Sign in to follow this  
Metallica

Removal instructions for Savepath Deals

Recommended Posts

What is Savepath Deals?

The Malwarebytes research team has determined that Savepath Deals is a browser hijacker. These so-called "hijackers" alter your startpage or searchscopes so that the effected browser visits their site or one of their choice. This one also displays advertisements.

How do I know if my computer is affected by Savepath Deals?

There are two variants of the installer. The one we donwloaded from their site shows this screen at the start of the install:

main.png

followed by the EULA. But there is also a silent installer that skips all the installer screens.

You may see these add-ons and extensions:

warning1.png

warning2.png

warning3.png

and this entry in your list of installed programs:

warning4.png

How did Savepath Deals get on my computer?

Browser hijackers use different methods for distributing themselves. The afore-mentioned silent installer was bundled with other software.

How do I remove Savepath Deals?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.

  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Is there anything else I need to do to get rid of Savepath Deals?

The silent installer uses the identification name of an existing, legitimate Chrome extension. You can see this by clicking the "Visit Website link" in the list of Extensions.

It will take you to the legitimate application "Simple Notes".

notes.png

The official installer from their website will create this entry in your list of extensions:

notes2.png

Note that is says "Not from Chrome Web Store".

  • Because Malwarebytes Anti-Malware does not want to risk removing a legitimate extension, we leave that up to the user. Both Chrome extensions can safely be removed in this way: Open "Settings" > "Extensions", remove the checkmark before "Enabled" if present and click the bin behind the Savepath Deals listing. Then confirm removal.
How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this hijacker.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Savepath Deals hijacker. It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late.

protection1.png

Technical details for experts

Signs in a HijackThis log:

O2 - BHO: SavePathDeals - {9C467A09-97C4-47F4-A74B-F29A60E36F9A} - C:\Program Files\SavePathDeals\SavePathDeals.dll
Alterations made by the silent installer:

