Home / malware Adware:Win32/PriceChop
First posted on 17 December 2014.
Source: MicrosoftAliases :
There are no other names known for Adware:Win32/PriceChop.
Explanation :
Threat behavior
Installation
This threat can create files on your PC, including:
- %ProgramFiles%\pricechhop\s4t.dll
- %ProgramFiles%\pricechhop\s4t.x64.dll
\pricechhop\vyng.exe
Payload
Displays ads that you can't control
This program can show you extra ads. These ads can appear:
- In your web browser: such as search helpers, hover links, and banner ads.
- Outside of your web browser: such as pop ups, balloon ads, and toast notifications.
These advertisements would not be shown if this program wasn't installed on your PC.
Creates an uninstaller
This threat can create an uninstaller by modifying the registry. For example:
In subkey: HKLM\software\microsoft\windows\currentversion\uninstall\{fdb962f0-b5b8-9460-d12f-7966e97baa43}
Sets value: "UninstallString"
With data: ""\pricechhop\vyng.exe" /s /n /i:"executecommands;uninstallcommands" "%ALLUSERSPROFILE%\application data\pricechhop\vyng.exe""
Additional information
This threat can create a mutex on your PC. For example:
- Global\{60430AFC-AA55-41bd-94C6-E2020CE1C711}
It might use this mutex as an infection marker to prevent more than one copy of the threat running on your PC.
This malware description was published using automated analysis of file SHA1 2308fd206bb92520c53d57a3aa1b96d34b783dd6. Symptoms
The following can indicate that you have this threat on your PC:
- You see these files:
- %ProgramFiles%\pricechhop\s4t.dll
- %ProgramFiles%\pricechhop\s4t.x64.dll
\pricechhop\vyng.exe
- You see registry modifications such as:
- In subkey: HKLM\software\microsoft\windows\currentversion\uninstall\{fdb962f0-b5b8-9460-d12f-7966e97baa43}
Sets value: "UninstallString"
With data: ""\pricechhop\vyng.exe" /s /n /i:"executecommands;uninstallcommands" "%ALLUSERSPROFILE%\application data\pricechhop\vyng.exe""
- You see a mutex such as:
- Global\{60430AFC-AA55-41bd-94C6-E2020CE1C711}
Last update 17 December 2014
