Deal Spy.dll
Deal Spy by Innovative Apps (Signed)
Warning 17 antivirus scanners has detected malware in various versions of Deal Spy.dll.
Overview
There are 2 versions of deal spy.dll in the wild, the latest version being 1.1.153.8. It is integrated as a plugin to Internet Explorer as a Browser Helper Object, often without any obvious user interface, and will load for each instance of IE. The average file size is about 702.63 KB. The file is a digitally signed and issued to Innovative Apps by Thawte. Some variations of the file have been seen to be installed with the program Deal Spy from 215 Apps.
Details |
File name: | deal spy.dll |
Publisher: | 215 Apps |
Product name: | Deal Spy |
Description: | Deal Spy BHO |
Typical file path: | C:\Program Files\deal spy\deal spy.dll |
Certificate |
Issued to: | Innovative Apps |
Authority (CA): | Thawte |
Effective date: | Tuesday, January 8, 2013 |
Expiration date: | Thursday, January 9, 2014 |
Programs installed in
(Note, the programs listed below are for all versions of Deal Spy.)
Deal Spy from 215 Apps (Amazing Apps, Friendly Apps, and a bunch of other names 50onRed goes by) installs an extension within all the major browsers to view web pages loaded and looks for affiliated m...
Behaviors
(Note, the behaviors below are for all versions of deal spy.dll, select a unique version for details.)
Internet Explorer Browser Helper Object
Located in the registry at 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects'
- BHO CLSID: {11111111-1111-1111-1111-110211621176}
Malware detections
Based on 40+ industry antivirus scanners, 17 of them detected the following malware.
Antivirus engine | Engine version | Detection | File version |
avast! |
8.0.1489.320 |
Win32:Installer-M [Adw] |
1.1.153.8 |
BitDefender |
7.2 |
Gen:Variant.Adware.VidSaver.1 |
1.1.153.8 |
Comodo Internet Security |
16574 |
ApplicUnwnt |
1.1.153.8 |
Emsisoft Anti-Malware |
3.0.0.583 |
Gen:Variant.Adware.VidSaver.1 (B) |
1.1.153.8 |
Emsisoft Anti-Malware |
3.0.0.575 |
Riskware.Win32.Toolbar.CrossRider.AMN (A) |
1.1.153.5 |
ESET NOD32 |
7.8555 |
a variant of Win32/Toolbar.CrossRider.A |
1.1.153.8 |
ESET NOD32 |
7.8265 |
a variant of Win32/Toolbar.CrossRider.A |
1.1.153.5 |
Fortinet |
5.1.146.0 |
Adware/Fam.NB |
1.1.153.8 |
F-Secure |
11.0.19100.45 |
Gen:Variant.Adware.VidSaver.1 |
1.1.153.8 |
G Data |
13.9.22 |
Gen:Variant.Adware.VidSaver.1 |
1.1.153.8 |
Ikarus |
T3.1.4.3.0 |
Win32.SuspectCrc |
1.1.153.8 |
Ikarus |
T3.1.4.0.0 |
AdWare.Win32.CouponCompanion |
1.1.153.5 |
Symantec |
20131.1.0.101 |
WS.Reputation.1 |
1.1.153.8 |
Trend Micro HouseCall |
9.700.0.1001 |
TROJ_GEN.F47V0328 |
1.1.153.8 |
Trend Micro HouseCall |
9.700.0.1001 |
TROJ_GEN.RCBH1CL |
1.1.153.5 |
VIPRE Antivirus |
19506 |
GamePlayLabs (v) |
1.1.153.8 |
VIPRE Antivirus |
17168 |
GamePlayLabs (v) |
1.1.153.5 |
All file variations of deal spy.dll