savetubevideo.com
3 years ago
small-community-1

SAVETUBE Video downloader is Trojan Virus/Hijacker

The programs from this website are malcious and install Trojan Hijackers and redirect to Veerboo.com, google-net.com and always randomly popup windows. Th eprogram is NO WAY safe nor should it be installed

avoid http://www.savetubevideo.com/

http:// www.savetubevideo.com/ software/ youtube-downloader.exe download is dangerous

I have tested this program with and found adware, hijackers, trojan, spyware, and is fully suspicious
Adware.SkyMediaPack
Redir.GSearch
Adware.SkyLab

Norton Antivirus program does not detect the Trojan dll js bho & registry entries. Malwarebytes Antispyware was the only program to have picked all infections up in the scan I did after testing the SAVETUBE downloader

AFTER UN-insalling SaveTubeVideo
the Trojan Adware hijacker remains. This is what is found after UN-install

Registry Keys Infected:
HKEY_CLASSES_ROOT\minbho.showbarobj (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{27ba317e-7bbd-4ebe-a06a-47f076d9d6f7} (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2574231f-9d6f-4b0e-9041-5dd7484564ad} (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2863e737-dd3f-4280-9af8-e9e79c16f312} (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2863e737-dd3f-4280-9af8-e9e79c16f312} (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2863e737-dd3f-4280-9af8-e9e79c16f312} (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2863e737-dd3f-4280-9af8-e9e79c16f312} (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minbho.showbarobj.1 (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\searchbho.csearchbho (Redir.GSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{a1a1e70d-58c5-4349-83b6-be9682b9874d} (Redir.GSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4bf423f5-1689-4003-8a05-829048c7d869} (Redir.GSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d7be8ed1-b138-48fd-bb22-9779a39130b1} (Redir.GSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{d7be8ed1-b138-48fd-bb22-9779a39130b1} (Redir.GSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d7be8ed1-b138-48fd-bb22-9779a39130b1} (Redir.GSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d7be8ed1-b138-48fd-bb22-9779a39130b1} (Redir.GSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\searchbho.csearchbho.1 (Redir.GSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{f334c7b0-8774-4d5b-bd7a-4f448d03a1ae} (Adware.SkyLab) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f334c7b0-8774-4d5b-bd7a-4f448d03a1ae} (Adware.SkyLab) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{70ef8b2a-3a34-4913-aafc-5a2827e0b1b1} (Adware.SkyLab) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ad49ce2b-b922-4e2a-aad9-c1565855c7bc} (Adware.SkyLab) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c91bcf48-598c-48bc-a4a7-192cefc9068a} (Adware.SkyLab) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\SkyMedia (Adware.SkyMedia) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{f334c7b0-8774-4d5b-bd7a-4f448d03a1ae} (Adware.SkyLab) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\SaveTubeVideo.com (Adware.SkyLab) -> Quarantined and deleted successfully.
C:\Program Files\SaveTubeVideo.com\SaveTubeVideo (Adware.SkyLab) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\SaveTubeVideo.com\SaveTubeVideo\MinBHO.dll (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qwj4eufs.default\extensions\SearchHelper\SearchBHO.dll (Redir.GSearch) -> Quarantined and deleted successfully.
C:\Program Files\SaveTubeVideo.com\SaveTubeVideo\SaveTubeVideo.dll (Adware.SkyLab) -> Quarantined and deleted successfully.
C:\Users\User\Downloads\youtube-downloader.exe (Adware.SkyLab) -> Quarantined and deleted successfully.
C:\Program Files\SaveTubeVideo.com\SaveTubeVideo\transport_dll.dll (Adware.SkyLab) -> Quarantined and deleted successfully