SaveShare

By Domesticus in Adware

Threat Scorecard

Ranking: 11,358
Threat Level: 20 % (Normal)
Infected Computers: 2,899
First Seen: August 8, 2013
Last Seen: August 5, 2023
OS(es) Affected: Windows

SaveShare is an adware application that shows a variety of irritating pop-up advertisements on the compromised PC while the target Internet user is surfing the Internet. SaveShare can access Internet Explorer, Mozilla Firefox and Google Chrome Internet browsers. When SaveShare corrupts the contaminated computer system, it will show random pop-up advertisements while the PC user is surfing mostly shopping websites, such as Amazon, eBay or some other well-known websites, such as Facebook, Youtube, and other. If the victimized PC user clicks on these pop-up advertisements, he/she will be rerouted to some unidentified advertisement websites. The main goal of SaveShare is to raise traffic of these doubtful advertisement websites. Saveshare penetrates into corrupted PCs packaged with other applications. Computer users can evade this if they are attentive enough while installing other applications and unmarking all options to install extra unidentified tools. However, many computer users often skip the steps of installation simply because of a rush. SaveShare can grab information about the victimized PC user's browsing habits. SaveShare can then transmit this data to the third parties and use it for a variety of marketing associated aims.

Aliases

4 security vendors flagged this file as malicious.

Anti-Virus Software Detection
AVG Generic5.AFXS
Comodo ApplicUnwnt
Avast Win32:BHO-AML [Spy]
McAfee Artemis!E9B27306A18F

SpyHunter Detects & Remove SaveShare

File System Details

SaveShare may create the following file(s):
# File Name MD5 Detections
1. EJa.exe 8300c91b40229b42301aebc6d8859907 98
2. ttWl.dll e9b27306a18f18b88945cdf066de2fc9 46

Registry Details

SaveShare may create the following registry entry or registry entries:
SOFTWARE\Classes\saveenshare.saveenshare
SOFTWARE\Classes\saveenshare.saveenshare.5.10
SOFTWARE\Classes\saVensshare.saVensshare
SOFTWARE\Classes\saVensshare.saVensshare.5.10
Software\Microsoft\Internet Explorer\Approved Extensions\{5B5E60F5-7778-D8BF-4529-4EC3D2069A6A}
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1993DC35-823E-1989-1DC7-3924AAF12C42}
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{3C081C04-E1A7-BE90-9F9A-9B5C41C054EC}
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{5B5E60F5-7778-D8BF-4529-4EC3D2069A6A}

Directories

SaveShare may create the following directory or directories:

%ALLUSERSPROFILE%\Application Data\saveeNshare
%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\sauveeNshiare
%ALLUSERSPROFILE%\sAveenshare!
%ALLUSERSPROFILE%\saevenshAre
%ALLUSERSPROFILE%\sauveeNshiare
%ALLUSERSPROFILE%\saveNsshare
%ALLUSERSPROFILE%\saveaNshare
%ALLUSERSPROFILE%\saveanShaare
%ALLUSERSPROFILE%\saveeNshare
%ALLUSERSPROFILE%\savensharre
%AllUsersProfile%\Application Data\savenshare
%AllUsersProfile%\SavennsHaRe
%AllUsersProfile%\saVenshaare!
%AllUsersProfile%\savenshare
%AppData%\sauveeNshiare
%ProgramFiles%\Saveshare
%ProgramFiles(x86)%\Saveshare
%USERPROFILE%\AppData\LocalLow\sauveeNshiare
%USERPROFILE%\AppData\LocalLow\savensharre

URLs

SaveShare may call the following URLs:

savensharre

Related Posts

Trending

Most Viewed

Loading...