|
Threat Level: | 2/10 |
Infected PCs: | 18,840 |
First Seen: | July 17, 2014 |
---|---|
Last Seen: | October 10, 2023 |
OS(es) Affected: | Windows |
Deal Keeper is a derivative of the Yontoo Adware, and like Yontoo, modifies your browser's settings so that extra advertisements can display. Although Deal Keeper concentrates its advertisements towards online retailer-related content, Deal Keeper may have adverse effects on your browser's stability or its safety, and malware researchers find few reasons to refrain from uninstalling Deal Keeper. To be sure of its complete removal, as well as the reversal of any associated browsing settings, you may wish to consider using dedicated anti-malware or anti-adware software, which also has the benefit of deleting associated threats (such as adware installers concealed via Trojan droppers).
Buying into a Deal that Downgrades Your Browser
Variants and associated programs for Yontoo products have gone through a wide range of revisions, including SurfEnhance, TornTV Hijacker and, now, Deal Keeper. Despite their changes in brand names, these products always have two primary functions, both of which malware researchers were able to confirm for Deal Keeper:
- The adware loads pop-up advertisements in a superimposed format above other Web pages. These pop-ups may prevent you from accessing some parts of the website's content or interface. Your Web-browsing behavior also may be tracked for Deal Keeper and similar adware to provide context-based advertisements.
- Your Web browser's search settings may be modified to use an alternative search site or to insert extra, 'sponsored' search results. The latter is not always visually distinguishable from native result links.
While malware researchers have watched for potential signs of Deal Keeper using its functions for threatening ends, at the present time, Deal Keeper only loads advertisements for retailers and other shopping-related links. However, adware networks may be compromised by persons who use them to distribute various attacks, which provide the predominant reason for why removing Deal Keeper is encouraged.
Keeping Your PC Safe from Bad Deals
Deal Keeper sometimes is reported to be installed automatically, which most usually is the result of the victim installing a bundle with more than one program's installation routine embedded in it. In the most benign cases, merely identifying offers to install (or avert the installation of) third-party products can help you avoid Deal Keeper. Anti-adware programs also should be able to identify these bundle-based installers, which tend to circulate on freeware websites.
Adware programs like Deal Keeper frequently claim to be simple to uninstall, but refuse to delete their browser-modifying components through normal channels. Instead of hoping that Deal Keeper will delete itself upon request, using professional anti-adware tools can provide all-inclusive software removal that also should restore your browser's behavior to normal. Deal Keeper primarily is confirmed for Windows browsers, with multiple brands strongly estimated to be affected by current versions of this adware.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:system32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w64.sys
File name: {55dce8ba-9dec-4013-937e-adbf9317d990}w64.sysSize: 48.78 KB (48784 bytes)
MD5: df715cb572378a993668026621282fab
Detection count: 48
File type: System file
Mime Type: unknown/sys
Path: system32\drivers
Group: Malware file
Last Updated: September 29, 2014
system32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w64.sys
File name: {55dce8ba-9dec-4013-937e-adbf9317d990}w64.sysSize: 61.07 KB (61072 bytes)
MD5: 5eb81e620027c97394b1a2cf1c00c0c9
Detection count: 7
File type: System file
Mime Type: unknown/sys
Path: system32\drivers
Group: Malware file
Last Updated: September 29, 2014
system32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w64.sys
File name: {55dce8ba-9dec-4013-937e-adbf9317d990}w64.sysSize: 48.78 KB (48784 bytes)
MD5: e28a89d82006bc1a0a81d20c16e9518d
Detection count: 7
File type: System file
Mime Type: unknown/sys
Path: system32\drivers
Group: Malware file
Last Updated: September 29, 2014
system32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w64.sys
File name: {55dce8ba-9dec-4013-937e-adbf9317d990}w64.sysSize: 48.78 KB (48784 bytes)
MD5: d695bdb7b1d4746b696232533791a75b
Detection count: 5
File type: System file
Mime Type: unknown/sys
Path: system32\drivers
Group: Malware file
Last Updated: September 29, 2014
Registry Modifications
CLSID{0B645528-4337-4580-8C82-8686D3B8A8B2}{17E7D28C-6BBC-4411-83BE-730663C0E130}{1ec8187a-6435-44e3-bbe4-6ce6d3c69254}{3D62014A-A3A3-45C4-AAD8-754A3B854048}{66c4d8f8-66d0-4eca-8946-d0f47b781e94}{BA0AB49B-34A1-4C36-BB3B-E6F458974507}{CBC803E3-0620-4BD1-9994-FFE9EDBFCEED}{cdcb9930-a7f0-4aa9-8004-94481380a3df}{EF1E31FC-BB9B-4698-BF93-BC5A1035B8B6}HKEY..\..\..\..{RegistryKeys}Software\Deal KeeperSoftware\Microsoft\Internet Explorer\Approved Extensions\{1EC8187A-6435-44E3-BBE4-6CE6D3C69254}Software\Microsoft\Internet Explorer\Approved Extensions\{66c4d8f8-66d0-4eca-8946-d0f47b781e94}Software\Microsoft\Internet Explorer\Approved Extensions\{CDCB9930-A7F0-4AA9-8004-94481380A3DF}SOFTWARE\Microsoft\Tracing\DealKeeper_RASAPI32SOFTWARE\Microsoft\Tracing\DealKeeper_RASMANCSSOFTWARE\Microsoft\Tracing\updateDealKeeper_RASAPI32SOFTWARE\Microsoft\Tracing\updateDealKeeper_RASMANCSSOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{1ec8187a-6435-44e3-bbe4-6ce6d3c69254}SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{66c4d8f8-66d0-4eca-8946-d0f47b781e94}Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1EC8187A-6435-44E3-BBE4-6CE6D3C69254}Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{66c4d8f8-66d0-4eca-8946-d0f47b781e94}Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CDCB9930-A7F0-4AA9-8004-94481380A3DF}Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1EC8187A-6435-44E3-BBE4-6CE6D3C69254}Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{66c4d8f8-66d0-4eca-8946-d0f47b781e94}Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CDCB9930-A7F0-4AA9-8004-94481380A3DF}Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1ec8187a-6435-44e3-bbe4-6ce6d3c69254}SOFTWARE\Wow6432Node\Deal KeeperSOFTWARE\Wow6432Node\Microsoft\Tracing\DealKeeper_RASAPI32SOFTWARE\Wow6432Node\Microsoft\Tracing\DealKeeper_RASMANCSSOFTWARE\Wow6432Node\Microsoft\Tracing\updateDealKeeper_RASAPI32SOFTWARE\Wow6432Node\Microsoft\Tracing\updateDealKeeper_RASMANCSSOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{1ec8187a-6435-44e3-bbe4-6ce6d3c69254}SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{66c4d8f8-66d0-4eca-8946-d0f47b781e94}SYSTEM\ControlSet001\services\eventlog\Application\Update Deal KeeperSYSTEM\ControlSet001\services\eventlog\Application\Util Deal KeeperSYSTEM\ControlSet001\services\Update Deal KeeperSYSTEM\ControlSet001\services\Util Deal KeeperSYSTEM\CurrentControlSet\services\eventlog\Application\Update Deal KeeperSYSTEM\CurrentControlSet\services\eventlog\Application\Util Deal KeeperSYSTEM\CurrentControlSet\services\Update Deal KeeperSYSTEM\CurrentControlSet\services\Util Deal KeeperHKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}Deal Keeper
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.