SySaver
Posted: October 18, 2013
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Ranking: | 12,349 |
---|---|
Threat Level: | 2/10 |
Infected PCs: | 2,417 |
First Seen: | October 18, 2013 |
---|---|
Last Seen: | September 10, 2023 |
OS(es) Affected: | Windows |
SySaver is an adware program that delivers 'relevant' advertisements based on your online shopping habits. Like most similar 'shopping' tools, SySaver's functions boil down to the addition of unnecessary advertisements that aren't necessarily very advantageous to you for their stated purposes, and malware experts see no reason not to remove SySaver with a decent anti-malware tool whenever its presence is noticed. This is especially true given SySaver's recent distribution models, which have exploited fraudulent Flash updates combined with software bundles that have installed over half a dozen separate Potentially Unwanted Programs along with SySaver.
How Your Flash Security Update Turns into a Bunch of Extra Advertisements
SySaver is one of the many shopping-oriented adware programs that claim to provide advertisements only that are beneficial for finding good prices on online products. While some shoppers may find SySaver's advertisements useful, malware researchers find no significant advantage from using SySaver to find prices on online products and suggest that you use more reputable utilities than SySaver for such purposes. However, SySaver only is categorized as a Potentially Unwanted Program and does not present the same kind of danger to your PC as a Trojan or other form of threats would provide.
So far, this description could just as easily be applied to many other types of adware besides SySaver. However, recent drive-by-downloads involving fraudulent Flash updates have brought a new angle to SySaver's model of online profiteering. These fake Flash updates do install a real version of the Flash Player by Adobe, but don't provide the supposed 'security update' that they claim to include. They also take the opportunity to install SySaver and many other PUPs, including Fast Free Converter, Default Tab, Bomblabio, LyricalParty, Linksicle, Iminent and SweetPacks.
Although you may deselect SySaver for installation, the fact that Flash updates typically don't install any additional programs may cause many PC users to click through the process without considering the ramifications, ultimately ending up with SySaver and a variety of other browser extensions on their computers. Malware experts also have seen similar attacks being used to deliver high-level PC threats, including fake Police Trojans, banking Trojans and rootkits.
Saving Yourself the Trouble of Dealing with SySaver's Shopping Assistance
While not a major threat to your PC's safety, SySaver and all similar adware programs usually should be removed as soon as they're seen, and they don't provide any meaningful benefits for your online shopping experience. If SySaver has been installed without your permission (particularly through the fake Flash attack noted above), you should remove SySaver through methods that take into account the potential for other PUPs and even malware also to be on your computer, along with just SySaver. Most anti-malware products should be capable of removing SySaver and any related low-level PC threats with just a direct scan of your computer.
However, PC security always starts and stops with the user. If you stick to downloading security updates from verified sources and avoid any sites that malware experts have categorized as suspicious, SySaver is unlikely to trouble your computer. In other cases, paying attention to software while you're installing it often may grant you ways to avoid installing the unwanted programs that often distribute themselves through bundles like SySaver.
Aliases
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%SYSTEMDRIVE%\Users\<username>\AppData\Local\Temp\airBA1C.exe
File name: airBA1C.exeSize: 1.49 MB (1498856 bytes)
MD5: 26ea83d5b6f38ca070cea6c2b8f5562f
Detection count: 33
File type: Executable File
Mime Type: unknown/exe
Path: %SYSTEMDRIVE%\Users\<username>\AppData\Local\Temp\airBA1C.exe
Group: Malware file
Last Updated: July 4, 2023
Setup.exe
File name: Setup.exeSize: 1.49 MB (1498888 bytes)
MD5: 66bc1844012da510fe1a433e93cffaaa
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: August 17, 2022
Registry Modifications
HKEY..\..\..\..{RegistryKeys}Software\SySaverSOFTWARE\Wow6432Node\SySaverHKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}SySaver
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.