Landing.savetubevideo.com

Posted: March 1, 2012

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	6/10
Infected PCs:	44

First Seen:	May 17, 2011
OS(es) Affected:	Windows

Landing.savetubevideo.com is a website that offers a utility for copying and saving videos from the ever-popular YouTube, but behind this innocent utility can lie a rather undesirable 'extra' feature: the fact that Landing.savetubevideo.com's program comes with its own browser hijacker. Savetubevideo-based browser hijackers have been noted to trigger off of various circumstances, but will always redirect your browser to Landing.savetubevideo.com, and can't be removed by uninstalling the original Savetubevideo software via normal means. SpywareRemove.com malware research team recommends that you delete these remnants of a Savetubevideo installation by using an anti-malware scanner to complete expunge all traces of Landing.savetubevideo.com-affiliated threats from your computer, since competent anti-malware software should be able to delete the relevant software as well as undo its setting changes that cause the browser redirects in the first place.

How Landing.savetubevideo.com Saves Itself to Your Browser Whether You Want It or Not

Youtube-related utility sites like Landing.savetubevideo.com are quite common, but Landing.savetubevideo.com sets itself apart by including malicious software in its product. Although Landing.savetubevideo.com's Savetubevideo program may work as advertised, its drawbacks force you to pay a high price for its features. Symptoms of attack by Landing.savetubevideo.com-related software can include:

Redirects to Landing.savetubevideo.com when you click a link to a different website.
Redirects to Landing.savetubevideo.com when you try to use well known search engines like MSN, Google, Bing or Yahoo Search.
Having your web browser's homepage locked to Landing.savetubevideo.com.

These attacks can affect all types of web browsers, from Chrome to Internet Explorer, and will continue even if you uninstall Savetubevideo. You should never attempt to stop Landing.savetubevideo.com redirects or browser hijacks by deleting your web browser, changing your web-surfing behavior or changing your browser's settings.

Keeping Your PC Out of the Landing.savetubevideo.com Loop

Although Landing.savetubevideo.com's unique software has been confirmed for its malicious nature, Landing.savetubevideo.com hasn't been shown to use drive-by-download attacks to distribute its product. Therefore, as long as you avoid downloading and installing Savetubevideo, even visiting Landing.savetubevideo.com may be safe for your PC; however, if you do make the mistake of trusting Landing.savetubevideo.com's software, you can expect your PC to undergo undesirable settings changes that should be undone by appropriate security software.

Ordinarily, a system scan that's conducted in Safe Mode should be sufficient to remove all components of a Savetubevideo installation, including the settings changes that are responsible for Landing.savetubevideo.com redirects. Safe Mode is accessible on Windows computers by tapping F8 during the boot up process, as long as Windows hasn't begun to load. After accessing the relevant menu, you may choose Safe Mode with or without the 'Networking' option, depending on whether or not you require Internet access during your scan (for example, to update your anti-malware software, as SpywareRemove.com malware research team generally recommends).

Aliases

BackDoor.Generic14.AFUT [AVG]BDS/Rewdulon.A.108 [AntiVir]Trojan.Gen.2 [Symantec]Generic BackDoor!dlh [McAfee]VB.BWGB [AVG]Trojan.VB [Ikarus]BDS/Rewdulon.A.56 [AntiVir]Trojan.Click2.13643 [DrWeb]Trojan.Win32.Genome.aexut [Kaspersky]probably a variant of Win32/Agent.MTFAUGV [NOD32]Generic.grp!ga [McAfee]Proxy.ASUW [AVG]W32/ScrCpt!tr [Fortinet]Trojan-Proxy.Win32.VB [Ikarus]Trojan/Win32.Winspy [AhnLab-V3]
More aliases (116)

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

%ALLUSERSPROFILE%\api-ms-win-core-io-l1-1-032.dll

File name: api-ms-win-core-io-l1-1-032.dll
Size: 249.85 KB (249856 bytes)
MD5: 47a5084474c14bb8798c027780bf501d
Detection count: 82
File type: Dynamic link library
Mime Type: unknown/dll
Path: %ALLUSERSPROFILE%
Group: Malware file
Last Updated: May 20, 2011

%PROGRAMFILES(x86)%\VGARaideon\iexplore.exe

File name: iexplore.exe
Size: 5.53 MB (5533696 bytes)
MD5: 45d70f0d2b91fe0e32f8555993ab8b25
Detection count: 66
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES(x86)%\VGARaideon
Group: Malware file
Last Updated: March 2, 2012

%PROGRAMFILES%\ASPNet\RDS.exe

File name: RDS.exe
Size: 180.22 KB (180224 bytes)
MD5: 59c06cf01a433182e4b1b68ae3fd8687
Detection count: 60
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES%\ASPNet
Group: Malware file
Last Updated: May 17, 2011

%WINDIR%\system32\mspnp24df.exe

File name: mspnp24df.exe
Size: 293.24 KB (293244 bytes)
MD5: 9b5d976c249ca9ae7ecbb510f07bd513
Detection count: 55
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system32
Group: Malware file
Last Updated: May 20, 2011

C:\winxnet.bin\winxnet.bin.exe

File name: winxnet.bin.exe
Size: 189.44 KB (189440 bytes)
MD5: eec026a81727919d5839b7a4d05b0297
Detection count: 50
File type: Executable File
Mime Type: unknown/exe
Path: C:\winxnet.bin
Group: Malware file
Last Updated: May 24, 2011

%PROGRAMFILES(x86)%\ASPCom\RDS.exe

File name: RDS.exe
Size: 180.22 KB (180224 bytes)
MD5: d069f0f978b60ba08338d7efca0827fb
Detection count: 31
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES(x86)%\ASPCom
Group: Malware file
Last Updated: February 22, 2013

%WINDIR%\svlhostc.exe

File name: svlhostc.exe
Size: 73.72 KB (73728 bytes)
MD5: 2170d21f7185d30eff693427e6a672d6
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%
Group: Malware file
Last Updated: May 20, 2011

%PROGRAMFILES%\MSAntiMalware\iexplorer.exe

File name: iexplorer.exe
Size: 4.31 MB (4317184 bytes)
MD5: c49d16cfa78435d29598b7aa0ecfd7c9
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES%\MSAntiMalware
Group: Malware file
Last Updated: June 21, 2011

%ALLUSERSPROFILE%\Application Data\nvvsvc.exe

File name: nvvsvc.exe
Size: 74.24 KB (74240 bytes)
MD5: c01274d75e9f385e33b3294f163eac73
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Application Data
Group: Malware file
Last Updated: May 23, 2011