Adware.DownSave
Posted: May 28, 2014
Threat Metric
The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to
give every identifiable malware threat. Our Threat Meter includes several criteria based off of
specific malware threats to value their severity, reach and volume. The Threat Meter is able to give
you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count,
Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic
breakdown of how all threats are ranked within our own extensive malware database. The scoring for
each specific malware threat can be easily compared to other emerging threats to draw a contrast in
its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to
remove a threat or pursue additional analytical research for all types of computer users.
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Ranking: | 8,506 |
|---|---|
| Threat Level: | 2/10 |
| Infected PCs: | 10,249 |
| First Seen: | May 28, 2014 |
|---|---|
| Last Seen: | September 24, 2023 |
| OS(es) Affected: | Windows |
Adware.DownSave is adware that may create and show disturbing pop-up ads on a PC when a computer user is visiting online shopping and social networking websites. The pop-up ads displayed by Adware.DownSave may recommend computer users numerous discount coupons, deals, sales and offers. If the PC user clicks on the pop-up advertisements sent by Adware.DownSave, this adware may continuously redirect him to questionable websites that may be designed possibly for advertising purposes. Adware.DownSave may be integrated into popular Web browsers such as Internet Explorer, Mozilla Firefox and Google Chrome while the PC user is installing free software from unreliable download websites. Once installed on the PC, Adware.DownSave may modify the default browser settings and replace the default homepage, search engine or a new tab window with a suspicious website. Adware.DownSave may keep track of the computer user's browsing routine and transmit and use gathered information for the intention of delivering targeted pop-up ads.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%ALLUSERSPROFILE%\DownSavE\C.x64.dll
File name: C.x64.dllSize: 475.64 KB (475648 bytes)
MD5: c8625b7c0f5a6d22c9bf4eeea9ec5f00
Detection count: 93
File type: Dynamic link library
Mime Type: unknown/dll
Path: %ALLUSERSPROFILE%\DownSavE
Group: Malware file
Last Updated: May 28, 2014
%ALLUSERSPROFILE%\DownSAve\rNYImj1v.dll
File name: rNYImj1v.dllSize: 425.47 KB (425472 bytes)
MD5: 251663ab1aed04f2e8d1c4132fcf7638
Detection count: 84
File type: Dynamic link library
Mime Type: unknown/dll
Path: %ALLUSERSPROFILE%\DownSAve
Group: Malware file
Last Updated: May 28, 2014
%ALLUSERSPROFILE%\DownSave\zvG.dll
File name: zvG.dllSize: 426.49 KB (426496 bytes)
MD5: 103122a3729dbd73e0751688d046610a
Detection count: 81
File type: Dynamic link library
Mime Type: unknown/dll
Path: %ALLUSERSPROFILE%\DownSave
Group: Malware file
Last Updated: May 28, 2014
%ALLUSERSPROFILE%\DownSavei\R9DQQv.x64.dll
File name: R9DQQv.x64.dllSize: 476.67 KB (476672 bytes)
MD5: 37ae4bb2f20ca4f2ecc2ae3fa2eee59f
Detection count: 76
File type: Dynamic link library
Mime Type: unknown/dll
Path: %ALLUSERSPROFILE%\DownSavei
Group: Malware file
Last Updated: May 28, 2014
%ALLUSERSPROFILE%\DOwnSave\HWik.dll
File name: HWik.dllSize: 427 KB (427008 bytes)
MD5: 3edf79b76fd875a74d02c141983a6774
Detection count: 73
File type: Dynamic link library
Mime Type: unknown/dll
Path: %ALLUSERSPROFILE%\DOwnSave
Group: Malware file
Last Updated: May 28, 2014
%ALLUSERSPROFILE%\Dane aplikacji\DownSAve\do.dll
File name: do.dllSize: 423.93 KB (423936 bytes)
MD5: 1900c268b3f17ec68cb463de2606956d
Detection count: 71
File type: Dynamic link library
Mime Type: unknown/dll
Path: %ALLUSERSPROFILE%\Dane aplikacji\DownSAve
Group: Malware file
Last Updated: May 28, 2014
%ALLUSERSPROFILE%\DowNSave\twh8j.dll
File name: twh8j.dllSize: 425.47 KB (425472 bytes)
MD5: 64abc957845f504506bed87543dca48c
Detection count: 70
File type: Dynamic link library
Mime Type: unknown/dll
Path: %ALLUSERSPROFILE%\DowNSave
Group: Malware file
Last Updated: May 28, 2014
%ALLUSERSPROFILE%\DDowNSAve\PMzRH91o.x64.dll
File name: PMzRH91o.x64.dllSize: 473.08 KB (473088 bytes)
MD5: bbdb948208d7d37f01dc04e6cbb4e71a
Detection count: 65
File type: Dynamic link library
Mime Type: unknown/dll
Path: %ALLUSERSPROFILE%\DDowNSAve
Group: Malware file
Last Updated: May 28, 2014
%ALLUSERSPROFILE%\DDowNSavei\grsWp.dll
File name: grsWp.dllSize: 426.49 KB (426496 bytes)
MD5: 56efa3b2409ec8f402a9bf465def9afe
Detection count: 65
File type: Dynamic link library
Mime Type: unknown/dll
