Giant Savings

Giant Savings Description

Giant Savings is an adware program that shows coupon advertisements on the hacked web browser. Giant Savings shows random offers and saving coupons that permit computer users to save money when purchasing products online. A pop-up of Giant Savings can be easily spotted because it is mainly put on the top-left corner of the browser window, which involves offers. If clicked on an offer, a PC user turns on his/her savings for the said products or services and a message of 'Congratulations, your coupon has been activated' is shown. If PC users visit insecure websites or download files from a third-party server, they may be urged to download allegedly essential software before they can continue. Computer users may be duped into downloading and installing Giant Savings onto their PCs. Giant Savings is distributed via infectious program downloads. Giant Savings installs its add-ons on Internet Explorer, Mozilla Firefox, and Google Chrome.

Aliases: SmartShopper.G [AVG], a variant of Win32/Toolbar.CrossRider.C [ESET-NOD32], JS.A.Iframe.206336.A [ViRobot], Riskware.Win32.Toolbar.CrossRider.AMN (A) [Emsisoft], TROJ_GEN.F47V0327 [TrendMicro-HouseCall], Gen:Variant.Barys.3546 [MicroWorld-eScan], Trojan.Agent/Gen-Bancos [SUPERAntiSpyware], Mal/Bancos-BT [Sophos], TR/ATRAPS.Gen [AntiVir], Gen:Variant.Barys.3546 (B) [Emsisoft], a variant of Win32/Spy.Banker.XHH [ESET-NOD32], Trojan-Banker.Win32.Banbra [Ikarus], W32/Banker.XHH!tr [Fortinet], Trojan.MSIL.Bladabindi.b (v) [VIPRE] and Trojan.Generic.7753695 [F-Secure].

Infected with Giant Savings? Scan Your PC for Free

Download SpyHunter's Spyware Scanner
to Detect Giant Savings
* SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.

If you still can't install SpyHunter? View other possible causes of installation issues.

Technical Information

Infection Statistics

Our MalwareTracker shows malware activity across the world. Explore real-time data of Giant Savings outbreaks and other threats from global to local level.

File System Details

Giant Savings creates the following file(s):
# File Name Size MD5 Detection Count
1 %PROGRAMFILES%\Giant Savings Extension\Giant Savings Extension.dll 613,376 eb189da958ad25d24a8836acf8739e92 2,423
2 %PROGRAMFILES%\Giant Savings Extension 85
3 %PROGRAMFILES(x86)%\Giant Savings Extension 84
4 GiantSavings.exe 1,860,056 9f8e74b1dc9b07d7dcc3d48b299474ba 35
5 %APPDATA%\NOTE02\mq1.cpl 1,223,680 bcfdb369e2a2d2ffa0cd795b14fdd805 28
6 %PROGRAMFILES(x86)%\Giant Savings 10
7 %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\c533a444480a4d4bf0b1cca3e95dd36b.exe 94,208 630394f83260ade155c1da0825e7de5f 8
8 %UserProfile%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj 7
9 %UserProfile%\Local Settings\Application Data\Updater4479 6
10 %LOCALAPPDATA%\Updater4479 5
11 %UserProfile%\Local Settings\Application Data\Giant Savings 4
12 %LOCALAPPDATA%\Giant Savings 3
13 %WINDIR%\system32\fastsrch.dll 123,392 b9fcf1fe17aa83e9e51a1458c426562d 3
14 %LOCALAPPDATA%\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndkhncnongaclekkbelchmeafffimifj_0.localstorage-journal 2
15 %UserProfile%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndkhncnongaclekkbelchmeafffimifj_0.localstorage 1

Registry Details

Giant Savings creates the following registry entry or registry entries:
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011441179}
Software\InstalledBrowserExtensions\215 Apps, value: 4479
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION, value: Giant Savings-bg.exe
Software\AppDataLow\Software\Giant Savings
SOFTWARE\Wow6432Node\Microsoft\Tracing\Giant Savings_RASAPI32
SOFTWARE\Wow6432Node\Microsoft\Tracing\Giant Savings_RASMANCS
Giant Savings
The following CLSID's were found:
HKEY..\..\{CLSID Path}

Site Disclaimer

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as is:
What is 5 + 11 ?