Adware.SavePass

By CagedTech in Adware

Threat Scorecard

Ranking:	7,287
Threat Level:	20 % (Normal)
Infected Computers:	14,049

First Seen:	May 22, 2014
Last Seen:	September 8, 2023
OS(es) Affected:	Windows

Adware.SavePass is an adware threat that may hijack the PC user's online searches by modifying search results in any genuine search provider with web-links unwillingly rerouting PC users to unreliable websites. Once installed on the computer system, Adware.SavePass may embed an unwanted plug-in, browser extension or add-on for Mozilla Firefox, Google Chrome, and Internet Explorer Web browsers when PC users install other free software. When the computer user installs any free tool, he may also install Adware.SavePass as an extra program on the computer systems. After installation, Adware.SavePass may take over the web search box on many social networking or online shopping websites and replace it with its own. Adware.SavePass may generate and display unwanted pop-up advertisements and messages and repeatedly divert computer users to questionable websites that were created to possibly boost website traffic and gain benefit from clicks on advertisements and messages.

Table of Contents

SpyHunter Detects & Remove Adware.SavePass

File System Details

Adware.SavePass may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	689e9ecb-955f-48c0-8418-965d20184ed0.exe	cea665874c59f236bea19b0eff4e7387	396
Name: 689e9ecb-955f-48c0-8418-965d20184ed0.exe MD5: cea665874c59f236bea19b0eff4e7387 Size: 333.16 KB (333160 bytes) Detections: 396 Type: Executable File Path: %PROGRAMFILES%\SavePass 1.1 Group: Malware file Last Updated: November 19, 2019
2.	a40beeff-e63f-4bf9-8c06-95fb9203203f.exe	0e95d8bc03c33316bb1cd7cba9fe3256	302
Name: a40beeff-e63f-4bf9-8c06-95fb9203203f.exe MD5: 0e95d8bc03c33316bb1cd7cba9fe3256 Size: 31.59 KB (31592 bytes) Detections: 302 Type: Executable File Path: %PROGRAMFILES%\SavePass 1.1 Group: Malware file Last Updated: November 19, 2019
3.	Uninstall.exe	df1b2ec2ff05a50db3b98c407415531b	15
Name: Uninstall.exe MD5: df1b2ec2ff05a50db3b98c407415531b Size: 79.36 KB (79360 bytes) Detections: 15 Type: Executable File Path: %PROGRAMFILES(x86)%\SavePass Group: Malware file Last Updated: January 12, 2020
4.	utils.exe	905e61b3d3f4f794f297d948ac79e532	3
Name: utils.exe MD5: 905e61b3d3f4f794f297d948ac79e532 Size: 2.38 MB (2386824 bytes) Detections: 3 Type: Executable File Group: Malware file Last Updated: July 11, 2020
5.	SavePass-nova.exe	837c43fcf4cc90ea350d2e171c50f25e	2
Name: SavePass-nova.exe MD5: 837c43fcf4cc90ea350d2e171c50f25e Size: 612.86 KB (612864 bytes) Detections: 2 Type: Executable File Path: %PROGRAMFILES%\SavePass Group: Malware file Last Updated: June 2, 2014
6.	SavePass-codedownloader.exe	ac539cc585e844a4c12bc7420a9d0451	1
Name: SavePass-codedownloader.exe MD5: ac539cc585e844a4c12bc7420a9d0451 Size: 531.45 KB (531456 bytes) Detections: 1 Type: Executable File Path: %PROGRAMFILES%\SavePass Group: Malware file Last Updated: June 2, 2014
7.	5aa3d933-32c7-4b03-9bcf-13d56020c4b9-2.exe	091b1e6a5520cd96b4104c9870a4b80d	1
Name: 5aa3d933-32c7-4b03-9bcf-13d56020c4b9-2.exe MD5: 091b1e6a5520cd96b4104c9870a4b80d Size: 384 KB (384000 bytes) Detections: 1 Type: Executable File Path: %PROGRAMFILES%\SavePass Group: Malware file Last Updated: June 2, 2014
8.	5aa3d933-32c7-4b03-9bcf-13d56020c4b9-4.exe	255d2b311c5cec4664b027a1b291874e	1
Name: 5aa3d933-32c7-4b03-9bcf-13d56020c4b9-4.exe MD5: 255d2b311c5cec4664b027a1b291874e Size: 853.5 KB (853504 bytes) Detections: 1 Type: Executable File Path: %PROGRAMFILES%\SavePass Group: Malware file Last Updated: June 2, 2014
9.	SavePass-novainstaller.exe	0724e1368c0499c81effd7e897f2e798	1
Name: SavePass-novainstaller.exe MD5: 0724e1368c0499c81effd7e897f2e798 Size: 531.45 KB (531456 bytes) Detections: 1 Type: Executable File Path: %PROGRAMFILES%\SavePass Group: Malware file Last Updated: June 2, 2014