File system details  ---------------------------------------------    Adds the folder C:\Program Files\SavePathDeals       Adds the file SavePathDeals.dll"="7/29/2014 1:03 PM, 2401168 bytes, A       Adds the file uninstall000.exe"="7/29/2014 1:03 PM, 1239952 bytes, A    Adds the folder C:\Program Files\SavePathDeals Updater       Adds the file uninstall.exe"="7/29/2014 1:04 PM, 1571216 bytes, A       Adds the file updater.exe"="7/29/2014 1:04 PM, 1907088 bytes, A    Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SavePathDeals       Adds the file uninstall.lnk"="8/20/2014 3:24 PM, 2123 bytes, A    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\debnjblnidplcpilmncpodhgljigoheh\0.0.1_0       Adds the file manifest.json"="7/26/2014 12:43 PM, 1241 bytes, A    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\debnjblnidplcpilmncpodhgljigoheh\0.0.1_0\css       Adds the file readme.txt"="6/16/2014 3:43 PM, 37 bytes, A    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\debnjblnidplcpilmncpodhgljigoheh\0.0.1_0\html       Adds the file background.html"="6/16/2014 3:43 PM, 468 bytes, A    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\debnjblnidplcpilmncpodhgljigoheh\0.0.1_0\images\icons       Adds the file icon128.png"="7/28/2014 10:48 AM, 6453 bytes, A       Adds the file icon16.png"="7/28/2014 10:45 AM, 399 bytes, A       Adds the file icon48.png"="7/28/2014 10:46 AM, 1401 bytes, A       Adds the file readme.txt"="6/16/2014 3:43 PM, 33 bytes, A    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\debnjblnidplcpilmncpodhgljigoheh\0.0.1_0\js       Adds the file browser_util.js"="7/26/2014 12:43 PM, 1147 bytes, A       Adds the file content.js"="6/16/2014 3:43 PM, 2552 bytes, A       Adds the file jquery-1.7.1.min.js"="6/16/2014 3:43 PM, 93943 bytes, A       Adds the file log.js"="7/26/2014 12:43 PM, 736 bytes, A       Adds the file main.js"="7/26/2014 12:43 PM, 2431 bytes, A    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\debnjblnidplcpilmncpodhgljigoheh\0.0.1_0\js\_prsys       Adds the file activity.js"="7/26/2014 12:42 PM, 7610 bytes, A       Adds the file product.js"="8/20/2014 3:24 PM, 5289 bytes, A       Adds the file testPrsys.js"="7/26/2014 12:43 PM, 1960 bytes, A    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\debnjblnidplcpilmncpodhgljigoheh\0.0.1_0\settings       Adds the file settings.js"="7/26/2014 12:43 PM, 1023 bytes, A    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\SavePathDeals@SavePathDeals.com    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\SavePathDeals@SavePathDeals.com\content    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\SavePathDeals@SavePathDeals.com\content\_prsys    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\SavePathDeals@SavePathDeals.com\local    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\SavePathDeals@SavePathDeals.com\locale\en-US    Adds the folder C:\Windows\System32\Tasks\SavePathDeals\Updater       Adds the file SavePathDeals updater"="8/20/2014 3:24 PM, 3812 bytes, ARegistry details  ------------------------------------------    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C467A09-97C4-47F4-A74B-F29A60E36F9A}]       "(Default)"="REG_SZ", "SavePathDeals"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C467A09-97C4-47F4-A74B-F29A60E36F9A}\Implemented Categories]       "(Default)"="REG_SZ", ""    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C467A09-97C4-47F4-A74B-F29A60E36F9A}\Implemented Categories\{59fb2056-d625-48d0-a944-1a85b5ab2640}]       "(Default)"="REG_SZ", ""    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C467A09-97C4-47F4-A74B-F29A60E36F9A}\InprocServer32]       "(Default)"="REG_SZ", "C:\Program Files\SavePathDeals\SavePathDeals.dll"       "ThreadingModel"="REG_SZ", "Apartment"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C467A09-97C4-47F4-A74B-F29A60E36F9A}\Programmable]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C467A09-97C4-47F4-A74B-F29A60E36F9A}\TypeLib]       "(Default)"="REG_SZ", "{16078481-F1C5-4EAD-A92E-2B475D62AD80}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C467A09-97C4-47F4-A74B-F29A60E36F9A}\Version]       "(Default)"="REG_SZ", "1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9C467A09-97C4-47F4-A74B-F29A60E36F9A}]       "(Default)"="REG_SZ", "SavePathDeals"    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext]       "DisableAddonLoadTimePerformanceNotifications"="REG_DWORD", 1       "IgnoreFrameApprovalCheck"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SavePathDeals]       "DisplayIcon"="REG_SZ", "C:\Program Files\SavePathDeals\uninstall000.exe"       "DisplayName"="REG_SZ", "SavePathDeals"       "HelpLink"="REG_SZ", "http://SavePathDeals.com/"       "InstallLocation"="REG_SZ", "C:\Program Files\SavePathDeals\"       "Publisher"="REG_SZ", "SavePathDeals"       "QuietUninstallString"="REG_SZ", ""C:\Program Files\SavePathDeals\uninstall000.exe" /uninstall"       "UninstallString"="REG_SZ", ""C:\Program Files\SavePathDeals\uninstall000.exe" /uninstall"       "URLInfoAbout"="REG_SZ", "http://SavePathDeals.com/"       "URLUpdateInfo"="REG_SZ", "http://SavePathDeals.com/"    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9C467A09-97C4-47F4-A74B-F29A60E36F9A}\iexplore]       "Count"="REG_DWORD", 2       "Flags"="REG_DWORD", 0       "LoadTimeArray"="REG_BINARY, ....................       "NavTimeArray"="REG_BINARY, ..l.................       "Time"="REG_BINARY, ........    [HKEY_CURRENT_USER\Software\SavePathDeals]       "GUID"="REG_SZ", "{4DA36AC0-C6D7-4499-9B89-7456CA6E50D0}"    [HKEY_CURRENT_USER\Software\SavePathDeals\SavePathDeals]       "ch"="REG_SZ", "true"       "Distrib_GUID"="REG_SZ", "null"       "ff"="REG_SZ", "true"       "GUID"="REG_SZ", "{4DA36AC0-C6D7-4499-9B89-7456CA6E50D0}"       "id"="REG_SZ", "1022"       "ie"="REG_SZ", "true"       "InstallDirectory"="REG_SZ", "C:\Program Files\SavePathDeals"       "need_update"="REG_SZ", "true"       "sf"="REG_SZ", "true"       "sid"="REG_SZ", "1401"       "sum"="REG_SZ", "9e87a0c03eebcc703f16183cbf22642d"       "ver"="REG_SZ", "1"    [HKEY_CURRENT_USER\Software\SavePathDeals\SavePathDeals\heal]       "110c083fa8cfffeb406d08dc74d4b918"="REG_SZ", "C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\debnjblnidplcpilmncpodhgljigoheh\0.0.1_0\images\icons\icon128.png"       "21b52ecc21b0dca534d4c2680277fdac"="REG_SZ", "C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\debnjblnidplcpilmncpodhgljigoheh\0.0.1_0\html\background.html"       "34452fbf7eda6aa578a4735e809ac7db"="REG_SZ", "C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\SavePathDeals@SavePathDeals.com\content\_prsys\testPrsys.js"       "3c384ed31870200f93c8670667123b1a"="REG_SZ", "C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\debnjblnidplcpilmncpodhgljigoheh\0.0.1_0\css\readme.txt"       "3e94aa9f5e5e0e4a404181fcdf641108"="REG_SZ", "C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\SavePathDeals@SavePathDeals.com\chrome.manifest"       "4a1276f247e8ae64c5029d097d45dbde"="REG_SZ", "C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\debnjblnidplcpilmncpodhgljigoheh\0.0.1_0\settings\settings.js"       "4b1ef58ea6258f5a85b3811ffc4ff10e"="REG_SZ", "C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\debnjblnidplcpilmncpodhgljigoheh\0.0.1_0\images\icons\readme.txt"       "4b2ea354de2ba77cb6fc66e801dcde2c"="REG_SZ", "C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\debnjblnidplcpilmncpodhgljigoheh\0.0.1_0\images\icons\icon16.png"       "4fe7ecc21cdedd16e51e00fef7317bce"="REG_SZ", "C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\SavePathDeals@SavePathDeals.com\content\browserUtil.js"       "65ed4582bf694cbd066d5a01fca59108"="REG_SZ", "C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\debnjblnidplcpilmncpodhgljigoheh\0.0.1_0\js\content.js"       "69659bb9b138ddbee7c35bb96c27ad18"="REG_SZ", "C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\debnjblnidplcpilmncpodhgljigoheh\0.0.1_0\js\main.js"       "774e2d0190c58d73bafe25241a3da271"="REG_SZ", "C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\SavePathDeals@SavePathDeals.com\install.rdf"       "792fd50caa59cfd8cece7ce2661e6ea5"="REG_SZ", "C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\debnjblnidplcpilmncpodhgljigoheh\0.0.1_0\js\log.js"       "93e36a4e70ba9948909f17d3aac58d15"="REG_SZ", "C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\SavePathDeals@SavePathDeals.com\icon.png"       "996cda61223ec1d931e8a5d191d79a7e"="REG_SZ", "C:\Program Files\SavePathDeals\SavePathDeals.dll"       "b8b4cacc690ba9b1f3c82978525d1eaa"="REG_SZ", "C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\debnjblnidplcpilmncpodhgljigoheh\0.0.1_0\js\_prsys\activity.js"       "badd363a2e00f2e9d1bc480e9978fc50"="REG_SZ", "C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\SavePathDeals@SavePathDeals.com\content\main.js"       "bd6c0551889cd6dc765522393a81e302"="REG_SZ", "C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\debnjblnidplcpilmncpodhgljigoheh\0.0.1_0\js\browser_util.js"       "c84a43c7e821f3411f8d128d8462ecb2"="REG_SZ", "C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\debnjblnidplcpilmncpodhgljigoheh\0.0.1_0\js\_prsys\product.js"       "c89e3100f32f730a3c97af1db6af88cc"="REG_SZ", "C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\SavePathDeals@SavePathDeals.com\local\jquery-1.7.1.min.js"       "d41d8cd98f00b204e9800998ecf8427e"="REG_SZ", "C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\SavePathDeals@SavePathDeals.com\locale\en-US\SavePathDeals.properties"       "dd18a3f8f79e74902ba914df72b2207f"="REG_SZ", "C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\SavePathDeals@SavePathDeals.com\content\_prsys\prsys.xul"       "de3d8640ea1135ba64b48c1bdc429932"="REG_SZ", "C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\SavePathDeals@SavePathDeals.com\content\_prsys\product.js"       "de8b748353e241ff63be68808762c7ed"="REG_SZ", "C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\SavePathDeals@SavePathDeals.com\content\settings.js"       "e767d6e706c1b927daed024fbe96891e"="REG_SZ", "C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\SavePathDeals@SavePathDeals.com\content\SavePathDeals.xul"       "f3af61faf5050621ad7ee210b8a33cab"="REG_SZ", "C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\SavePathDeals@SavePathDeals.com\content\_prsys\activity.js"       "f423608644cd9ceb0c0fec944c5a8c5f"="REG_SZ", "C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\SavePathDeals@SavePathDeals.com\content\log.js"       "f45c390bf51348d1a8548e2deda7f055"="REG_SZ", "C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\debnjblnidplcpilmncpodhgljigoheh\0.0.1_0\manifest.json"    [HKEY_CURRENT_USER\Software\SavePathDeals\updater]       "Distrib_GUID"="REG_SZ", "null"       "id"="REG_SZ", "1021"       "InstallDirectory"="REG_SZ", "C:\Program Files\SavePathDeals Updater"       "need_update"="REG_SZ", "true"       "sid"="REG_SZ", "1401"       "sum"="REG_SZ", "d96fab334563708db20c6d6d6ea2a05c"       "ver"="REG_SZ", "1"    [HKEY_CURRENT_USER\Software\SavePathDeals\updater\heal]       "b42412892d9e62c56c32f2e62a6a136f"="REG_SZ", "C:\Program Files\SavePathDeals Updater\updater.exe"
Malwarebytes Anti-Malware log:

Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 8/20/2014Scan Time: 3:39:40 PMLogfile: mbamSavePathDeals.txtAdministrator: YesVersion: 2.00.2.1012Malware Database: v2014.08.20.03Rootkit Database: v2014.08.16.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: DisabledOS: Windows 7 Service Pack 1CPU: x86File System: NTFSUser: MalwarebytesScan Type: Threat ScanResult: CompletedObjects Scanned: 256768Time Elapsed: 3 min, 55 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 6PUP.Optional.SavePathDeals, HKLM\SOFTWARE\CLASSES\CLSID\{9C467A09-97C4-47F4-A74B-F29A60E36F9A}, Quarantined, [05cea91f681367cf7318c61a5ba701ff], PUP.Optional.SavePathDeals, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{9C467A09-97C4-47F4-A74B-F29A60E36F9A}, Quarantined, [05cea91f681367cf7318c61a5ba701ff], PUP.Optional.SavePathDeals, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{9C467A09-97C4-47F4-A74B-F29A60E36F9A}, Quarantined, [05cea91f681367cf7318c61a5ba701ff], PUP.Optional.SavePathDeals, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{9C467A09-97C4-47F4-A74B-F29A60E36F9A}, Quarantined, [05cea91f681367cf7318c61a5ba701ff], PUP.Optional.SavePathDeals, HKLM\SOFTWARE\CLASSES\CLSID\{9C467A09-97C4-47F4-A74B-F29A60E36F9A}\INPROCSERVER32, Quarantined, [05cea91f681367cf7318c61a5ba701ff], PUP.Optional.SavePathDeals, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SavePathDeals, Quarantined, [05cea91f681367cf7318c61a5ba701ff], Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 13PUP.Optional.SavePathDeals, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\debnjblnidplcpilmncpodhgljigoheh\0.0.1_0\js, Quarantined, [963d992fadce5fd7b67800e1b84a7d83], PUP.Optional.SavePathDeals, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\debnjblnidplcpilmncpodhgljigoheh\0.0.1_0\js\_prsys, Quarantined, [963d992fadce5fd7b67800e1b84a7d83], PUP.Optional.SavePathDeals.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\SavePathDeals@SavePathDeals.com, Quarantined, [a0336c5cd3a83df97fb850762ed432ce], PUP.Optional.SavePathDeals.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\SavePathDeals@SavePathDeals.com\content, Quarantined, [a0336c5cd3a83df97fb850762ed432ce], PUP.Optional.SavePathDeals.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\SavePathDeals@SavePathDeals.com\content\_prsys, Quarantined, [a0336c5cd3a83df97fb850762ed432ce], PUP.Optional.SavePathDeals.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\SavePathDeals@SavePathDeals.com\local, Quarantined, [a0336c5cd3a83df97fb850762ed432ce], PUP.Optional.SavePathDeals.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\SavePathDeals@SavePathDeals.com\locale, Quarantined, [a0336c5cd3a83df97fb850762ed432ce], PUP.Optional.SavePathDeals.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\SavePathDeals@SavePathDeals.com\locale\en-US, Quarantined, [a0336c5cd3a83df97fb850762ed432ce], PUP.Optional.SavePathDeals, C:\Program Files\SavePathDeals Updater, Quarantined, [fbd8695f354685b18cfe37a9a9596898], PUP.Optional.SavePathDeals, C:\Program Files\SavePathDeals, Quarantined, [05cea91f681367cf7318c61a5ba701ff], PUP.Optional.SavePathDeals, C:\Windows\System32\Tasks\SavePathDeals, Quarantined, [745fa127fd7e43f33d4f97495da5e818], PUP.Optional.SavePathDeals, C:\Windows\System32\Tasks\SavePathDeals\Updater, Quarantined, [745fa127fd7e43f33d4f97495da5e818], PUP.Optional.SavePathDeals, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SavePathDeals, Quarantined, [676c8444fb808caa622b6e7262a0f30d], Files: 29PUP.Optional.SavePathDeals, C:\Users\{username}\Desktop\0003272627cfe9cb600d9eba5d423f880b958175ca.exe, Quarantined, [aa29309898e3f73fbc774c625ea3fc04], PUP.Optional.SavePathDeals, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\debnjblnidplcpilmncpodhgljigoheh\0.0.1_0\js\log.js, Quarantined, [963d992fadce5fd7b67800e1b84a7d83], PUP.Optional.SavePathDeals, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\debnjblnidplcpilmncpodhgljigoheh\0.0.1_0\js\browser_util.js, Quarantined, [963d992fadce5fd7b67800e1b84a7d83], PUP.Optional.SavePathDeals, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\debnjblnidplcpilmncpodhgljigoheh\0.0.1_0\js\content.js, Quarantined, [963d992fadce5fd7b67800e1b84a7d83], PUP.Optional.SavePathDeals, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\debnjblnidplcpilmncpodhgljigoheh\0.0.1_0\js\jquery