SavingsCool Ads
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Ranking: | 19,666 |
| Threat Level: | 20 % (Normal) |
| Infected Computers: | 6,999 |
| First Seen: | November 21, 2016 |
| Last Seen: | February 23, 2025 |
| OS(es) Affected: | Windows |
The SavingsCool advertisements on your screen that are loaded in the Web browser may not be native to the site you load. The ads that have a branding like 'Powered by SavingsCool,' 'Brought by SavingsCool,' and 'Provided by SavingsCool' are generated by adware on your machine. The SavingsCool adware is related to the GorillaPrice adware that was detected for the first time back in August 2013. The SavingsCool adware is perceived as a modified version of GorillaPrice, which might land on computers via free program bundles. Cyber security experts have seen the SavingsCool use the name 'Network Cache Manager' to run on infected devices and avoid the attention of AV scanners and users alike. As you can imagine, when you see a process named 'ntcache.exe' that has a description saying 'Network Cache Manager' you are not likely to think it is doing something undesirable. However, the file 'ntcache.exe' is not used to handle network communication for your computer. The fake 'Network Cache Manager' is used as a disguise for the SavingsCool adware to run uninterrupted and load personalized marketing offers in your browser. The SavingsCool adware is reported to create the following folder:
C:\ProgramData\Microsoft\Windows\NetworkCacheManager
The folder may contain 'ntcache.exe' and DLL resources. Samples of SavingsCool show that the main executable is registered to run as a background service. The command to run the SavingsCool adware may look like this:
C:\ProgramData\Microsoft\Windows\NetworkCacheManager\ntcache.exe –service
Advanced adware examples such as Boravid and Fireplayer are designed to use benign filenames and lack general user interface. Threats like these are tailored to communicate with remote servers and facilitate the display of promotional materials on infected computers. The SavingsCool adware is no exception, and it may use data like your Internet history and search terms on Google to improve the product positioning of sponsored content. You should note that the SavingsCool ads may redirect you to potentially compromised pages, disturbing videos and pornographic materials. You may want to clean your computer with a credible anti-malware scanner to avoid exposure to images, videos, and cyber parasites you do not want to come into contact.
Table of Contents
SpyHunter Detects & Remove SavingsCool Ads
File System Details
| # | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|---|
| 1. | slinit.exe | 37bc7f1308735df5ede44dc48ae6eefb | 75 |
| 2. | wlupdater.exe | c94147a719d7df6fcd416132c793eaa5 | 15 |
Registry Details
Directories
SavingsCool Ads may create the following directory or directories:
| %ALLUSERSPROFILE%\Microsoft\Windows\CredManager |