Registry Details

Adware.SavePass may create the following registry entry or registry entries:

CLSID

{11111111-1111-1111-1111-110511701150}

{22222222-2222-2222-2222-220522702250}

{44444444-4444-4444-4444-440544704450}

{55555555-5555-5555-5555-550555705550}

{66666666-6666-6666-6666-660566706650}

Regexp file mask

%windir%\System32\Tasks\5aa3d933-32c7-4b03-9bcf-13d56020c4b9[RANDOM CHARACTERS]

%windir%\Tasks\5aa3d933-32c7-4b03-9bcf-13d56020c4b9[RANDOM CHARACTERS]

%windir%\Tasks\ec383aea-7d1a-4bec-9bd2-91a327cc8177[RANDOM CHARACTERS]

HKEY..\..\..\..{RegistryKeys}

Software\AppDataLow\Software\Crossrider\onRequest\57050

Software\AppDataLow\Software\SavePass

Software\AppDataLow\Software\SavePass 1.1

Software\AppDataLow\Software\Savepass 2.0

SOFTWARE\Classes\CrossriderApp0057050.BHO

SOFTWARE\Classes\CrossriderApp0057050.BHO.1

SOFTWARE\Classes\CrossriderApp0057050.Sandbox

SOFTWARE\Classes\CrossriderApp0057050.Sandbox.1

Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\SavePass

Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\SavePass 1.1

Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Savepass 2.0

Software\InstalledBrowserExtensions\29777

Software\InstalledBrowserExtensions\29777\61908

Software\InstalledBrowserExtensions\OB\61908

Software\InstalledBrowserExtensions\OB\63429

Software\InstalledBrowserExtensions\OB\66161

Software\InstalledBrowserExtensions\OB\69829

Software\Microsoft\Internet Explorer\Approved Extensions\{11111111-1111-1111-1111-110511701150}

SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{35a19911-67ec-4e46-843e-867760c12584}

Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3a3eb005-48ee-4e40-a3f9-d7fb953abcb9}

SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3d2f31f2-06c9-49d2-9ceb-74af75caeb58}

SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{40120d92-046b-4023-8315-14abef7fa22a}

Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{69d6946f-d754-43a2-8c5c-b216a49cf940}

SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cb1f0b5b-21ad-4204-a7cd-ae2ad82d4376}

SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\SavePass 1.1-bg.exe

SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\Savepass 2.0-bg.exe

SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\SavePass-bg.exe

Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\SavePass.exe

SOFTWARE\Microsoft\Tracing\SavePass_RASAPI32

SOFTWARE\Microsoft\Tracing\SavePass_RASMANCS

SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511701150}

Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110511701150}

Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511701150}

SOFTWARE\SavePass

SOFTWARE\SavePass 1.1

SOFTWARE\SavePass 1.1-nv

SOFTWARE\Savepass 2.0

SOFTWARE\Wow6432Node\InstalledBrowserExtensions\29777

SOFTWARE\Wow6432Node\InstalledBrowserExtensions\29777\61908

SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{35a19911-67ec-4e46-843e-867760c12584}

SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3d2f31f2-06c9-49d2-9ceb-74af75caeb58}

SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cb1f0b5b-21ad-4204-a7cd-ae2ad82d4376}

SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\C:\Program Files (x86)\SavePass\SavePass-nova.exe

SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\SavePass 1.1-bg.exe

SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\Savepass 2.0-bg.exe

SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\SavePass-bg.exe

SOFTWARE\Wow6432Node\Microsoft\Tracing\SavePass_RASAPI32

SOFTWARE\Wow6432Node\Microsoft\Tracing\SavePass_RASMANCS

SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511701150}

SOFTWARE\Wow6432Node\SavePass

SOFTWARE\Wow6432Node\SavePass 1.1

SOFTWARE\Wow6432Node\SavePass 1.1-nv

SOFTWARE\Wow6432Node\Savepass 2.0

HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}

SavePass

SavePass 1.1

Savepass 2.0

{5823C449-6868-4154-B496-21E40C5F09DA}

Directories

Adware.SavePass may create the following directory or directories:

%PROGRAMFILES%\SavePass

%PROGRAMFILES%\SavePass 1.1

%PROGRAMFILES%\Savepass 2.0

%PROGRAMFILES(x86)%\SavePass

%PROGRAMFILES(x86)%\SavePass 1.1

%PROGRAMFILES(x86)%\Savepass 2.0

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

Adware.SavePass

Threat Scorecard

EnigmaSoft Threat Scorecard

SpyHunter Detects & Remove Adware.SavePass

File System Details

Registry Details

Directories

Submit Comment

Trending

'YouPorn' Email Scam

Safe Search Eng

Findtheirreport.com

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen