Giant Savings

By JubileeX in Adware

Threat Scorecard

Ranking:	9,440
Threat Level:	20 % (Normal)
Infected Computers:	7,275

First Seen:	January 18, 2013
Last Seen:	September 16, 2023
OS(es) Affected:	Windows

Giant Savings is an adware program that shows coupon advertisements on the hacked web browser. Giant Savings shows random offers and saving coupons that permit computer users to save money when purchasing products online. A pop-up of Giant Savings can be easily spotted because it is mainly put on the top-left corner of the browser window, which involves offers. If clicked on an offer, a PC user turns on his/her savings for the said products or services and a message of 'Congratulations, your coupon has been activated' is shown. If PC users visit insecure websites or download files from a third-party server, they may be urged to download allegedly essential software before they can continue. Computer users may be duped into downloading and installing Giant Savings onto their PCs. Giant Savings is distributed via infectious program downloads. Giant Savings installs its add-ons on Internet Explorer, Mozilla Firefox, and Google Chrome.

Table of Contents

Aliases

15 security vendors flagged this file as malicious.

Anti-Virus Software	Detection
AVG	SmartShopper.G
Fortinet	W32/Banker.XHH!tr
Ikarus	Trojan-Banker.Win32.Banbra
AntiVir	TR/ATRAPS.Gen
Sophos	Mal/Bancos-BT
Panda	Generic Trojan
AVG	ILAgent
Fortinet	MSIL/Agent.MNW!tr
Ikarus	Trojan.Msil
AntiVir	TR/Bladabindi.J.1
F-Secure	Trojan.Generic.7753695
Comodo	TrojWare.MSIL.Spy.Agent.CPC
Avast	Win32:Agent-APAI [Spy]
F-Prot	W32/MSIL_Troj.AP.gen!Eldorado
McAfee	Artemis!630394F83260

SpyHunter Detects & Remove Giant Savings

File System Details

Giant Savings may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	GiANt savings extension.dll.vir	eb189da958ad25d24a8836acf8739e92	2,430
Name: GiANt savings extension.dll.vir MD5: eb189da958ad25d24a8836acf8739e92 Size: 613.37 KB (613376 bytes) Detections: 2,430 Path: C:\Qoobox\Quarantine\C\Program Files (x86)\Giant Savings Extension\GiANt savings extension.dll.vir Group: Malware file Last Updated: June 2, 2022
2.	Giant Savings Extension.dll	714e45ae5f6ef45b130ac50660240f05	1,312
Name: Giant Savings Extension.dll MD5: 714e45ae5f6ef45b130ac50660240f05 Size: 637.95 KB (637952 bytes) Detections: 1,312 Type: Dynamic link library Path: %PROGRAMFILES%\Giant Savings Extension Group: Malware file Last Updated: January 7, 2021
3.	mq1.cpl	bcfdb369e2a2d2ffa0cd795b14fdd805	28
Name: mq1.cpl MD5: bcfdb369e2a2d2ffa0cd795b14fdd805 Size: 1.22 MB (1223680 bytes) Detections: 28 Path: %APPDATA%\NOTE02 Group: Malware file Last Updated: March 1, 2013
4.	GiantSavings_US.exe	e70f991ddcba1136cc84afeceabb8b68	10
Name: GiantSavings_US.exe MD5: e70f991ddcba1136cc84afeceabb8b68 Size: 1.83 MB (1831224 bytes) Detections: 10 Type: Executable File Path: C:\Users\<username>\AppData\Local\Temp\is1373634743\GiantSavings_US.exe Group: Malware file Last Updated: February 27, 2021
5.	fastsrch.dll	b9fcf1fe17aa83e9e51a1458c426562d	3
Name: fastsrch.dll MD5: b9fcf1fe17aa83e9e51a1458c426562d Size: 123.39 KB (123392 bytes) Detections: 3 Type: Dynamic link library Path: %WINDIR%\system32 Group: Malware file Last Updated: March 1, 2013
6.	GiantSavings.exe	9f8e74b1dc9b07d7dcc3d48b299474ba	0
Name: GiantSavings.exe MD5: 9f8e74b1dc9b07d7dcc3d48b299474ba Size: 1.86 MB (1860056 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: January 22, 2013

Registry Details

Giant Savings may create the following registry entry or registry entries:

CLSID

{11111111-1111-1111-1111-110011441179}

{22222222-2222-2222-2222-220022442279}

{44444444-4444-4444-4444-440044444479}

{55555555-5555-5555-5555-550055445579}

{66666666-6666-6666-6666-660066446679}

HKEY..\..\..\..{RegistryKeys}

Software\AppDataLow\Software\Giant Savings

SOFTWARE\Classes\CrossriderApp0004479.BHO

SOFTWARE\Classes\CrossriderApp0004479.BHO.1

SOFTWARE\Classes\CrossriderApp0004479.Sandbox

SOFTWARE\Classes\CrossriderApp0004479.Sandbox.1

Software\Cr_Installer\4479

Software\InstalledBrowserExtensions\215 Apps\4479

SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179}

SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011441179}

SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\Giant Savings-bg.exe

SOFTWARE\Wow6432Node\Microsoft\Tracing\Giant Savings_RASAPI32

SOFTWARE\Wow6432Node\Microsoft\Tracing\Giant Savings_RASMANCS

HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}

Giant Savings

Directories

Giant Savings may create the following directory or directories:

%LOCALAPPDATA%\Giant Savings

%LOCALAPPDATA%\Updater4479

%PROGRAMFILES%\Giant Savings

%PROGRAMFILES%\Giant Savings Extension

%PROGRAMFILES(x86)%\Giant Savings

%PROGRAMFILES(x86)%\Giant Savings Extension

%UserProfile%\Local Settings\Application Data\Giant Savings

%UserProfile%\Local Settings\Application Data\Updater4479

URLs

Giant Savings may call the following URLs:

Giant Savings

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

Giant Savings

Threat Scorecard

EnigmaSoft Threat Scorecard

Aliases

SpyHunter Detects & Remove Giant Savings

File System Details

Registry Details

Directories

URLs

Submit Comment

Trending

Rzfu Ransomware

'YouPorn' Email Scam

Rzkd Ransomware

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen