luckysave.exe
Smartbar by Smartbar
Warning 20 antivirus scanners has detected malware in various versions of luckysave.exe.
Overview
luckysave.exe has 3 known versions, the most recent one is 1.6.1.795. luckysave.exe is run as a standard windows process with the logged in user's account privileges. By adding a startup entry to the run registry key, the file will be executed when the user logs into Windows. The average file size is about 13.5 KB. This is a .NET Common Language Runtime (CLR) assembly. During the process's lifecycle, the typical CPU resource utilization is less than 0.01%, the average private memory consumption is about 60.9 MB with the maximum memory reaching around 64.79 MB. Addionally, typically read and write I/O disk operations is about 11.14 MB per minute for reads and 17.89 KB per minute for writes.
What is luckysave.exe?
Smartbar (Snap.Do) is a web browser addin/toolbar with Internet Explorer, Chrome and Firefox. Snap.Do provides social integration features for Facebook and Twitter. Privacy Policy: In order to facilitate, refine, personalize and match the identification and presentation of our products results to your browsing preferences and habits, we collect information regarding your use of our Product including URL and information of websites you browse while Smartbar is installed.
About luckysave.exe (from Smartbar)
“Snap.do works on all 3 major web browsers – Google Chrome, Mozilla Firefox and Internet Explorer. Simply get it now to start snapping! Snap.do will always be there when you need it. Once you got it yo”
 Details
|
| File name: | luckysave.exe |
| Publisher: | Smartbar |
| Product name: | Smartbar |
| Typical file path: | C:\users\user\appdata\local\smartbar\application\luckysave.exe |
| Original name: | Smartbar.exe |
Behaviors
(Note, the behaviors below are for all versions of luckysave.exe, select a unique version for details.)
Startup files (user) run
Runs under the registry key 'HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
- 'Browser Infrastructure Helper' → C:\users\user\appdata\Local\Smartbar\Application\Luckysave.exe startup
Malware detections
Based on 40+ industry antivirus scanners, 20 of them detected the following malware.
| Antivirus engine | Engine version | Detection | File version |
| Avira AntiVir |
7.11.72.194 |
Adware/Agent.13824.4 |
1.6.1.795 |
| BitDefender |
7.2 |
Adware.Generic.411007 |
1.6.1.795 |
| Comodo Internet Security |
15941 |
ApplicUnwnt |
1.6.1.795 |
| Dr.Web |
8.13.8.11 |
Trojan.MulDrop4.24551 |
1.6.1.795 |
| Emsisoft Anti-Malware |
3.0.0.575 |
Adware.MSIL.Agent.AMN (A) |
1.6.1.795 |
| ESET NOD32 |
7.7969 |
a variant of Win32/Toolbar.Linkury.A |
1.6.1.708 |
| ESET NOD32 |
7.8231 |
a variant of Win32/Toolbar.Linkury.A |
1.6.1.795 |
| Fortinet |
5.0.26.0 |
Adware/MSIL_Agent |
1.6.1.708 |
| Fortinet |
5.0.43.0 |
Adware/MSIL_Agent |
1.6.1.795 |
| F-Secure |
11.0.19020.35 |
Adware.Generic.411007 |
1.6.1.795 |
| G Data |
13.8.22 |
Adware.Generic.411007 |
1.6.1.795 |
| Ikarus |
T3.1.4.0.0 |
not-a-virus:AdWare.MSIL |
1.6.1.795 |
| Kaspersky |
9.0.0.837 |
not-a-virus:AdWare.MSIL.Agent.af |
1.6.1.708 |
| Kingsoft |
2013.4.9.267 |
Win32.Troj.Generic.a.(kcloud) |
1.6.1.795 |
| eScan by MicroWorld |
12.0.250.0 |
Adware.Generic.411007 |
1.6.1.795 |
| Panda Antivirus |
10.0.3.5 |
Suspicious file |
1.6.1.708 |
| Trend Micro HouseCall |
9.700.0.1001 |
TROJ_GEN.RCBH1B3 |
1.6.1.708 |
| Trend Micro HouseCall |
9.700.0.1001 |
TROJ_GEN.R47H1BH |
1.6.1.795 |
| Vba32 AntiVirus |
3.12.20.2 |
AdWare.MSIL.Agent |
1.6.1.795 |
| VIPRE Antivirus |
16888 |
Adware.Linkury (fs) |
1.6.1.795 |
All file variations of luckysave.exe