Path: %ALLUSERSPROFILE%\DDowNSavei
Group: Malware file
Last Updated: May 28, 2014
%ALLUSERSPROFILE%\DownSave\WqClrP.x64.dll
File name: WqClrP.x64.dllSize: 472.57 KB (472576 bytes)
MD5: b614cb72894e75e8df5092746d3c5705
Detection count: 61
File type: Dynamic link library
Mime Type: unknown/dll
Path: %ALLUSERSPROFILE%\DownSave
Group: Malware file
Last Updated: May 28, 2014
%ALLUSERSPROFILE%\DownSave\G4I.x64.dll
File name: G4I.x64.dllSize: 476.67 KB (476672 bytes)
MD5: 702a1113559c8f2b95d919f15a962d9a
Detection count: 43
File type: Dynamic link library
Mime Type: unknown/dll
Path: %ALLUSERSPROFILE%\DownSave
Group: Malware file
Last Updated: May 28, 2014
%ALLUSERSPROFILE%\DOwnSAVe\DBR.x64.dll
File name: DBR.x64.dllSize: 475.64 KB (475648 bytes)
MD5: 3e552f61a7ab6b5266c11fd3533f22f8
Detection count: 40
File type: Dynamic link library
Mime Type: unknown/dll
Path: %ALLUSERSPROFILE%\DOwnSAVe
Group: Malware file
Last Updated: May 28, 2014
%ALLUSERSPROFILE%\DownSaVe\ex3NW5.x64.dll
File name: ex3NW5.x64.dllSize: 473.6 KB (473600 bytes)
MD5: a7f83e82a8b6e11de5ea62efee860351
Detection count: 35
File type: Dynamic link library
Mime Type: unknown/dll
Path: %ALLUSERSPROFILE%\DownSaVe
Group: Malware file
Last Updated: May 28, 2014
%ALLUSERSPROFILE%\DownSave\BxRK7cNl.dll
File name: BxRK7cNl.dllSize: 424.44 KB (424448 bytes)
MD5: db12f6284aba0a58615c4e8ad62a3ec5
Detection count: 31
File type: Dynamic link library
Mime Type: unknown/dll
Path: %ALLUSERSPROFILE%\DownSave
Group: Malware file
Last Updated: May 28, 2014
%ALLUSERSPROFILE%\DowNSave\twh8j.x64.dll
File name: twh8j.x64.dllSize: 475.13 KB (475136 bytes)
MD5: 631ebe123ecceeac45c25a2e20306e78
Detection count: 30
File type: Dynamic link library
Mime Type: unknown/dll
Path: %ALLUSERSPROFILE%\DowNSave
Group: Malware file
Last Updated: May 28, 2014
%ALLUSERSPROFILE%\DownSave\g.dll
File name: g.dllSize: 426.49 KB (426496 bytes)
MD5: 0e3542dffc5be4a409e036db9c73d4e9
Detection count: 30
File type: Dynamic link library
Mime Type: unknown/dll
Path: %ALLUSERSPROFILE%\DownSave
Group: Malware file
Last Updated: May 28, 2014
%ALLUSERSPROFILE%\DownSavee\GDs.dll
File name: GDs.dllSize: 421.88 KB (421888 bytes)
MD5: 4f87d11ef47f6a99c58f7a7f5a867fab
Detection count: 22
File type: Dynamic link library
Mime Type: unknown/dll
Path: %ALLUSERSPROFILE%\DownSavee
Group: Malware file
Last Updated: May 28, 2014
%ALLUSERSPROFILE%\DowNSaVe\17eGOVLzdA.x64.dll
File name: 17eGOVLzdA.x64.dllSize: 474.62 KB (474624 bytes)
MD5: 3118c03f55f1973105a9fb4aab0d8eea
Detection count: 20
File type: Dynamic link library
Mime Type: unknown/dll
Path: %ALLUSERSPROFILE%\DowNSaVe
Group: Malware file
Last Updated: May 28, 2014
%ALLUSERSPROFILE%\Dane aplikacji\DownSaveE\R5Y.dll
File name: R5Y.dllSize: 424.96 KB (424960 bytes)
MD5: 693c04619316e64d4cde981c3cf193cc
Detection count: 6
File type: Dynamic link library
Mime Type: unknown/dll
Path: %ALLUSERSPROFILE%\Dane aplikacji\DownSaveE
Group: Malware file
Last Updated: May 28, 2014
%ALLUSERSPROFILE%\DoWnSave\DfOikEyrJ.x64.dll
File name: DfOikEyrJ.x64.dllSize: 476.67 KB (476672 bytes)
MD5: 29191683f396a123ca9a53f3ef503a73
Detection count: 5
File type: Dynamic link library
Mime Type: unknown/dll
Path: %ALLUSERSPROFILE%\DoWnSave
Group: Malware file
Last Updated: May 28, 2014
%ALLUSERSPROFILE%\Datos de programa\DownSave\z.dll
File name: z.dllSize: 427.52 KB (427520 bytes)
MD5: 4f0e57d09310d4f684cd65f454130460
Detection count: 3
File type: Dynamic link library
Mime Type: unknown/dll
Path: %ALLUSERSPROFILE%\Datos de programa\DownSave
Group: Malware file
Last Updated: May 28, 2014
More files
Registry Modifications
The following newly produced Registry Values are:
HKEY..\..\..\..{RegistryKeys}SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{5E89CCA9-B9B8-FC18-23F6-0EA90BFF2507}SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{6A471BE0-7449-CF10-6F5A-A3EDE81789E6}HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}{E5B7E1B4-21FC-6765-A3D7-BA0416DC6AF7}
HKEY..\..\..\..{RegistryKeys}SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{5E89CCA9-B9B8-FC18-23F6-0EA90BFF2507}SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{6A471BE0-7449-CF10-6F5A-A3EDE81789E6}HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}{E5B7E1B4-21FC-6765-A3D7-BA0416DC6AF7}
Additional Information
The following directories were created:
%ALLUSERSPROFILE%\Application Data\DownSave%ALLUSERSPROFILE%\DownSave%ALLUSERSPROFILE%\DowunSave%PROGRAMFILES%\DownSave%PROGRAMFILES(x86)%\DownSave
The following URL's were detected:
DownSaVeDownSavEDownSave
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.