BestSaveForYou

Posted: February 11, 2014

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Ranking:	13,367
Threat Level:	2/10
Infected PCs:	5,740

First Seen:	February 11, 2014
Last Seen:	October 7, 2023
OS(es) Affected:	Windows

BestSaveForYou, AKA BestSaVEfoRyOU, is a recently-detected adware program that may be installed automatically and includes online advertising features with few advantages for your browser. At the moment, malware researchers don't classify BestSaveForYou as a threat, but they also have noted that BestSaveForYou displays 'features' related to blocking any deletion efforts that may indicate that BestSaveForYou also may include some genuinely threatening functions. Removing BestSaveForYou with the least frustration requires anti-malware and anti-adware products that are well-used for uninstalling similar add-ons without needing their consent to cure your browser.

Why You can Do Better Than BestSaveForYou

BestSaveForYou is one of the recent spate of adware toolbars that are targeting Chrome, including others such as ExstraCoupon, Shopdruopp, DiscouNNtExtensi 7.2 and RoboSavEr. Due to the predictable evasiveness of their developers, malware researchers have been unable to confirm whether or not these adware programs are variants of each other, although much of the circumstantial evidence points in favor of this assumption. BestSaveForYou and all of the above adware programs have been found using suspicious distribution models that involve installing them automatically. Common carriers of BestSaveForYou bundles may include fake or compromised media players, along with plugins related to streaming media.

BestSaveForYou, like other shopping add-ons, provides advertisements that BestSaveForYou claims are beneficial to your online shopping experience by offering coupons, special discounts and similar perks. In reality, malware experts found few advantages from BestSaveForYou's advertisements. Like most other advertisements that are placed into your browser by force, BestSaveForYou advertisements also may be security risks that expose you to unsafe content. However, even at their best, BestSaveForYou advertisements may harm your Web-browsing performance and enjoyment – without giving you any say in the matter.

Saving Your Browser from BestSaveForYou

BestSaveForYou has shown several aspects in common with the other adware programs mentioned in this article. From the eyes of malware researchers, the most important of these aspects is BestSaveForYou's attempt to block you from deleting BestSaveForYou. This is a common sign of threats, and while BestSaveForYou may not be designed to attack your computer, the fact that BestSaveForYou prevents you from choosing what's installed on it is an inexcusable security breach.

Chrome users (or other browser users, in the event that BestSaveForYou expands its compatibility in the future) will want to use anti-malware software to uninstall BestSaveForYou from their browsers with no unneeded problems. Trying to remove BestSaveForYou through the Control Panel or Chrome's Extensions Settings will cause an incomplete deletion that lets BestSaveForYou reinstall itself immediately. Even though avoiding BestSaveForYou by changing browsers is possible, it's not recommended, due to the inherent security problems that BestSaveForYou may cause while BestSaveForYou is installed on your PC.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

%ALLUSERSPROFILE%\BesTSaVeForYoUo\4qHcewA.x64.dll

File name: 4qHcewA.x64.dll
Size: 476.16 KB (476160 bytes)
MD5: b08530129f96b8ba663814ebc53ec1fd
Detection count: 81
File type: Dynamic link library
Mime Type: unknown/dll
Path: %ALLUSERSPROFILE%\BesTSaVeForYoUo
Group: Malware file
Last Updated: May 28, 2014

%ALLUSERSPROFILE%\BBestSaVeFoRiYou\Irk.x64.dll

File name: Irk.x64.dll
Size: 476.16 KB (476160 bytes)
MD5: 46d8c48ec5788dcb2d06add84bf03105
Detection count: 76
File type: Dynamic link library
Mime Type: unknown/dll
Path: %ALLUSERSPROFILE%\BBestSaVeFoRiYou
Group: Malware file
Last Updated: May 28, 2014

%ALLUSERSPROFILE%\BeStSaveForYou\BAIYb.dll

File name: BAIYb.dll
Size: 425.98 KB (425984 bytes)
MD5: 6b9e9b762e45d44ac07c900cf56e08d9
Detection count: 75
File type: Dynamic link library
Mime Type: unknown/dll
Path: %ALLUSERSPROFILE%\BeStSaveForYou
Group: Malware file
Last Updated: May 28, 2014

%ALLUSERSPROFILE%\BesTTSSAveForYOu\LG_5u.dll

File name: LG_5u.dll
Size: 425.98 KB (425984 bytes)
MD5: 0b0ebb6acacdae8a1fdc66d565f4c733
Detection count: 72
File type: Dynamic link library
Mime Type: unknown/dll
Path: %ALLUSERSPROFILE%\BesTTSSAveForYOu
Group: Malware file
Last Updated: May 28, 2014

%ALLUSERSPROFILE%\Data aplikac?\BestSSAvEForYou\7P9DDWrt.dll

File name: 7P9DDWrt.dll
Size: 426.49 KB (426496 bytes)
MD5: 73425f8b71b7462bd45db5c1dd233fcb
Detection count: 65
File type: Dynamic link library
Mime Type: unknown/dll
Path: %ALLUSERSPROFILE%\Data aplikac?\BestSSAvEForYou
Group: Malware file
Last Updated: May 28, 2014