-1.7.1.min.js, Quarantined, [963d992fadce5fd7b67800e1b84a7d83], PUP.Optional.SavePathDeals, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\debnjblnidplcpilmncpodhgljigoheh\0.0.1_0\js\main.js, Quarantined, [963d992fadce5fd7b67800e1b84a7d83], PUP.Optional.SavePathDeals, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\debnjblnidplcpilmncpodhgljigoheh\0.0.1_0\js\_prsys\activity.js, Quarantined, [963d992fadce5fd7b67800e1b84a7d83], PUP.Optional.SavePathDeals, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\debnjblnidplcpilmncpodhgljigoheh\0.0.1_0\js\_prsys\product.js, Quarantined, [963d992fadce5fd7b67800e1b84a7d83], PUP.Optional.SavePathDeals, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\debnjblnidplcpilmncpodhgljigoheh\0.0.1_0\js\_prsys\testPrsys.js, Quarantined, [963d992fadce5fd7b67800e1b84a7d83], PUP.Optional.SavePathDeals.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\SavePathDeals@SavePathDeals.com\chrome.manifest, Quarantined, [a0336c5cd3a83df97fb850762ed432ce], PUP.Optional.SavePathDeals.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\SavePathDeals@SavePathDeals.com\icon.png, Quarantined, [a0336c5cd3a83df97fb850762ed432ce], PUP.Optional.SavePathDeals.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\SavePathDeals@SavePathDeals.com\install.rdf, Quarantined, [a0336c5cd3a83df97fb850762ed432ce], PUP.Optional.SavePathDeals.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\SavePathDeals@SavePathDeals.com\content\browserUtil.js, Quarantined, [a0336c5cd3a83df97fb850762ed432ce], PUP.Optional.SavePathDeals.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\SavePathDeals@SavePathDeals.com\content\log.js, Quarantined, [a0336c5cd3a83df97fb850762ed432ce], PUP.Optional.SavePathDeals.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\SavePathDeals@SavePathDeals.com\content\main.js, Quarantined, [a0336c5cd3a83df97fb850762ed432ce], PUP.Optional.SavePathDeals.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\SavePathDeals@SavePathDeals.com\content\SavePathDeals.xul, Quarantined, [a0336c5cd3a83df97fb850762ed432ce], PUP.Optional.SavePathDeals.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\SavePathDeals@SavePathDeals.com\content\settings.js, Quarantined, [a0336c5cd3a83df97fb850762ed432ce], PUP.Optional.SavePathDeals.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\SavePathDeals@SavePathDeals.com\content\_prsys\activity.js, Quarantined, [a0336c5cd3a83df97fb850762ed432ce], PUP.Optional.SavePathDeals.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\SavePathDeals@SavePathDeals.com\content\_prsys\product.js, Quarantined, [a0336c5cd3a83df97fb850762ed432ce], PUP.Optional.SavePathDeals.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\SavePathDeals@SavePathDeals.com\content\_prsys\prsys.xul, Quarantined, [a0336c5cd3a83df97fb850762ed432ce], PUP.Optional.SavePathDeals.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\SavePathDeals@SavePathDeals.com\content\_prsys\testPrsys.js, Quarantined, [a0336c5cd3a83df97fb850762ed432ce], PUP.Optional.SavePathDeals.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\SavePathDeals@SavePathDeals.com\local\jquery-1.7.1.min.js, Quarantined, [a0336c5cd3a83df97fb850762ed432ce], PUP.Optional.SavePathDeals.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\SavePathDeals@SavePathDeals.com\locale\en-US\SavePathDeals.properties, Quarantined, [a0336c5cd3a83df97fb850762ed432ce], PUP.Optional.SavePathDeals, C:\Program Files\SavePathDeals Updater\uninstall.exe, Quarantined, [fbd8695f354685b18cfe37a9a9596898], PUP.Optional.SavePathDeals, C:\Program Files\SavePathDeals Updater\updater.exe, Quarantined, [fbd8695f354685b18cfe37a9a9596898], PUP.Optional.SavePathDeals, C:\Program Files\SavePathDeals\SavePathDeals.dll, Quarantined, [05cea91f681367cf7318c61a5ba701ff], PUP.Optional.SavePathDeals, C:\Program Files\SavePathDeals\uninstall000.exe, Quarantined, [05cea91f681367cf7318c61a5ba701ff], PUP.Optional.SavePathDeals, C:\Windows\System32\Tasks\SavePathDeals\Updater\SavePathDeals updater, Quarantined, [745fa127fd7e43f33d4f97495da5e818], PUP.Optional.SavePathDeals, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SavePathDeals\uninstall.lnk, Quarantined, [676c8444fb808caa622b6e7262a0f30d], Physical Sectors: 0(No malicious items detected)(end)
As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.