SmartSaver+ 12.2

SmartSaver+ 12.2

Known Malware

by Monkey Code Lab

What is SmartSaver+ 12.2?

SmartSaver+ 12.2 is software application developed by Monkey Code Lab. It is most commonly found on computers running Windows 7 with nearly 76.92% of installations running this operating system. SmartSaver+ 12.2's installer is typically 8.00 MB in size and installs around 84 files. The most common release is 1.34.8.12 with 53.85% of all installations currently using this version.

SmartSaver+ 12.2 is most popular in the United States with 27.78% of installations residing in this country.

SmartSaver+ 12.2 adds 6 scheduled tasks to the Windows Task Scheduler launching the program at randomly scheduled times.

Multiple virus scanners have detected malware in SmartSaver+ 12.2.

SmartSaver+ 12.2-codedownloader.exe (MD5: c62775b5f980bcbdb9ad39b484efb502) has been flagged by 17 scanners:
Scanner Software Result
AVG Generic.614
AVware Crossrider (fs)
ESET-NOD32 a variant of Win32/Toolbar.CrossRider.AJ
Kaspersky Trojan.NSIS.GoogUpdate.cq
Kingsoft AntiVirus Win32.Troj.NSIS.cq.(kcloud)
Panda Antivirus Trj/Genetic.gen
Qihoo-360 Win32/Trojan.Multi.daf
Sophos Generic PUA EN
VIPRE Antivirus Crossrider (fs)
Avira ADWARE/CrossRider.Gen2
IKARUS anti.virus PUA.PlusHD
Malwarebytes PUP.Optional.SmartSaver.A
Dr.Web Trojan.Crossrider.28436
G Data Win32.Adware.Crossrider.L
Rising Antivirus PE:Malware.Obscure!1.9C59
Symantec WS.Reputation.1
AhnLab-V3 PUP/Win32.CrossRider
SmartSaver+ 12.2-bho.dll (MD5: 2be0c2cc0a5cd01e3967b6ea1a974d4a) has been flagged by 46 scanners:
Scanner Software Result
Lavasoft Ad-Aware Gen:Application.Heur.Ly9@meiIwGei
Agnitum Outpost PUA.Toolbar.CroRi
AhnLab-V3 PUP/Win32.CrossRider
Antiy-AVL Trojan/NSIS.GoogUpdate
avast! Win32:Crossrider-AK [PUP]
AVG Generic
Avira Adware/CrossRider.pm
AVware Crossrider (fs)
Baidu-International PUA.Win32.CrossRider.bAF
Bitdefender Gen:Application.Heur.Ly9@meiIwGei
Bkav FE W32.HfsAdware
CAT-QuickHeal Trojan.NSIS.r6
Cyren W32/A-ee826839!Eldorado
Dr.Web Trojan.Crossrider.30979
ESET-NOD32 a variant of Win32/Toolbar.CrossRider.AF potentially unwanted
Fortinet FortiGate W32/GoogUpdate.AF!tr
F-Prot W32/A-ee826839
F-Secure Gen:Application.Heur.Ly9@meiIwGei
G Data Gen:Application.Heur.Ly9@meiIwGei
IKARUS anti.virus not-a-virus:WebToolbar.CroRi
Jiangmin Trojan/NSIS.fd
K7 AntiVirus Trojan
K7GW Trojan ( 0049eec71 )
Kaspersky Trojan.NSIS.GoogUpdate
Kingsoft AntiVirus Win32.Troj.NSIS.cq.(kcloud)
Malwarebytes PUP.Optional.SmartSaver.A
McAfee Artemis!2BE0C2CC0A5C
McAfee-GW-Edition BehavesLike.Win32.PUP.hh
MicroWorld-eScan Gen:Application.Heur.Ly9@meiIwGei
NANO AntiVirus Trojan.Win32.Toolbar.dedvif
Panda Antivirus Trj/Chgt.B
Qihoo-360 Win32/Trojan.cf5
Rising Antivirus PE:Malware.Obscure!1.9C59
Sophos AppRider
Symantec PUA.Gen
Tencent Nsis.Trojan.Googupdate.Hvjk
Trend Micro TROJ_GEN.R0C1C0EKL14
TrendMicro-HouseCall TROJ_GEN.R0C1C0EKL14
Vba32 AntiVirus AdWare.Adwapper
VIPRE Antivirus Crossrider (fs)
Zillya Trojan.GoogUpdate.Win32.416
Comodo Security ApplicUnwnt
Emsisoft Anti-Malware Gen:Variant.Adware.Plush.1 (B)
nProtect Trojan/W32.Agent.1932656
Avira AntiVir Adware/CrossRider.pm
Clam AntiVirus Win.Adware.Crossrider-31
e3bfe052-67e6-4664-bfe5-9f5ed8e1d4ea-7.exe (MD5: 710d15829eb6fcd535d3cc2f8524c5fd) has been flagged by 30 scanners:
Scanner Software Result
Avira ADWARE/CrossRider.Gen2
AVware Crossrider (fs)
ESET-NOD32 a variant of Win32/Toolbar.CrossRider.AM
Fortinet FortiGate Riskware/CrossRider
IKARUS anti.virus Trojan.GoogUpdate
Kaspersky Trojan.NSIS.GoogUpdate.da
Kingsoft AntiVirus Win32.Troj.NSIS.da.(kcloud)
Malwarebytes PUP.Optional.SmartSaver.A
McAfee Artemis!710D15829EB6
McAfee-GW-Edition Artemis
NANO AntiVirus Riskware.Win32.Crossrider.derkip
Panda Antivirus Trj/Genetic.gen
Qihoo-360 Win32/Trojan.933
Sophos Generic PUA FK
VIPRE Antivirus Crossrider (fs)
AVG Derzany.BD6
Baidu-International PUA.Win32.CrossRider.bAQ
Clam AntiVirus Win.Adware.Crossrider-31
Dr.Web Trojan.Crossrider.33417
Symantec Adware.Crossid
Lavasoft Ad-Aware Gen:Variant.Adware.Kazy.374109
Bitdefender Gen:Variant.Adware.Kazy.374109
Emsisoft Anti-Malware Gen:Variant.Adware.Kazy.374109 (B)
F-Secure Gen:Variant.Adware.Kazy.374109
G Data Gen:Variant.Adware.Kazy.374109
MicroWorld-eScan Gen:Variant.Adware.Kazy.374109
Rising Antivirus PE:Malware.Obscure!1.9C59
AhnLab-V3 PUP/Win32.CrossRider
Avira AntiVir Adware/CrossRider.pm
F-Prot W32/A-04c00d5a!Eldorado
e3bfe052-67e6-4664-bfe5-9f5ed8e1d4ea-4.exe (MD5: d8dd8366a94f116dfc4bebc5b461306d) has been flagged by 8 scanners:
Scanner Software Result
AhnLab-V3 PUP/Win32.CrossRider
Avira ADWARE/CrossRider.Gen2
AVware Crossrider (fs)
Dr.Web Trojan.Crossrider.31863
Kaspersky Trojan.NSIS.GoogUpdate.da
Malwarebytes PUP.Optional.SmartSaver.A
Panda Antivirus Trj/Genetic.gen
VIPRE Antivirus Crossrider (fs)
dd1f5be3-e05a-4fa9-91f1-ad3b9f7ec51a-7.exe (MD5: 857fdaf3a03305c1639ac698c71132d8) has been flagged by 30 scanners:
Scanner Software Result
AVG Derzany.BD6
Avira ADWARE/CrossRider.Gen2
AVware Crossrider (fs)
ESET-NOD32 a variant of Win32/Toolbar.CrossRider.AM
IKARUS anti.virus Trojan.GoogUpdate
Kaspersky Trojan.NSIS.GoogUpdate.da
Kingsoft AntiVirus Win32.Troj.NSIS.da.(kcloud)
Malwarebytes PUP.Optional.SmartSaver.A
McAfee Artemis!857FDAF3A033
McAfee-GW-Edition Artemis
NANO AntiVirus Riskware.Win32.Crossrider.desldp
Panda Antivirus Trj/Genetic.gen
Qihoo-360 HEUR/Malware.QVM10.Gen
Sophos Generic PUA PI
VIPRE Antivirus Crossrider (fs)
Baidu-International PUA.Win32.CrossRider.bAQ
Clam AntiVirus Win.Adware.Crossrider-31
Dr.Web Trojan.Crossrider.33417
Symantec Adware.Crossid
Lavasoft Ad-Aware Gen:Variant.Adware.Kazy.374109
Bitdefender Gen:Variant.Adware.Kazy.374109
Emsisoft Anti-Malware Gen:Variant.Adware.Kazy.374109 (B)
F-Secure Gen:Variant.Adware.Kazy.374109
G Data Gen:Variant.Adware.Kazy.374109
MicroWorld-eScan Gen:Variant.Adware.Kazy.374109
Rising Antivirus PE:Malware.Obscure!1.9C59
AhnLab-V3 PUP/Win32.CrossRider
Avira AntiVir Adware/CrossRider.pm
Fortinet FortiGate Riskware/CrossRider
F-Prot W32/A-04c00d5a!Eldorado

Software Behaviors

Scheduled tasks:
  • a02d3d04-1c94-40dd-ae32-ee3607b0c20e-7.exe is scheduled as a task named 'a02d3d04-1c94-40dd-ae32-ee3607b0c20e-1'.
  • a02d3d04-1c94-40dd-ae32-ee3607b0c20e-6.exe is scheduled as a task named 'temp_a02d3d04-1c94-40dd-ae32-ee3607b0c20e-6'.
  • a02d3d04-1c94-40dd-ae32-ee3607b0c20e-5.exe is scheduled as a task named 'a02d3d04-1c94-40dd-ae32-ee3607b0c20e-5_user'.
  • a02d3d04-1c94-40dd-ae32-ee3607b0c20e-4.exe is scheduled as a task named 'a02d3d04-1c94-40dd-ae32-ee3607b0c20e-4'.
  • a02d3d04-1c94-40dd-ae32-ee3607b0c20e-2.exe is scheduled as a task named 'temp_a02d3d04-1c94-40dd-ae32-ee3607b0c20e-2'.
  • a02d3d04-1c94-40dd-ae32-ee3607b0c20e-11.exe is scheduled as a task named 'a02d3d04-1c94-40dd-ae32-ee3607b0c20e-11'.

Startup Entries

Startup tasks:
  • SmartSaver+ 12.2-codedownloader.exe is automatically launched at startup through a scheduled task named 890265eb-def9-4ec9-af74-465a51f79a71-1.
  • 890265eb-def9-4ec9-af74-465a51f79a71-5.exe is automatically launched at startup through a scheduled task named 890265eb-def9-4ec9-af74-465a51f79a71-5_user.
  • 890265eb-def9-4ec9-af74-465a51f79a71-4.exe is automatically launched at startup through a scheduled task named 890265eb-def9-4ec9-af74-465a51f79a71-4.
  • 890265eb-def9-4ec9-af74-465a51f79a71-11.exe is automatically launched at startup through a scheduled task named 890265eb-def9-4ec9-af74-465a51f79a71-3.
  • 890265eb-def9-4ec9-af74-465a51f79a71-2.exe is automatically launched at startup through a scheduled task named 890265eb-def9-4ec9-af74-465a51f79a71-2.
  • 64271534-d60a-4474-87de-3c6203088c62-7.exe is automatically launched at startup through a scheduled task named 64271534-d60a-4474-87de-3c6203088c62-1.

Software Details

URL:
https://crossrider.com/install/63107-smartsaver+-12-2
Support:
–
Installation path:
C:\Program Files\smartsaver+ 12.2
Uninstaller:
C:\Program Files\SmartSaver+ 12.2\Uninstall.exe /fcp=1
Size:
8.00 MB
Language:
English

SmartSaver+ 12.2 Executable Details

Primary executable:
utils.exe
Name:
SmartSaver+ 12.2
Path:
C:\Program Files\smartsaver+ 12.2\utils.exe
MD5:
–
SHA-1:
–
SHA-256:
–
Files installed by SmartSaver+ 12.2
File Type Filename MD5
EXE
uninstall.exe
1ba047a432328b8f0bb54aebe4479a58
EXE
utils.exe
a0bdc8051a740904d9e5f24d697f6875
EXE
SmartSaver+ 12.2-codedownloader.exe
Malware
c62775b5f980bcbdb9ad39b484efb502
DLL
SmartSaver+ 12.2-bho64.dll
cca2009e714d82e29ce41b3b74497122
DLL
SmartSaver+ 12.2-bho.dll
Adware
2be0c2cc0a5cd01e3967b6ea1a974d4a
EXE
SmartSaver+ 12.2-bg.exe
b85d7f7eb999ca255b80ef557b8f6b34
EXE
e3bfe052-67e6-4664-bfe5-9f5ed8e1d4ea-7.exe
Malware
710d15829eb6fcd535d3cc2f8524c5fd
EXE
e3bfe052-67e6-4664-bfe5-9f5ed8e1d4ea-6.exe
d56c4aa7aa09fff53ecec6201f4b3441
EXE
e3bfe052-67e6-4664-bfe5-9f5ed8e1d4ea-4.exe
Malware
d8dd8366a94f116dfc4bebc5b461306d
EXE
dd1f5be3-e05a-4fa9-91f1-ad3b9f7ec51a-7.exe
Malware
857fdaf3a03305c1639ac698c71132d8