Threat Database Adware SavingsCool Ads

SavingsCool Ads

By GoldSparrow in Adware
Translate To:

Threat Scorecard

Ranking: 19,666
Threat Level: 20 % (Normal)
Infected Computers: 6,999
First Seen: November 21, 2016
Last Seen: February 23, 2025
OS(es) Affected: Windows

The SavingsCool advertisements on your screen that are loaded in the Web browser may not be native to the site you load. The ads that have a branding like 'Powered by SavingsCool,' 'Brought by SavingsCool,' and 'Provided by SavingsCool' are generated by adware on your machine. The SavingsCool adware is related to the GorillaPrice adware that was detected for the first time back in August 2013. The SavingsCool adware is perceived as a modified version of GorillaPrice, which might land on computers via free program bundles. Cyber security experts have seen the SavingsCool use the name 'Network Cache Manager' to run on infected devices and avoid the attention of AV scanners and users alike. As you can imagine, when you see a process named 'ntcache.exe' that has a description saying 'Network Cache Manager' you are not likely to think it is doing something undesirable. However, the file 'ntcache.exe' is not used to handle network communication for your computer. The fake 'Network Cache Manager' is used as a disguise for the SavingsCool adware to run uninterrupted and load personalized marketing offers in your browser. The SavingsCool adware is reported to create the following folder:

C:\ProgramData\Microsoft\Windows\NetworkCacheManager

The folder may contain 'ntcache.exe' and DLL resources. Samples of SavingsCool show that the main executable is registered to run as a background service. The command to run the SavingsCool adware may look like this:

C:\ProgramData\Microsoft\Windows\NetworkCacheManager\ntcache.exe –service

Advanced adware examples such as Boravid and Fireplayer are designed to use benign filenames and lack general user interface. Threats like these are tailored to communicate with remote servers and facilitate the display of promotional materials on infected computers. The SavingsCool adware is no exception, and it may use data like your Internet history and search terms on Google to improve the product positioning of sponsored content. You should note that the SavingsCool ads may redirect you to potentially compromised pages, disturbing videos and pornographic materials. You may want to clean your computer with a credible anti-malware scanner to avoid exposure to images, videos, and cyber parasites you do not want to come into contact.

SpyHunter Detects & Remove SavingsCool Ads

File System Details

SavingsCool Ads may create the following file(s):
# File Name MD5 Detections
1. slinit.exe 37bc7f1308735df5ede44dc48ae6eefb 75
2. wlupdater.exe c94147a719d7df6fcd416132c793eaa5 15
More files

Registry Details

SavingsCool Ads may create the following registry entry or registry entries:
Regexp file mask
%ALLUSERSPROFILE%\Microsoft\Windows\WinLogonUpdater\slinit.exe
%COMMONPROGRAMFILES%\Lonanwidroad\Lonanwidroad.exe
%COMMONPROGRAMFILES(x86)%\Lonanwidroad\Lonanwidroad.exe
SOFTWARE\SavingsCool
SOFTWARE\Wow6432Node\SavingsCool

Directories

SavingsCool Ads may create the following directory or directories:

%ALLUSERSPROFILE%\Microsoft\Windows\CredManager

Trending

Most Viewed

Loading...