1. /
  2. Security Response/
  3. Adware.SavingsHound

Adware.SavingsHound

Updated:
February 13, 2007 11:44:49 AM
Type:
Adware
Version:
0.2.3.0
Publisher:
www.savingshound.com
Risk Impact:
Low
File Names:
SavingsHound023.dll Setup.exe
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP

When Adware.SavingsHound is executed, it performs the following actions:
  1. Creates the following files:

    • %UserProfile%\Desktop\SavingsHound.lnk
    • %ProgramFiles%\SavingsHound\hotlist.dat
    • %ProgramFiles%\SavingsHound\SavingsHound023.dll

      Note: %UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\[Current User] (Windows NT/2000/XP).
      Note: %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.

  2. Adds the following registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{325338F0-AED0-45f6-A0DA-B5B09E6A07ED}

    so that the risk runs every time Internet Explorer starts.

  3. Adds the following registry keys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0088EDD4-E83A-4C8C-A2C8-840D4DEEB86A}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14FD2098-9F9E-4fbc-A1A5-BAFBB6EF475A}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{325338F0-AED0-45f6-A0DA-B5B09E6A07ED}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56352D61-C28C-4E43-8280-38AFFF4F4C50}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{548406A4-C9CC-4F3F-BF03-E235C8650E1F}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{587C0F8D-80CD-4588-A439-7A2731EDB13D}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8440FE1B-C609-49AA-8CDC-1915F83E0B69}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{91EE7889-7385-4F66-8790-539A1686F661}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B5F8E28B-0471-4BE1-90BA-4F17DEC6F146}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SavingsHound.CSInstallInformation
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SavingsHound.CSInstallInformation.1
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SavingsHound.SavingsHoundBar
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SavingsHound.SavingsHoundBar.1
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SavingsHound.SavingsHoundBarH
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SavingsHound.SavingsHoundBarH.1
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SavingsHoundBar.SavingsHoundBHO
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SavingsHoundBar.SavingsHoundBHO.1
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SavingsHoundBHOClass
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{325338F0-AED0-45f6-A0DA-B5B09E6A07ED}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SavingsHound
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{9750935B-0F6C-46d5-B7BF-8E682EA73329}
    HKEY_CURRENT_USER\Software\SavingsHound

  4. Adds the value:

    "{9750935B-0F6C-46d5-B7BF-8E682EA73329}" = "[risk generated value]"

    to the registry subkey:

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping

Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report