The Malwarebytes research team has determined that MySafeSavings is adware. These adware applications display advertisements not originating from the sites you are browsing.
How do I know if my computer is affected by MySafeSavings?
You may see this type of warning during install:
and this entry in your list of installed programs:
How did MySafeSavings get on my computer?
Adware applications use different methods for distributing themselves. This particular one was bundled with other software.
How do I remove MySafeSavings?
Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.
- Please download Malwarebytes Anti-Malware to your desktop.
- Double-click mbam-setup-{version}.exe and follow the prompts to install the program.
- At the end, be sure a check-mark is placed next to:
Launch Malwarebytes Anti-Malware - Then click Finish.
- Once the program has loaded, select Scan Now. Or select the Threat Scan from the Scan menu.
- If an update is available, it will be implemented before the rest of the scanning procedure.
- When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
- Restart your computer when prompted to do so.
- No, Malwarebytes' Anti-Malware removes MySafeSavings completely.
We hope our application and this guide have helped you eradicate this hijacker.
As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the MySafeSavings adware. It would have warned you before the adware could install itself, giving you a chance to stop it before it became too late.
Technical details for experts
Possible signs in FRST logs:
() C:\ProgramData\Microsoft\WindowsLogger\winlogger.exe () C:\Program Files (x86)\SafeSavings\mysafesavings.exe R2 lggr; C:\ProgramData\Microsoft\WindowsLogger\winlogger.exe [25088 2016-08-17] () [File not signed] C:\ProgramData\SafeSavings C:\Program Files (x86)\SafeSavings MySafeSavings (HKLM-x32\...\MySafeSavings) (Version: 1.0.2.2 - )Alterations made by the installer:
File system details [View: All details] (Selection)
---------------------------------------------------
Adds the folder C:\Program Files (x86)\SafeSavings
Adds the file mysafesavings.exe"="8/17/2016 4:31 PM, 578048 bytes, A
Adds the folder C:\ProgramData\Microsoft\WindowsLogger
Adds the file winlogger.exe"="8/17/2016 4:31 PM, 25088 bytes, A
Adds the folder C:\ProgramData\SafeSavings
Adds the file backup.dat"="8/17/2016 4:31 PM, 578048 bytes, A
Registry details [View: All details] (Selection)
------------------------------------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MySafeSavings]
"DisplayIcon"="REG_SZ", "C:\Program Files (x86)\SafeSavings\MySafeSavings.exe"
"DisplayName"="REG_SZ", "MySafeSavings"
"DisplayVersion"="REG_SZ", "1.0.2.2"
"EstimatedSize"="REG_DWORD", 564
"Publisher"="REG_SZ", ""
"UninstallString"="REG_SZ", "explorer.exe http://uninstall.mysafesavings.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MySafeSavings]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\lggr]
"Description"="REG_SZ", "Windows unexpected exceptions logger."
"DisplayName"="REG_SZ", "Windows Logger"
"ErrorControl"="REG_DWORD", 1
"FailureActions"="REG_BINARY, ............d...d...d.
"ImagePath"="REG_EXPAND_SZ, "C:\ProgramData\Microsoft\WindowsLogger\winlogger.exe -runcmd"
"ObjectName"="REG_SZ", "LocalSystem"
"Start"="REG_DWORD", 2
"Type"="REG_DWORD", 16
"WOW64"="REG_DWORD", 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\lggr\Security]
"Security"="REG_BINARY, ........0................p...."......................... ...................................
[HKEY_CURRENT_USER\Software\MySafeSavings]
"id"="REG_SZ", "713792512348164"Malwarebytes Anti-Malware log:Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 8/22/2016
Scan Time: 12:32 PM
Logfile: mbamMySafeSavings.txt
Administrator: Yes
Version: 2.2.1.1043
Malware Database: v2016.08.22.03
Rootkit Database: v2016.08.15.01
License: Premium
Malware Protection: Disabled
Malicious Website Protection: Enabled
Self-protection: Enabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {username}
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 318711
Time Elapsed: 9 min, 21 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 2
PUP.Optional.MySafeSavings, C:\ProgramData\Microsoft\WindowsLogger\winlogger.exe, 3000, Delete-on-Reboot, [9d7e044a2e6cc175a2d3cb0552b229d7]
PUP.Optional.MySafeSavings, C:\Program Files (x86)\SafeSavings\mysafesavings.exe, 3484, Delete-on-Reboot, [59c2b896f4a62a0c5a995d6b43bf857b]
Modules: 0
(No malicious items detected)
Registry Keys: 2
PUP.Optional.MySafeSavings, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\lggr, Quarantined, [9d7e044a2e6cc175a2d3cb0552b229d7],
PUP.Optional.MySafeSavings, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MySafeSavings, Quarantined, [fc1f1836405a54e27add47ab9a69c33d],
Registry Values: 1
PUP.Optional.MySafeSavings, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\lggr|ImagePath, C:\ProgramData\Microsoft\WindowsLogger\winlogger.exe -runcmd, Quarantined, [7aa1014d980296a00f67e5ebbb49c838]
Folders: 2
PUP.Optional.MySafeSavings, C:\ProgramData\Microsoft\WindowsLogger, Delete-on-Reboot, [9d7e044a2e6cc175a2d3cb0552b229d7],
PUP.Optional.MySafeSavings, C:\Program Files (x86)\SafeSavings, Delete-on-Reboot, [59c2b896f4a62a0c5a995d6b43bf857b],
Files: 2
PUP.Optional.MySafeSavings, C:\ProgramData\Microsoft\WindowsLogger\winlogger.exe, Delete-on-Reboot, [9d7e044a2e6cc175a2d3cb0552b229d7],
PUP.Optional.MySafeSavings, C:\Program Files (x86)\SafeSavings\mysafesavings.exe, Delete-on-Reboot, [59c2b896f4a62a0c5a995d6b43bf857b],
Physical Sectors: 0
(No malicious items detected)
(end)- Dynamically Blocks Malware Sites & Servers
- Malware Execution Prevention
Back to top
Sign In
Create Account
