SavingsCool Ads

SavingsCool Ads Description

Type: Adware

The SavingsCool advertisements on your screen that are loaded in the Web browser may not be native to the site you load. The ads that have a branding like 'Powered by SavingsCool,' 'Brought by SavingsCool,' and 'Provided by SavingsCool' are generated by adware on your machine. The SavingsCool adware is related to the GorillaPrice adware that was detected for the first time back in August 2013. The SavingsCool adware is perceived as a modified version of GorillaPrice, which might land on computers via free program bundles. Cyber security experts have seen the SavingsCool use the name 'Network Cache Manager' to run on infected devices and avoid the attention of AV scanners and users alike. As you can imagine, when you see a process named 'ntcache.exe' that has a description saying 'Network Cache Manager' you are not likely to think it is doing something undesirable. However, the file 'ntcache.exe' is not used to handle network communication for your computer. The fake 'Network Cache Manager' is used as a disguise for the SavingsCool adware to run uninterrupted and load personalized marketing offers in your browser. The SavingsCool adware is reported to create the following folder:

C:\ProgramData\Microsoft\Windows\NetworkCacheManager

The folder may contain 'ntcache.exe' and DLL resources. Samples of SavingsCool show that the main executable is registered to run as a background service. The command to run the SavingsCool adware may look like this:

C:\ProgramData\Microsoft\Windows\NetworkCacheManager\ntcache.exe –service

Advanced adware examples such as Boravid and Fireplayer are designed to use benign filenames and lack general user interface. Threats like these are tailored to communicate with remote servers and facilitate the display of promotional materials on infected computers. The SavingsCool adware is no exception, and it may use data like your Internet history and search terms on Google to improve the product positioning of sponsored content. You should note that the SavingsCool ads may redirect you to potentially compromised pages, disturbing videos and pornographic materials. You may want to clean your computer with a credible anti-malware scanner to avoid exposure to images, videos, and cyber parasites you do not want to come into contact.

Technical Information

Screenshots & Other Imagery

SpyHunter Detects & Remove SavingsCool Ads

File System Details

SavingsCool Ads creates the following file(s):
Expand All | Collapse All
# File Name MD5 Detection Count
1 wlupdater.exe 55698be1a03cee539fd34f4360e051a4 153
2 slinit.exe 37bc7f1308735df5ede44dc48ae6eefb 75
More files

Registry Details

SavingsCool Ads creates the following registry entry or registry entries:
Directory
%ALLUSERSPROFILE%\Microsoft\Windows\CredManager
Regexp file mask
%ALLUSERSPROFILE%\Microsoft\Windows\WinLogonUpdater\slinit.exe
%COMMONPROGRAMFILES%\Lonanwidroad\Lonanwidroad.exe
%COMMONPROGRAMFILES(x86)%\Lonanwidroad\Lonanwidroad.exe
Registry key
SOFTWARE\SavingsCool
SOFTWARE\Wow6432Node\SavingsCool
Uninstaller
SavingsC00L
SavingsCool

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.
By GoldSparrow in Adware
Translate To:
English
Threat Scorecard
Ranking: 5,347
Threat Level: 20 % (Normal)
Infected Computers: 6,892
First Seen: November 21, 2016
Last Seen: April 30, 2022
OS(es) Affected: Windows