SecurityHome.eu Adware:Win32/Gisav

Home / malware PDF

Adware:Win32/Gisav

First posted on 15 March 2013.
Source: Microsoft
Aliases :
Adware:Win32/Gisav is also known as Win32/Toolbar.CrossRider (ESET), Gen:Variant.Adware.VidSaver.1 (BitDefender), AppRider (Sophos), Adware.Plugin.14 (Dr.Web).
Explanation :

Installation

This adware is installed on your computer when you visit the program's website. It can also be bundled with some third-party software installation programs.

When run, the installer creates a folder named "giant savings" or "giant savings extension" in %ProgramFiles% and installs an Internet Explorer add-on. This can be seen in Internet Explorer's Manage Add-ons window, as in the following screenshot: The adware also installs extensions for the Firefox and Chrome web browsers. Execution

Once installed, Adware:Win32/Gisav displays "ads" as you browse the Internet, as in the following example:

Analysis by Mihai Calota

Last update 15 March 2013

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20