Home Malware Programs Adware SaveOn

SaveOn

Posted: April 28, 2014

Threat Metric

Ranking: 7,041
Threat Level: 2/10
Infected PCs: 12,804
First Seen: April 28, 2014
Last Seen: October 15, 2023
OS(es) Affected: Windows


SaveOn is an adware threat that may be used to show a variety of pop-up advertisements carrying discount coupons, offers, sales and compared price deals. SaveOn may be designed to generate advertising revenue from ad clicks. SaveOn may also reroute computer users to untrustworthy websites that may be produced for advertising purposes. SaveOn may also attempt to gain benefit from raised web traffic. Upon installation on the PC, SaveOn may embed an add-on, plug-in or browser extension to Web browsers such as Google Chrome, Mozilla Firefox and Internet Explorer. SaveOn may be able to change the default Web browser settings. SaveOn may replace the default start page, search engine or a new tab window with an affiliated website.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



Saveon.exe File name: Saveon.exe
Size: 255.36 KB (255360 bytes)
MD5: 2a1ee6db21596b3f742516b0d7df2978
Detection count: 44
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 5, 2014

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\..\..{RegistryKeys}saVeSOFTWARE\Classes\eoN.SavESOFTWARE\Classes\oNSOFTWARE\Classes\on.2.14SOFTWARE\Classes\on.saave,SOFTWARE\Classes\on.saveSOFTWARE\Classes\on.save,SOFTWARE\Classes\On.saveaSOFTWARE\Classes\on.SaveeSOFTWARE\Classes\On.savveSOFTWARE\Classes\on.ssaveSOFTWARE\Classes\saave,SOFTWARE\Classes\saVeSOFTWARE\Classes\SaveeSOFTWARE\Classes\savveSOFTWARE\Classes\SSaVESOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{0DF85354-6D32-50E2-55C7-9FFA44452975}SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1290E70D-12E0-7575-4E8A-EF37E18602F7}SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{379B2DA1-1886-6FA9-0CE4-2BB08B278834}HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}{993EA8F6-6E55-7E4E-39DE-5796E3226DB9}

Additional Information

The following directories were created:
%ALLUSERSPROFILE%\Application Data\Saave on%ALLUSERSPROFILE%\Application Data\sAve On%ALLUSERSPROFILE%\Application Data\save on%ALLUSERSPROFILE%\Application Data\savve On%ALLUSERSPROFILE%\Saave on%ALLUSERSPROFILE%\Saeve On%ALLUSERSPROFILE%\sAve On%ALLUSERSPROFILE%\sAvee on%ALLUSERSPROFILE%\sAvee onn%ALLUSERSPROFILE%\saVe onn%ALLUSERSPROFILE%\saave onn%ALLUSERSPROFILE%\save on%ALLUSERSPROFILE%\savve On%ALLUSERSPROFILE%\soave onn%ALLUSERSPROFILE%\ssaave on%PROGRAMFILES%\Saave on%PROGRAMFILES%\sAve On%PROGRAMFILES%\sAvee on%PROGRAMFILES%\sAvee onn%PROGRAMFILES%\saVe onn%PROGRAMFILES%\saave onn%PROGRAMFILES%\save on%PROGRAMFILES%\savve On%PROGRAMFILES%\ssaave on%PROGRAMFILES(x86)%\Saave on%PROGRAMFILES(x86)%\Saeve On%PROGRAMFILES(x86)%\sAve On%PROGRAMFILES(x86)%\sAvee on%PROGRAMFILES(x86)%\sAvee onn%PROGRAMFILES(x86)%\saVe onn%PROGRAMFILES(x86)%\saave onn%PROGRAMFILES(x86)%\save on%PROGRAMFILES(x86)%\savve On%PROGRAMFILES(x86)%\ssaave on
The following URL's were detected:
SSaavesaave onsaave oonnsave onasave oonsavve On

Related Posts

Loading...