Played around with an adware called SaveNet this evening. The screenshot below explains what types of ads SaveNet will show:
Basically you’ll see SaveNet coupons while you browse the web.
If you have SaveNet on your machine, you may also see a file called SN.Booster.exe in the Task Manager. SN.Booster.exe will also run as a service:
You’ll also see a Browser Helper Object and a Mozilla Firefox extension when scanning your computer with FreeFixer. The nasty thing about SaveNet is that it will use some sort of semi-random names displayed in Mozilla, Internet Explorer and the Programs and Features dialog. I’ve seen names such as:
- saVe neut
- ssave net
- saveE! neot
- save. net
- Save net
- SNT
- savve noeT
- Y**t*beAdblocker
- saVVE Net
- saVe neut
- ssave net
- saveE! neot
- savve noeT
- SN.Booster
- SN.Sustainer 1.80
What names did you see? Please share by posting a comment.
Luckily it’s pretty easy to remove SaveNet with FreeFixer. Just select the SaveNet files and click Fix and the problem will be gone. You might need to restart your machine to complete the removal.
So, what does the anti-virus programs say about SaveNet? Here’s the detections for SN.Booster.exe:
- Avast Win32:Agent-ASOC [Adw] 20140419
- ESET-NOD32 Win32/TrojanDownloader.Agent.AFD 20140419
- Qihoo-360 Win32/Trojan.Downloader.ec6 20140419
- TotalDefense Win32/Tnega.VeAcWa 20140419
- Kingsoft Win32.Troj.Generic.a.(kcloud) 20140419
- F-Prot W32/Trojan2.OBQW 20140419
- Commtouch W32/Trojan.ZIUW-3330 20140419
- Fortinet W32/Agent.AFD!tr.dldr 20140418
- Bkav W32.SauseiLTAR.Trojan 20140418
- Comodo TrojWare.Win32.TrojanDownloader.Agent.AFD 20140419
- Jiangmin TrojanDownloader.Adload.vxu 20140419
- CAT-QuickHeal TrojanDownloader.Adload.dsd.cw4 20140418
- VBA32 TrojanDownloader.Adload 20140418
- AhnLab-V3 Trojan/Win32.Agent 20140419
- TheHacker Trojan/Downloader.Agent.afd 20140419
- ViRobot Trojan.Win32.S.Agent.729600.B 20140419
- VIPRE Trojan.Win32.Generic!BT 20140419
- NANO-Antivirus Trojan.Win32.Agent.cojdgu 20140419
- Baidu-International Trojan.Win32.Agent.50 20140418
- Symantec Trojan.Gen.2 20140419
- ByteHero Trojan.Exception.gen.101 20140419
- DrWeb Trojan.DownLoad3.30962 20140419
- Agnitum Trojan.DL.Adload!sfG54tBszYg 20140418
- Ad-Aware Trojan.Agent.WDCR.C 20140419
- BitDefender Trojan.Agent.WDCR.C 20140419
- F-Secure Trojan.Agent.WDCR.C 20140419
- GData Trojan.Agent.WDCR.C 20140419
- MicroWorld-eScan Trojan.Agent.WDCR.C 20140419
- nProtect Trojan.Agent.WDCR.C 20140418
- Kaspersky Trojan-Downloader.Win32.Adload.dyhq 20140419
- Emsisoft Trojan-Downloader.Win32.Adload (A) 20140419
- Ikarus Trojan-Downloader.Adload 20140419
- K7AntiVirus Trojan-Downloader ( 0048ec4f1 ) 20140418
- K7GW Trojan-Downloader ( 0048ec4f1 ) 20140418
- TrendMicro TROJ_DLOADER.ADFK 20140419
- TrendMicro-HouseCall TROJ_DLOADER.ADFK 20140419
- Sophos Troj/Agent-AFFX 20140419
- Panda Trj/WLT.A 20140419
- AntiVir TR/Downloader.A.988 20140419
- Norman Suspicious_Gen4.FKQEC 20140419
- McAfee RDN/Downloader.a!oi 20140419
- McAfee-GW-Edition RDN/Downloader.a!oi 20140419
- Malwarebytes PUP.Optional.MultiPlug.A 20140419
- AVG Downloader.Generic13.BRBQ 20140419
There are entries to uninstall SaveNet in the Programs and Features dialog. In my case, they appear as SN-Booster, SN-Sustainer, SNT and Y**tubeAdBlocker. What names did SaveNet use on your computer?
Did this help you remove SaveNet? Please let me know by posting a comment.