Adware.Saveshare
Posted: August 8, 2013
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Ranking: | 13,337 |
---|---|
Threat Level: | 2/10 |
Infected PCs: | 6,794 |
First Seen: | August 8, 2013 |
---|---|
Last Seen: | October 13, 2023 |
OS(es) Affected: | Windows |
SaveShare is adware that usually is bundled with compromised installers for legitimate freeware programs. After infecting your PC through such dishonest methods, SaveShare will display advertisements in your browser – particularly whenever you visit popular pages like Facebook or Youtube, although SaveShare's advertisements are not limited to these sites. Although SaveShare is only a low-level PC threat that should be considered a very minor danger to your PC, SpywareRemove.com malware experts still suggest deleting SaveShare, like any adware, through appropriate anti-malware solutions that can preserve the integrity of your Web-browsing experience.
SaveShare: Sharing All the Advertisements You Don't Want
SaveShare (or Adware.Saveshare), which should not be confused with the game savefile-sharing Android app of the same name, is an adware program designed to display advertisements. SpywareRemove.com malware researchers have noted two distinct methods of advertisement delivery implemented by SaveShare as explained below:
- SaveShare will display graphical advertisements on major media and social networking websites. These advertisements appear regardless of what your advertisement-filtering settings may happen to be.
- SaveShare also injects hyperlink-based advertisements into the text content of other sites. For example, the word 'eggs' in an article may provide a link to a grocery site promoted by SaveShare. These attacks can occur on essentially any site that has text-based content.
As a silver lining to these non-consensual advertisements, SpywareRemove.com malware researchers were glad to note that SaveShare does, at least, clearly mark its advertisements so that they can be distinguished from your normal website content.
Saving Your Eyes the Trouble of Surveying SaveShare Advertisements
Like adware of any stripe, SaveShare isn't beneficial to your PC and should be removed as a general rule of thumb for keeping your browser's performance and security at optimal levels. SpywareRemove.com malware experts recommend using anti-malware software for deleting SaveShare and similar adware – particularly since SaveShare sometimes uses some non-consensual installation methods that also may install other PC threats.
SaveShare has been known to install itself to more than one browser at a time. Unlike a legitimate browser add-on, SaveShare's modifications don't include visible components (such as a toolbar) that would allow you to find and delete the source of your SaveShare advertisements with a minimum of difficulty. Other than its advertisements, there are no discreet symptoms of a SaveShare infection.
SaveShare sometimes is installed through compromised packages for other programs such as Daemon Tools Lite. These installers should be avoided in favor of official installers that don't include unwanted 'additions' like SaveShare or other adware. SpywareRemove.com malware experts also urge you to pay careful attention to any browser-changing options presented while you're installing any new application since such options often are vehicles for SaveShare and other low-level PC threats.
Aliases
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:C:\Users\<username>\AppData\Local\Temp\00294823\EJa.exe
File name: EJa.exeSize: 342.01 KB (342016 bytes)
MD5: 8300c91b40229b42301aebc6d8859907
Detection count: 230
File type: Executable File
Mime Type: unknown/exe
Path: C:\Users\<username>\AppData\Local\Temp\00294823\EJa.exe
Group: Malware file
Last Updated: May 20, 2023
C:\ProgramData\Downnluoadi keEaper\ttWl.dll
File name: ttWl.dllSize: 227.32 KB (227328 bytes)
MD5: e9b27306a18f18b88945cdf066de2fc9
Detection count: 108
File type: Dynamic link library
Mime Type: unknown/dll
Path: C:\ProgramData\Downnluoadi keEaper\ttWl.dll
Group: Malware file
Last Updated: May 20, 2023
Registry Modifications
HKEY..\..\..\..{RegistryKeys}SOFTWARE\Classes\saveenshare.saveenshareSOFTWARE\Classes\saveenshare.saveenshare.5.10SOFTWARE\Classes\saVensshare.saVensshareSOFTWARE\Classes\saVensshare.saVensshare.5.10Software\Microsoft\Internet Explorer\Approved Extensions\{5B5E60F5-7778-D8BF-4529-4EC3D2069A6A}SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1993DC35-823E-1989-1DC7-3924AAF12C42}SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{3C081C04-E1A7-BE90-9F9A-9B5C41C054EC}SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{5B5E60F5-7778-D8BF-4529-4EC3D2069A6A}HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}SP_703c874a{62D82EC1-0D3A-DF54-8E3E-07E1337A5311}
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.