Threat Database Adware SavingsCool Ads

SavingsCool Ads

By GoldSparrow in Adware

Threat Scorecard

Ranking: 10,823
Threat Level: 20 % (Normal)
Infected Computers: 6,980
First Seen: November 21, 2016
Last Seen: August 30, 2023
OS(es) Affected: Windows

The SavingsCool advertisements on your screen that are loaded in the Web browser may not be native to the site you load. The ads that have a branding like 'Powered by SavingsCool,' 'Brought by SavingsCool,' and 'Provided by SavingsCool' are generated by adware on your machine. The SavingsCool adware is related to the GorillaPrice adware that was detected for the first time back in August 2013. The SavingsCool adware is perceived as a modified version of GorillaPrice, which might land on computers via free program bundles. Cyber security experts have seen the SavingsCool use the name 'Network Cache Manager' to run on infected devices and avoid the attention of AV scanners and users alike. As you can imagine, when you see a process named 'ntcache.exe' that has a description saying 'Network Cache Manager' you are not likely to think it is doing something undesirable. However, the file 'ntcache.exe' is not used to handle network communication for your computer. The fake 'Network Cache Manager' is used as a disguise for the SavingsCool adware to run uninterrupted and load personalized marketing offers in your browser. The SavingsCool adware is reported to create the following folder:


The folder may contain 'ntcache.exe' and DLL resources. Samples of SavingsCool show that the main executable is registered to run as a background service. The command to run the SavingsCool adware may look like this:

C:\ProgramData\Microsoft\Windows\NetworkCacheManager\ntcache.exe –service

Advanced adware examples such as Boravid and Fireplayer are designed to use benign filenames and lack general user interface. Threats like these are tailored to communicate with remote servers and facilitate the display of promotional materials on infected computers. The SavingsCool adware is no exception, and it may use data like your Internet history and search terms on Google to improve the product positioning of sponsored content. You should note that the SavingsCool ads may redirect you to potentially compromised pages, disturbing videos and pornographic materials. You may want to clean your computer with a credible anti-malware scanner to avoid exposure to images, videos, and cyber parasites you do not want to come into contact.

SpyHunter Detects & Remove SavingsCool Ads

File System Details

SavingsCool Ads may create the following file(s):
# File Name MD5 Detections
1. wlupdater.exe 55698be1a03cee539fd34f4360e051a4 153
2. slinit.exe ae9f2bb3c4718e512dd6fa76e9b99ed7 78
3. slinit.exe 37bc7f1308735df5ede44dc48ae6eefb 75
4. wlupdater.exe c94147a719d7df6fcd416132c793eaa5 15

Registry Details

SavingsCool Ads may create the following registry entry or registry entries:
Regexp file mask


SavingsCool Ads may create the following directory or directories:



Most Viewed