%ALLUSERSPROFILE%\BestSaveForYou\Kp6RF10MO.x64.dll

File name: Kp6RF10MO.x64.dll
Size: 475.64 KB (475648 bytes)
MD5: 12ee6442f75bdd57b71c367817b07303
Detection count: 65
File type: Dynamic link library
Mime Type: unknown/dll
Path: %ALLUSERSPROFILE%\BestSaveForYou
Group: Malware file
Last Updated: May 28, 2014

%ALLUSERSPROFILE%\BeStSaveForYou\vvUtEZ.x64.dll

File name: vvUtEZ.x64.dll
Size: 473.6 KB (473600 bytes)
MD5: 5a079b073e33e3e443ffcc23fcbebc45
Detection count: 50
File type: Dynamic link library
Mime Type: unknown/dll
Path: %ALLUSERSPROFILE%\BeStSaveForYou
Group: Malware file
Last Updated: May 28, 2014

%ALLUSERSPROFILE%\Dati applicazioni\BeStSaveForYou\Om1P.dll

File name: Om1P.dll
Size: 422.91 KB (422912 bytes)
MD5: a09a14fa85e32707bd133e63f4dfd7f7
Detection count: 46
File type: Dynamic link library
Mime Type: unknown/dll
Path: %ALLUSERSPROFILE%\Dati applicazioni\BeStSaveForYou
Group: Malware file
Last Updated: May 28, 2014

%ALLUSERSPROFILE%\BesTSavEForiYOou\TofBf.x64.dll

File name: TofBf.x64.dll
Size: 471.55 KB (471552 bytes)
MD5: b0e49f8cc91cdab62ad1f5d0aec601a4
Detection count: 42
File type: Dynamic link library
Mime Type: unknown/dll
Path: %ALLUSERSPROFILE%\BesTSavEForiYOou
Group: Malware file
Last Updated: May 28, 2014

%ALLUSERSPROFILE%\BestSaveFoorYOu\on.dll

File name: on.dll
Size: 426.49 KB (426496 bytes)
MD5: f529713b2917a1a1bbf3436808f87aa4
Detection count: 24
File type: Dynamic link library
Mime Type: unknown/dll
Path: %ALLUSERSPROFILE%\BestSaveFoorYOu
Group: Malware file
Last Updated: May 28, 2014

%ALLUSERSPROFILE%\BestSaVeForrYYou\pb.x64.dll

File name: pb.x64.dll
Size: 473.6 KB (473600 bytes)
MD5: b8d42b5a15947bb37ef341d065e67145
Detection count: 23
File type: Dynamic link library
Mime Type: unknown/dll
Path: %ALLUSERSPROFILE%\BestSaVeForrYYou
Group: Malware file
Last Updated: May 28, 2014

%ALLUSERSPROFILE%\BesTSaveForYYou\k0QLkbhDZB.x64.dll

File name: k0QLkbhDZB.x64.dll
Size: 473.08 KB (473088 bytes)
MD5: 624f46bde7c1a8a774349046e5083d78
Detection count: 15
File type: Dynamic link library
Mime Type: unknown/dll
Path: %ALLUSERSPROFILE%\BesTSaveForYYou
Group: Malware file
Last Updated: May 28, 2014

%ALLUSERSPROFILE%\BBestSAveForYYOU\ETbH.dll

File name: ETbH.dll
Size: 427 KB (427008 bytes)
MD5: 455167bf80ee17806e35c4abf095b63c
Detection count: 5
File type: Dynamic link library
Mime Type: unknown/dll
Path: %ALLUSERSPROFILE%\BBestSAveForYYOU
Group: Malware file
Last Updated: May 28, 2014

%ALLUSERSPROFILE%\Application Data\BEstSaveFOrYou\I_gs.dll

File name: I_gs.dll
Size: 424.96 KB (424960 bytes)
MD5: e227416ebd493d004624930fb986326f
Detection count: 5
File type: Dynamic link library
Mime Type: unknown/dll
Path: %ALLUSERSPROFILE%\Application Data\BEstSaveFOrYou
Group: Malware file
Last Updated: May 28, 2014

%ALLUSERSPROFILE%\BestSaveForYoiu\jyFBswCqT.dll

File name: jyFBswCqT.dll
Size: 424.44 KB (424448 bytes)
MD5: 2fec0dc441ea1cb6a31a6ed2442420db
Detection count: 5
File type: Dynamic link library
Mime Type: unknown/dll
Path: %ALLUSERSPROFILE%\BestSaveForYoiu
Group: Malware file
Last Updated: May 28, 2014

%ALLUSERSPROFILE%\BestSaveFoorYou\m.x64.dll

File name: m.x64.dll
Size: 474.62 KB (474624 bytes)
MD5: 97d950617123243592d6a9d4f50f6660
Detection count: 0
File type: Dynamic link library
Mime Type: unknown/dll
Path: %ALLUSERSPROFILE%\BestSaveFoorYou
Group: Malware file
Last Updated: May 28, 2014

More files

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\..\..{RegistryKeys}SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{04D3C48A-A66B-8A5D-7B95-EF87E32A9B1B}

Additional Information

The following directories were created:

%ALLUSERSPROFILE%\Application Data\BestSaveForYou%ALLUSERSPROFILE%\BestSaveForYou%PROGRAMFILES%\BestSaveForYou%PROGRAMFILES(x86)%\BestSaveForYou

The following URL's were detected:

BestSaveFSaveForYou