Jump to content

Welcome to Geeks to Go
Geeks to Go Welcome
Create Account Login to Account
Photo

Removal instructions for Savepath Deals

- - - - -
Started by Metallica , Aug 20 2014 10:41 AM

  • Please log in to reply
No replies to this topic

#1
Metallica
Posted 20 August 2014 - 10:41 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Content is republished with permission from Malwarebytes.

What is Savepath Deals?

The Malwarebytes research team has determined that Savepath Deals is a browser hijacker. These so-called "hijackers" alter your startpage or searchscopes so that the effected browser visits their site or one of their choice. This one also displays advertisements.

How do I know if my computer is affected by Savepath Deals?

There are two variants of the installer. The one we donwloaded from their site shows this screen at the start of the install:

main.png

followed by the EULA. But there is also a silent installer that skips all the installer screens.

You may see these add-ons and extensions:

warning1.png

warning2.png

warning3.png

and this entry in your list of installed programs:

warning4.png

How did Savepath Deals get on my computer?

Browser hijackers use different methods for distributing themselves. The afore-mentioned silent installer was bundled with other software.

How do I remove Savepath Deals?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Is there anything else I need to do to get rid of Savepath Deals?

The silent installer uses the identification name of an existing, legitimate Chrome extension. You can see this by clicking the "Visit Website link" in the list of Extensions.
It will take you to the legitimate application "Simple Notes".
notes.png
The official installer from their website will create this entry in your list of extensions:
notes2.png
Note that is says "Not from Chrome Web Store".
  • Because Malwarebytes Anti-Malware does not want to risk removing a legitimate extension, we leave that up to the user. Both Chrome extensions can safely be removed in this way: Open "Settings" > "Extensions", remove the checkmark before "Enabled" if present and click the bin behind the Savepath Deals listing. Then confirm removal.
How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this hijacker.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Savepath Deals hijacker. It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late.


protection1.png

Technical details for experts

Signs in a HijackThis log:
O2 - BHO: SavePathDeals - {9C467A09-97C4-47F4-A74B-F29A60E36F9A} - C:\Program Files\SavePathDeals\SavePathDeals.dll
Alterations made by the silent installer:
File system details  
---------------------------------------------
    Adds the folder C:\Program Files\SavePathDeals
       Adds the file SavePathDeals.dll"="7/29/2014 1:03 PM, 2401168 bytes, A
       Adds the file uninstall000.exe"="7/29/2014 1:03 PM, 1239952 bytes, A
    Adds the folder C:\Program Files\SavePathDeals Updater
       Adds the file uninstall.exe"="7/29/2014 1:04 PM, 1571216 bytes, A
       Adds the file updater.exe"="7/29/2014 1:04 PM, 1907088 bytes, A
    Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SavePathDeals
       Adds the file uninstall.lnk"="8/20/2014 3:24 PM, 2123 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\debnjblnidplcpilmncpodhgljigoheh\0.0.1_0
       Adds the file manifest.json"="7/26/2014 12:43 PM, 1241 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\debnjblnidplcpilmncpodhgljigoheh\0.0.1_0\css
       Adds the file readme.txt"="6/16/2014 3:43 PM, 37 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\debnjblnidplcpilmncpodhgljigoheh\0.0.1_0\html
       Adds the file background.html"="6/16/2014 3:43 PM, 468 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\debnjblnidplcpilmncpodhgljigoheh\0.0.1_0\images\icons
       Adds the file icon128.png"="7/28/2014 10:48 AM, 6453 bytes, A
       Adds the file icon16.png"="7/28/2014 10:45 AM, 399 bytes, A
       Adds the file icon48.png"="7/28/2014 10:46 AM, 1401 bytes, A
       Adds the file readme.txt"="6/16/2014 3:43 PM, 33 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\debnjblnidplcpilmncpodhgljigoheh\0.0.1_0\js
       Adds the file browser_util.js"="7/26/2014 12:43 PM, 1147 bytes, A
       Adds the file content.js"="6/16/2014 3:43 PM, 2552 bytes, A
       Adds the file jquery-1.7.1.min.js"="6/16/2014 3:43 PM, 93943 bytes, A
       Adds the file log.js"="7/26/2014 12:43 PM, 736 bytes, A
       Adds the file main.js"="7/26/2014 12:43 PM, 2431 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\debnjblnidplcpilmncpodhgljigoheh\0.0.1_0\js\_prsys
       Adds the file activity.js"="7/26/2014 12:42 PM, 7610 bytes, A
       Adds the file product.js"="8/20/2014 3:24 PM, 5289 bytes, A
       Adds the file testPrsys.js"="7/26/2014 12:43 PM, 1960 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\debnjblnidplcpilmncpodhgljigoheh\0.0.1_0\settings
       Adds the file settings.js"="7/26/2014 12:43 PM, 1023 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]
    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content
    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\_prsys
    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\local
    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\locale\en-US
    Adds the folder C:\Windows\System32\Tasks\SavePathDeals\Updater
       Adds the file SavePathDeals updater"="8/20/2014 3:24 PM, 3812 bytes, A

Registry details  
------------------------------------------
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C467A09-97C4-47F4-A74B-F29A60E36F9A}]
       "(Default)"="REG_SZ", "SavePathDeals"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C467A09-97C4-47F4-A74B-F29A60E36F9A}\Implemented Categories]
       "(Default)"="REG_SZ", ""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C467A09-97C4-47F4-A74B-F29A60E36F9A}\Implemented Categories\{59fb2056-d625-48d0-a944-1a85b5ab2640}]
       "(Default)"="REG_SZ", ""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C467A09-97C4-47F4-A74B-F29A60E36F9A}\InprocServer32]
       "(Default)"="REG_SZ", "C:\Program Files\SavePathDeals\SavePathDeals.dll"
       "ThreadingModel"="REG_SZ", "Apartment"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C467A09-97C4-47F4-A74B-F29A60E36F9A}\Programmable]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C467A09-97C4-47F4-A74B-F29A60E36F9A}\TypeLib]
       "(Default)"="REG_SZ", "{16078481-F1C5-4EAD-A92E-2B475D62AD80}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C467A09-97C4-47F4-A74B-F29A60E36F9A}\Version]
       "(Default)"="REG_SZ", "1.0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9C467A09-97C4-47F4-A74B-F29A60E36F9A}]
       "(Default)"="REG_SZ", "SavePathDeals"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext]
       "DisableAddonLoadTimePerformanceNotifications"="REG_DWORD", 1
       "IgnoreFrameApprovalCheck"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SavePathDeals]
       "DisplayIcon"="REG_SZ", "C:\Program Files\SavePathDeals\uninstall000.exe"
       "DisplayName"="REG_SZ", "SavePathDeals"
       "HelpLink"="REG_SZ", "http://SavePathDeals.com/"
       "InstallLocation"="REG_SZ", "C:\Program Files\SavePathDeals\"
       "Publisher"="REG_SZ", "SavePathDeals"
       "QuietUninstallString"="REG_SZ", ""C:\Program Files\SavePathDeals\uninstall000.exe" /uninstall"
       "UninstallString"="REG_SZ", ""C:\Program Files\SavePathDeals\uninstall000.exe" /uninstall"
       "URLInfoAbout"="REG_SZ", "http://SavePathDeals.com/"
       "URLUpdateInfo"="REG_SZ", "http://SavePathDeals.com/"
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9C467A09-97C4-47F4-A74B-F29A60E36F9A}\iexplore]
       "Count"="REG_DWORD", 2
       "Flags"="REG_DWORD", 0
       "LoadTimeArray"="REG_BINARY, ....................
       "NavTimeArray"="REG_BINARY, ..l.................
       "Time"="REG_BINARY, ........
    [HKEY_CURRENT_USER\Software\SavePathDeals]
       "GUID"="REG_SZ", "{4DA36AC0-C6D7-4499-9B89-7456CA6E50D0}"
    [HKEY_CURRENT_USER\Software\SavePathDeals\SavePathDeals]
       "ch"="REG_SZ", "true"
       "Distrib_GUID"="REG_SZ", "null"
       "ff"="REG_SZ", "true"
       "GUID"="REG_SZ", "{4DA36AC0-C6D7-4499-9B89-7456CA6E50D0}"
       "id"="REG_SZ", "1022"
       "ie"="REG_SZ", "true"
       "InstallDirectory"="REG_SZ", "C:\Program Files\SavePathDeals"
       "need_update"="REG_SZ", "true"
       "sf"="REG_SZ", "true"
       "sid"="REG_SZ", "1401"
       "sum"="REG_SZ", "9e87a0c03eebcc703f16183cbf22642d"
       "ver"="REG_SZ", "1"
    [HKEY_CURRENT_USER\Software\SavePathDeals\SavePathDeals\heal]
       "110c083fa8cfffeb406d08dc74d4b918"="REG_SZ", "C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\debnjblnidplcpilmncpodhgljigoheh\0.0.1_0\images\icons\icon128.png"
       "21b52ecc21b0dca534d4c2680277fdac"="REG_SZ", "C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\debnjblnidplcpilmncpodhgljigoheh\0.0.1_0\html\background.html"
       "34452fbf7eda6aa578a4735e809ac7db"="REG_SZ", "C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\_prsys\testPrsys.js"
       "3c384ed31870200f93c8670667123b1a"="REG_SZ", "C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\debnjblnidplcpilmncpodhgljigoheh\0.0.1_0\css\readme.txt"
       "3e94aa9f5e5e0e4a404181fcdf641108"="REG_SZ", "C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome.manifest"
       "4a1276f247e8ae64c5029d097d45dbde"="REG_SZ", "C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\debnjblnidplcpilmncpodhgljigoheh\0.0.1_0\settings\settings.js"
       "4b1ef58ea6258f5a85b3811ffc4ff10e"="REG_SZ", "C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\debnjblnidplcpilmncpodhgljigoheh\0.0.1_0\images\icons\readme.txt"
       "4b2ea354de2ba77cb6fc66e801dcde2c"="REG_SZ", "C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\debnjblnidplcpilmncpodhgljigoheh\0.0.1_0\images\icons\icon16.png"
       "4fe7ecc21cdedd16e51e00fef7317bce"="REG_SZ", "C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\browserUtil.js"
       "65ed4582bf694cbd066d5a01fca59108"="REG_SZ", "C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\debnjblnidplcpilmncpodhgljigoheh\0.0.1_0\js\content.js"
       "69659bb9b138ddbee7c35bb96c27ad18"="REG_SZ", "C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\debnjblnidplcpilmncpodhgljigoheh\0.0.1_0\js\main.js"
       "774e2d0190c58d73bafe25241a3da271"="REG_SZ", "C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\install.rdf"
       "792fd50caa59cfd8cece7ce2661e6ea5"="REG_SZ", "C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\debnjblnidplcpilmncpodhgljigoheh\0.0.1_0\js\log.js"
       "93e36a4e70ba9948909f17d3aac58d15"="REG_SZ", "C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\icon.png"
       "996cda61223ec1d931e8a5d191d79a7e"="REG_SZ", "C:\Program Files\SavePathDeals\SavePathDeals.dll"
       "b8b4cacc690ba9b1f3c82978525d1eaa"="REG_SZ", "C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\debnjblnidplcpilmncpodhgljigoheh\0.0.1_0\js\_prsys\activity.js"
       "badd363a2e00f2e9d1bc480e9978fc50"="REG_SZ", "C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\main.js"
       "bd6c0551889cd6dc765522393a81e302"="REG_SZ", "C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\debnjblnidplcpilmncpodhgljigoheh\0.0.1_0\js\browser_util.js"
       "c84a43c7e821f3411f8d128d8462ecb2"="REG_SZ", "C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\debnjblnidplcpilmncpodhgljigoheh\0.0.1_0\js\_prsys\product.js"
       "c89e3100f32f730a3c97af1db6af88cc"="REG_SZ", "C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\local\jquery-1.7.1.min.js"
       "d41d8cd98f00b204e9800998ecf8427e"="REG_SZ", "C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\locale\en-US\SavePathDeals.properties"
       "dd18a3f8f79e74902ba914df72b2207f"="REG_SZ", "C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\_prsys\prsys.xul"
       "de3d8640ea1135ba64b48c1bdc429932"="REG_SZ", "C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\_prsys\product.js"
       "de8b748353e241ff63be68808762c7ed"="REG_SZ", "C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\settings.js"
       "e767d6e706c1b927daed024fbe96891e"="REG_SZ", "C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\SavePathDeals.xul"
       "f3af61faf5050621ad7ee210b8a33cab"="REG_SZ", "C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\_prsys\activity.js"
       "f423608644cd9ceb0c0fec944c5a8c5f"="REG_SZ", "C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\log.js"
       "f45c390bf51348d1a8548e2deda7f055"="REG_SZ", "C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\debnjblnidplcpilmncpodhgljigoheh\0.0.1_0\manifest.json"
    [HKEY_CURRENT_USER\Software\SavePathDeals\updater]
       "Distrib_GUID"="REG_SZ", "null"
       "id"="REG_SZ", "1021"
       "InstallDirectory"="REG_SZ", "C:\Program Files\SavePathDeals Updater"
       "need_update"="REG_SZ", "true"
       "sid"="REG_SZ", "1401"
       "sum"="REG_SZ", "d96fab334563708db20c6d6d6ea2a05c"
       "ver"="REG_SZ", "1"
    [HKEY_CURRENT_USER\Software\SavePathDeals\updater\heal]
       "b42412892d9e62c56c32f2e62a6a136f"="REG_SZ", "C:\Program Files\SavePathDeals Updater\updater.exe"
Malwarebytes Anti-Malware log:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/20/2014
Scan Time: 3:39:40 PM
Logfile: mbamSavePathDeals.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.20.03
Rootkit Database: v2014.08.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Malwarebytes

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 256768
Time Elapsed: 3 min, 55 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 6
PUP.Optional.SavePathDeals, HKLM\SOFTWARE\CLASSES\CLSID\{9C467A09-97C4-47F4-A74B-F29A60E36F9A}, Quarantined, [05cea91f681367cf7318c61a5ba701ff], 
PUP.Optional.SavePathDeals, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{9C467A09-97C4-47F4-A74B-F29A60E36F9A}, Quarantined, [05cea91f681367cf7318c61a5ba701ff], 
PUP.Optional.SavePathDeals, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{9C467A09-97C4-47F4-A74B-F29A60E36F9A}, Quarantined, [05cea91f681367cf7318c61a5ba701ff], 
PUP.Optional.SavePathDeals, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{9C467A09-97C4-47F4-A74B-F29A60E36F9A}, Quarantined, [05cea91f681367cf7318c61a5ba701ff], 
PUP.Optional.SavePathDeals, HKLM\SOFTWARE\CLASSES\CLSID\{9C467A09-97C4-47F4-A74B-F29A60E36F9A}\INPROCSERVER32, Quarantined, [05cea91f681367cf7318c61a5ba701ff], 
PUP.Optional.SavePathDeals, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SavePathDeals, Quarantined, [05cea91f681367cf7318c61a5ba701ff], 

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 13
PUP.Optional.SavePathDeals, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\debnjblnidplcpilmncpodhgljigoheh\0.0.1_0\js, Quarantined, [963d992fadce5fd7b67800e1b84a7d83], 
PUP.Optional.SavePathDeals, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\debnjblnidplcpilmncpodhgljigoheh\0.0.1_0\js\_prsys, Quarantined, [963d992fadce5fd7b67800e1b84a7d83], 
PUP.Optional.SavePathDeals.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected], Quarantined, [a0336c5cd3a83df97fb850762ed432ce], 
PUP.Optional.SavePathDeals.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content, Quarantined, [a0336c5cd3a83df97fb850762ed432ce], 
PUP.Optional.SavePathDeals.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\_prsys, Quarantined, [a0336c5cd3a83df97fb850762ed432ce], 
PUP.Optional.SavePathDeals.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\local, Quarantined, [a0336c5cd3a83df97fb850762ed432ce], 
PUP.Optional.SavePathDeals.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\locale, Quarantined, [a0336c5cd3a83df97fb850762ed432ce], 
PUP.Optional.SavePathDeals.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\locale\en-US, Quarantined, [a0336c5cd3a83df97fb850762ed432ce], 
PUP.Optional.SavePathDeals, C:\Program Files\SavePathDeals Updater, Quarantined, [fbd8695f354685b18cfe37a9a9596898], 
PUP.Optional.SavePathDeals, C:\Program Files\SavePathDeals, Quarantined, [05cea91f681367cf7318c61a5ba701ff], 
PUP.Optional.SavePathDeals, C:\Windows\System32\Tasks\SavePathDeals, Quarantined, [745fa127fd7e43f33d4f97495da5e818], 
PUP.Optional.SavePathDeals, C:\Windows\System32\Tasks\SavePathDeals\Updater, Quarantined, [745fa127fd7e43f33d4f97495da5e818], 
PUP.Optional.SavePathDeals, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SavePathDeals, Quarantined, [676c8444fb808caa622b6e7262a0f30d], 

Files: 29
PUP.Optional.SavePathDeals, C:\Users\{username}\Desktop\0003272627cfe9cb600d9eba5d423f880b958175ca.exe, Quarantined, [aa29309898e3f73fbc774c625ea3fc04], 
PUP.Optional.SavePathDeals, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\debnjblnidplcpilmncpodhgljigoheh\0.0.1_0\js\log.js, Quarantined, [963d992fadce5fd7b67800e1b84a7d83], 
PUP.Optional.SavePathDeals, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\debnjblnidplcpilmncpodhgljigoheh\0.0.1_0\js\browser_util.js, Quarantined, [963d992fadce5fd7b67800e1b84a7d83], 
PUP.Optional.SavePathDeals, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\debnjblnidplcpilmncpodhgljigoheh\0.0.1_0\js\content.js, Quarantined, [963d992fadce5fd7b67800e1b84a7d83], 
PUP.Optional.SavePathDeals, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\debnjblnidplcpilmncpodhgljigoheh\0.0.1_0\js\jquery-1.7.1.min.js, Quarantined, [963d992fadce5fd7b67800e1b84a7d83], 
PUP.Optional.SavePathDeals, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\debnjblnidplcpilmncpodhgljigoheh\0.0.1_0\js\main.js, Quarantined, [963d992fadce5fd7b67800e1b84a7d83], 
PUP.Optional.SavePathDeals, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\debnjblnidplcpilmncpodhgljigoheh\0.0.1_0\js\_prsys\activity.js, Quarantined, [963d992fadce5fd7b67800e1b84a7d83], 
PUP.Optional.SavePathDeals, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\debnjblnidplcpilmncpodhgljigoheh\0.0.1_0\js\_prsys\product.js, Quarantined, [963d992fadce5fd7b67800e1b84a7d83], 
PUP.Optional.SavePathDeals, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\debnjblnidplcpilmncpodhgljigoheh\0.0.1_0\js\_prsys\testPrsys.js, Quarantined, [963d992fadce5fd7b67800e1b84a7d83], 
PUP.Optional.SavePathDeals.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome.manifest, Quarantined, [a0336c5cd3a83df97fb850762ed432ce], 
PUP.Optional.SavePathDeals.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\icon.png, Quarantined, [a0336c5cd3a83df97fb850762ed432ce], 
PUP.Optional.SavePathDeals.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\install.rdf, Quarantined, [a0336c5cd3a83df97fb850762ed432ce], 
PUP.Optional.SavePathDeals.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\browserUtil.js, Quarantined, [a0336c5cd3a83df97fb850762ed432ce], 
PUP.Optional.SavePathDeals.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\log.js, Quarantined, [a0336c5cd3a83df97fb850762ed432ce], 
PUP.Optional.SavePathDeals.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\main.js, Quarantined, [a0336c5cd3a83df97fb850762ed432ce], 
PUP.Optional.SavePathDeals.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\SavePathDeals.xul, Quarantined, [a0336c5cd3a83df97fb850762ed432ce], 
PUP.Optional.SavePathDeals.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\settings.js, Quarantined, [a0336c5cd3a83df97fb850762ed432ce], 
PUP.Optional.SavePathDeals.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\_prsys\activity.js, Quarantined, [a0336c5cd3a83df97fb850762ed432ce], 
PUP.Optional.SavePathDeals.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\_prsys\product.js, Quarantined, [a0336c5cd3a83df97fb850762ed432ce], 
PUP.Optional.SavePathDeals.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\_prsys\prsys.xul, Quarantined, [a0336c5cd3a83df97fb850762ed432ce], 
PUP.Optional.SavePathDeals.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\content\_prsys\testPrsys.js, Quarantined, [a0336c5cd3a83df97fb850762ed432ce], 
PUP.Optional.SavePathDeals.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\local\jquery-1.7.1.min.js, Quarantined, [a0336c5cd3a83df97fb850762ed432ce], 
PUP.Optional.SavePathDeals.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\locale\en-US\SavePathDeals.properties, Quarantined, [a0336c5cd3a83df97fb850762ed432ce], 
PUP.Optional.SavePathDeals, C:\Program Files\SavePathDeals Updater\uninstall.exe, Quarantined, [fbd8695f354685b18cfe37a9a9596898], 
PUP.Optional.SavePathDeals, C:\Program Files\SavePathDeals Updater\updater.exe, Quarantined, [fbd8695f354685b18cfe37a9a9596898], 
PUP.Optional.SavePathDeals, C:\Program Files\SavePathDeals\SavePathDeals.dll, Quarantined, [05cea91f681367cf7318c61a5ba701ff], 
PUP.Optional.SavePathDeals, C:\Program Files\SavePathDeals\uninstall000.exe, Quarantined, [05cea91f681367cf7318c61a5ba701ff], 
PUP.Optional.SavePathDeals, C:\Windows\System32\Tasks\SavePathDeals\Updater\SavePathDeals updater, Quarantined, [745fa127fd7e43f33d4f97495da5e818], 
PUP.Optional.SavePathDeals, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SavePathDeals\uninstall.lnk, Quarantined, [676c8444fb808caa622b6e7262a0f30d], 

Physical Sectors: 0
(No malicious items detected)


(end)
As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):
  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
  • 0

Advertisements

Back to Malware Removal Guides and Tutorials


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Malware Removal Guides and Tutorials

As Featured On:

featured
Malware Removal How to Guides Windows 7 System Building Download Files Register welcome

Never used a forum? Learn how.