Trusted Saver

Trusted Saver Description


Trusted Saver is an adware application that displays pop-up ads and advertising banners on Amazon, Youtube, Walmart and other websites that computer user are visiting. Trusted Saver pop-up ads will be displayed as boxes, which include a variety of coupons that are available or as underlined keywords, which when clicked will show an advertisement that declares it is sent to the PC user by Trusted Saver. Trusted Saver is an extension for Internet Explorer, Mozilla Firefox and Google Chrome that is usually added when web users install another free software products, such as video recording/streaming, download-managers or PDF creators, that had packaged into their installation Trusted Saver.
DOWNLOAD NOW

» Learn more about SpyHunter's Spyware Detection Tool
and steps to uninstall SpyHunter.

When computer users install these free software products, they will also install Trusted Saver. When installed, whenever the PC user will visit Best Buy, Expedia, Facebook or any other websites, Trusted Saver will show a ‘See Similar’ button on product images, which when clicked will display pop-up ads by Trusted Saver. Trusted Saver may also show advertising banners on the websites that Internet user are visiting, and as they browse the web, it will display coupons and other deals available on a number of websites.

Trusted Saver Automatic Detection Tool (Recommended)


Is your PC infected with Trusted Saver? To safely & quickly detect Trusted Saver we highly recommend you run the malware scanner listed below.



Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

Registry Modifications

Tutorial: To edit and delete registry entries manually, read the tutorial on how to remove malicious registry entries.

Tip & Warning: Editing and removing the wrong registry keys can severely damage your PC, so remember to backup your Windows Registry! To optimize your Windows Registry and speed up your PC, download RegHunter's registry cleaner.
  • The following newly produced Registry Values are:
    HKEY..\..\..\..{RegistryKeys}CrossriderApp0035654.BHOCrossriderApp0035654.BHO.1CrossriderApp0035654.SandboxCrossriderApp0035654.Sandbox.1Software\AppDataLow\Software\Crossrider\onBeforeNavigate, value: 35654Software\AppDataLow\Software\Crossrider\onRequest, value: 35654Software\AppDataLow\Software\Trusted Saver GenericSOFTWARE\Classes\CrossriderApp0035654.SandboxSOFTWARE\Classes\CrossriderApp0035654.Sandbox.1Software\InstalledBrowserExtensions\Trusted SaverSoftware\Microsoft\Internet Explorer\Approved Extensions, value: {11111111-1111-1111-1111-110311561154}SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{92e2b0a3-c38c-464c-8b51-014fdf8d68f3}SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9d1f263e-94fd-4949-887a-da7c3bb387d4}SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a7300f71-a6fa-4c49-b004-8322f1ee9408}SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ef266106-5c30-430e-ab62-d4e271110db8}SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f369e50d-86b2-4c3a-97a1-064bd655a742}SOFTWARE\Microsoft\Tracing\Trusted Saver Generic-codedownloader_RASMANCSSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{16A7DE6C-152E-44ED-834C-1F5D53847080}SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{306084AD-05FB-4036-A704-8D4FFC08666A}SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5A3DA60B-2517-4F5A-9F16-6203620C2C4F}SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5C08221F-5ED2-4148-90EE-F83D9A56F46C}SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A5425D96-9D7C-4B9A-9306-DB581A114FC1}SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AC962B53-F298-43FE-B04A-8F9C93E636F8}SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BF785857-03E7-43E3-965F-6A339E74311D}SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C6E56C10-BB6A-462A-9BD8-ED669AABA4D6}SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EA2844DD-A758-4CCA-95AE-516D30EB10B9}SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{306084AD-05FB-4036-A704-8D4FFC08666A}SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5425D96-9D7C-4B9A-9306-DB581A114FC1}SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF785857-03E7-43E3-965F-6A339E74311D}SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6E56C10-BB6A-462A-9BD8-ED669AABA4D6}SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA2844DD-A758-4CCA-95AE-516D30EB10B9}SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Trusted Saver Generic-chromeinstallerSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Trusted Saver Generic-updaterSOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311561154}SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311561154}SOFTWARE\Trusted Saver GenericSOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{92e2b0a3-c38c-464c-8b51-014fdf8d68f3}SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9d1f263e-94fd-4949-887a-da7c3bb387d4}SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a7300f71-a6fa-4c49-b004-8322f1ee9408}SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION, value: Trusted Saver Generic-bg.exeSOFTWARE\Wow6432Node\Microsoft\Tracing\35654-internal-installer_RASMANCSSOFTWARE\Wow6432Node\Microsoft\Tracing\trusted saver generic-bg_RASAPI32SOFTWARE\Wow6432Node\Microsoft\Tracing\Trusted Saver Generic-codedownloader_RASAPI32SOFTWARE\Wow6432Node\Microsoft\Tracing\Trusted Saver Generic-codedownloader_RASMANCSSOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311561154}SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311561154}SOFTWARE\Wow6432Node\Trusted Saver GenericHKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}Trusted Saver Generic
  • The following CLSID's were detected:
    HKEY..\..\{CLSID Path} {11111111-1111-1111-1111-110311561154}{22222222-2222-2222-2222-220322562254}{44444444-4444-4444-4444-440344564454}{66666666-6666-6666-6666-660366566654}{55555555-5555-5555-5555-550355565554}
Posted: July 12, 2013 | By
Share:
Rate this article:
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...
Threat Metric
Threat Level: 2/10
Detection Count: 53,662

Leave a Reply

What is 10 + 8 ?
Please leave these two fields as-is:
IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)