Forums Security analysis DownSave, Potentially unwanted software (PUP/LPI)

Keywords : , , ,

Viewing 1 Message (on 1 total)
  • Author
    Messages
  • Nicolas CoolmanNicolas Coolman
    • Administrator
    @nicocoolmann
    Nombre d'articles : 1323

    The program DownSave ranks in the category of the Optionnels software potentially unwanted (LPI/PUP).

    LPIs, or PUP, usually install as a program or as a browser extension and are loaded with each start of the operating system.

    Potentially unwanted software (PUP/LPI) can launch services, Start scheduled tasks and create shortcuts on your desktop. All these operations are carried out with or without your consent under the terms of his contract of use. Once installed, a LPI may change some settings in your browsers, like for example the pages of research, the start page or even your error page. It can collect your browsing habits and communicate them to a server by the method of tracking. During navigation it can display ads (coupons) and banner ads (popups). The goal of this program is often to win money by generating Web traffic to sponsored sites.

    Potentially unwanted software (LPI)

    Potentially unwanted software (LPI) or potentially Unwanted Programs (PUP) are the cause of many infections.
    The most frequently encountered example is adware InstallCore, CrossRider, Graftor or Boxore pollute your data storage units and the Base of records. They usually settled without your knowledge via freeware download. In fact some sites use the repaquetage method, an operation that is to repeat the installation of the software module by adding download options. These options allow you to add other software as for example browser tool bars, the adware, potentially unwanted software, intrusive ads software, and even browser hijackers.

    Spyware (spyware) and adware (Adware) unwanted, as malware, can use the vulnerabilities of writing the legitimate software or operating systems. It is therefore essential to have official software and that they have an automatic update. Your Windows operating system must be programmed in mode update automatic and active, in order to have the latest updates of critical security vulnerabilities.

    Main shares :
    It installs a program extension for Google Chrome browser (G2),
    It installs an extension for the Mozilla Firefox browser program (M2),
    It installs as a Browser Helper Object (BHO) internet browser (O2),
    – He moved as the AppInit_DLLs registry value (O20),
    It starts a scheduled automatic task (Ø38),
    He settled as a program (O42)
    Add additional folders (O43),
    Registration in the Windows prefetcher folder (O45)

    Overview ZHPDiag :
    O2 – BHO: DoWnSSave [64Bits] – {393654C4-623D-A285-12C8-D4F1B9B73A1F} . (…) — C:\ProgramData-DoWnSSave-1YAZUAQ.dll
    O42 – Logiciel: DoWnSSave – (.DoWNSaVe.) [HKLM][64Bits] — {AF992111-52BE-832B-5882-8477E4A3C99A}
    O43 – CFD: 09/04/2014 – 20:36:09 – [0] —-D C:\Program Files (x86)\DoWnSSave
    O43 – CFD: 14/04/2014 – 14:01:49 – [] —-D C:\ProgramData-DoWnSSave
    [HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{393654C4-623D-A285-12C8-D4F1B9B73A1F}]
    [HKLMSoftwareClassesCLSID{393654C4-623D-A285-12C8-D4F1B9B73A1F}]
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{393654C4-623D-A285-12C8-D4F1B9B73A1F}]
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{393654C4-623D-A285-12C8-D4F1B9B73A1F}]
    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstall{AF992111-52BE-832B-5882-8477E4A3C99A}]
    C:\Program Files (x86)\DoWnSSave
    C:\ProgramData-DoWnSSave
    C:\ProgramData-DoWnSSave-1YAZUAQ.dll

    Alias :
    Win32/Adware.MultiPlug [ESET Nod32]
    Adware.Win32.FastSaveApp [Microsoft]
    Adware.MegaSearch
    Pup. Multiplug
    Pup. DownSave

    Diagnose with ZHPSuite..  Uninstall with Windows..  Delete with ZHPCleaner..  Delete with Malwarebytes..

Viewing 1 Message (on 1 total)
  • You need to be logged in to answer about it.