Adware.Saveshare

Posted: August 8, 2013

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Ranking:	13,337
Threat Level:	2/10
Infected PCs:	6,794

First Seen:	August 8, 2013
Last Seen:	October 13, 2023
OS(es) Affected:	Windows

SaveShare is adware that usually is bundled with compromised installers for legitimate freeware programs. After infecting your PC through such dishonest methods, SaveShare will display advertisements in your browser – particularly whenever you visit popular pages like Facebook or Youtube, although SaveShare's advertisements are not limited to these sites. Although SaveShare is only a low-level PC threat that should be considered a very minor danger to your PC, SpywareRemove.com malware experts still suggest deleting SaveShare, like any adware, through appropriate anti-malware solutions that can preserve the integrity of your Web-browsing experience.

SaveShare: Sharing All the Advertisements You Don't Want

SaveShare (or Adware.Saveshare), which should not be confused with the game savefile-sharing Android app of the same name, is an adware program designed to display advertisements. SpywareRemove.com malware researchers have noted two distinct methods of advertisement delivery implemented by SaveShare as explained below:

SaveShare will display graphical advertisements on major media and social networking websites. These advertisements appear regardless of what your advertisement-filtering settings may happen to be.
SaveShare also injects hyperlink-based advertisements into the text content of other sites. For example, the word 'eggs' in an article may provide a link to a grocery site promoted by SaveShare. These attacks can occur on essentially any site that has text-based content.

As a silver lining to these non-consensual advertisements, SpywareRemove.com malware researchers were glad to note that SaveShare does, at least, clearly mark its advertisements so that they can be distinguished from your normal website content.

Saving Your Eyes the Trouble of Surveying SaveShare Advertisements

Like adware of any stripe, SaveShare isn't beneficial to your PC and should be removed as a general rule of thumb for keeping your browser's performance and security at optimal levels. SpywareRemove.com malware experts recommend using anti-malware software for deleting SaveShare and similar adware – particularly since SaveShare sometimes uses some non-consensual installation methods that also may install other PC threats.

SaveShare has been known to install itself to more than one browser at a time. Unlike a legitimate browser add-on, SaveShare's modifications don't include visible components (such as a toolbar) that would allow you to find and delete the source of your SaveShare advertisements with a minimum of difficulty. Other than its advertisements, there are no discreet symptoms of a SaveShare infection.

SaveShare sometimes is installed through compromised packages for other programs such as Daemon Tools Lite. These installers should be avoided in favor of official installers that don't include unwanted 'additions' like SaveShare or other adware. SpywareRemove.com malware experts also urge you to pay careful attention to any browser-changing options presented while you're installing any new application since such options often are vehicles for SaveShare and other low-level PC threats.

Aliases

Generic5.AFXS [AVG]ApplicUnwnt [Comodo]Win32:BHO-AML [Spy] [Avast]Artemis!E9B27306A18F [McAfee]

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

C:\Users\<username>\AppData\Local\Temp\00294823\EJa.exe

File name: EJa.exe
Size: 342.01 KB (342016 bytes)
MD5: 8300c91b40229b42301aebc6d8859907
Detection count: 230
File type: Executable File
Mime Type: unknown/exe
Path: C:\Users\<username>\AppData\Local\Temp\00294823\EJa.exe
Group: Malware file
Last Updated: May 20, 2023

C:\ProgramData\Downnluoadi keEaper\ttWl.dll

File name: ttWl.dll
Size: 227.32 KB (227328 bytes)
MD5: e9b27306a18f18b88945cdf066de2fc9
Detection count: 108
File type: Dynamic link library
Mime Type: unknown/dll
Path: C:\ProgramData\Downnluoadi keEaper\ttWl.dll
Group: Malware file
Last Updated: May 20, 2023

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\..\..{RegistryKeys}SOFTWARE\Classes\saveenshare.saveenshareSOFTWARE\Classes\saveenshare.saveenshare.5.10SOFTWARE\Classes\saVensshare.saVensshareSOFTWARE\Classes\saVensshare.saVensshare.5.10Software\Microsoft\Internet Explorer\Approved Extensions\{5B5E60F5-7778-D8BF-4529-4EC3D2069A6A}SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1993DC35-823E-1989-1DC7-3924AAF12C42}SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{3C081C04-E1A7-BE90-9F9A-9B5C41C054EC}SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{5B5E60F5-7778-D8BF-4529-4EC3D2069A6A}HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}SP_703c874a{62D82EC1-0D3A-DF54-8E3E-07E1337A5311}

Additional Information

The following directories were created:

%ALLUSERSPROFILE%\Application Data\saveeNshare%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\sauveeNshiare%ALLUSERSPROFILE%\sAveenshare!%ALLUSERSPROFILE%\saevenshAre%ALLUSERSPROFILE%\sauveeNshiare%ALLUSERSPROFILE%\saveNsshare%ALLUSERSPROFILE%\saveaNshare%ALLUSERSPROFILE%\saveanShaare%ALLUSERSPROFILE%\saveeNshare%ALLUSERSPROFILE%\savensharre%AllUsersProfile%\Application Data\savenshare%AllUsersProfile%\SavennsHaRe%AllUsersProfile%\saVenshaare!%AllUsersProfile%\savenshare%AppData%\sauveeNshiare%ProgramFiles%\Saveshare%ProgramFiles(x86)%\Saveshare%USERPROFILE%\AppData\LocalLow\sauveeNshiare%USERPROFILE%\AppData\LocalLow\savensharre

The following URL's were detected:

savensharre