Should I block it?

98%

Yes, 98% block recommendation.

Possible reasons:

Multiple malware detections

Performance resource utilization

Additional versions

1.1.151.54	50.00%
1.1.151.48	50.00%

Relationships

PE file structure

Show functions

Import table

advapi32.dll

RegQueryValueExA, GetSidSubAuthorityCount, GetTokenInformation, OpenProcessToken, RegCreateKeyExA, RegCloseKey, RegSetValueExA, RegEnumValueA, RegEnumKeyExA, RegQueryInfoKeyW, RegDeleteValueA, RegDeleteKeyA, RegOpenKeyExA, LookupPrivilegeValueA, AdjustTokenPrivileges, GetSidSubAuthority

comctl32.dll

ImageList_GetImageCount, ImageList_Remove, ImageList_ReplaceIcon

gdi32.dll

CreateFontA, SelectObject, GetTextExtentPoint32A, DeleteObject, GetObjectA

gdiplus.dll

GdipDrawPath, GdipSetInterpolationMode, GdipGetImageGraphicsContext, GdipCreatePathGradientFromPath, GdipWindingModeOutline, GdipAddPathEllipseI, GdipAddPathRectangleI, GdipSetStringFormatTrimming, GdipSetStringFormatAlign, GdipCreateSolidFill, GdipCreateHICONFromBitmap, GdipCreateBitmapFromScan0, GdipCreateBitmapFromStreamICM, GdipCreateBitmapFromStream, GdipCreateFontFromDC, GdipGetImageHeight, GdipGetImageWidth, GdipDisposeImage, GdipGraphicsClear, GdipDeleteGraphics, GdipSetPathGradientFocusScales, GdipSetPathGradientSurroundColorsWithCount, GdipGetPathGradientPointCount, GdipSetPathGradientCenterColor, GdipDeletePath, GdipCreatePath, GdipDeleteStringFormat, GdipCreateStringFormat, GdipDeletePen, GdipCreatePen1, GdipDeleteBrush, GdipAlloc, GdipFree, GdipFillPath, GdipCreateFontFromLogfontA, GdipCloneBitmapAreaI, GdipCloneBrush, GdipDrawString, GdipMeasureString, GdipCloneImage, GdipDeleteFont, GdipDrawImageRectI, GdiplusShutdown, GdipGetImagePixelFormat, GdiplusStartup

kernel32.dll

CreateThread, GetCurrentThreadId, GetCurrentProcessId, lstrlenW, EnterCriticalSection, LeaveCriticalSection, GetModuleFileNameA, GetProcAddress, LoadLibraryA, GetLastError, ReleaseMutex, OpenMutexA, CreateMutexA, Sleep, SetEvent, CreateEventA, RaiseException, FlushInstructionCache, GetCurrentProcess, SetLastError, LocalFree, FormatMessageA, GetModuleHandleA, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, GlobalFlags, GlobalFree, GlobalUnlock, GlobalLock, GlobalAlloc, UnmapViewOfFile, MapViewOfFile, OpenFileMappingA, CreateFileMappingA, lstrcpyA, LocalAlloc, InitializeCriticalSection, WriteFile, ReadFile, SetFilePointer, GetFileSize, CreateFileA, lstrcmpiA, IsDBCSLeadByte, FreeLibrary, SizeofResource, LoadResource, FindResourceA, LoadLibraryExA, GetExitCodeProcess, CreateRemoteThread, VirtualFreeEx, WriteProcessMemory, WaitForSingleObject, OpenProcess, Process32Next, CreateToolhelp32Snapshot, WideCharToMultiByte, GetVersion, MoveFileExA, GetTempPathA, CopyFileExA, ExpandEnvironmentStringsA, LoadLibraryW, GetTickCount, QueryPerformanceCounter, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetTimeZoneInformation, LCMapStringW, GetFileType, SetHandleCount, FlushFileBuffers, GetConsoleMode, GetConsoleCP, ExitProcess, HeapSize, GetStringTypeW, GetLocaleInfoW, GetModuleFileNameW, GetStdHandle, IsProcessorFeaturePresent, HeapCreate, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TlsFree, TlsSetValue, TlsGetValue, TlsAlloc, IsValidCodePage, GetOEMCP, GetACP, GetCPInfo, GetStartupInfoW, HeapSetInformation, GetCommandLineA, HeapReAlloc, VirtualQuery, GetSystemInfo, GetModuleHandleW, VirtualAlloc, CloseHandle, OutputDebugStringA, DebugBreak, InterlockedIncrement, VirtualAllocEx, MultiByteToWideChar, lstrlenA, InterlockedDecrement, GetUserDefaultLCID, GetLocaleInfoA, EnumSystemLocalesA, IsValidLocale, InterlockedExchange, SetStdHandle, WriteConsoleW, CreateFileW, SetEndOfFile, GetProcessHeap, CompareStringW, SetEnvironmentVariableA, LCMapStringA, InterlockedCompareExchange, InterlockedPushEntrySList, VirtualProtect, HeapAlloc, GetLocalTime, GetSystemTimeAsFileTime, RtlUnwind, EncodePointer, DecodePointer, HeapFree, VirtualFree, InterlockedPopEntrySList, GetStringTypeExA, TerminateProcess, FindClose, FindNextFileA, FindFirstFileA, CreateDirectoryA, RemoveDirectoryA, MoveFileA, DeleteFileA

ole32.dll

CoInitialize, CoUninitialize, CoTaskMemRealloc, CoTaskMemFree, CoCreateInstance, CLSIDFromProgID, CoTaskMemAlloc, CreateStreamOnHGlobal

oleacc.dll

AccessibleObjectFromWindow

shell32.dll

SHGetFolderPathA, ShellExecuteExA

urlmon.dll

URLDownloadToCacheFileA

user32.dll

CharLowerA, MessageBoxA, PostMessageA, CharNextA, SetWindowLongA, GetClassInfoExA, LoadCursorA, DefWindowProcA, RegisterClassExA, CreateWindowExA, GetWindowLongA, CallWindowProcA, UnregisterClassA, GetDesktopWindow, GetWindowThreadProcessId, DestroyIcon, InvalidateRect, SendMessageA, GetWindowRect, ReleaseDC, LoadStringA, SetWindowPos, GetParent, FindWindowExA, UnhookWindowsHookEx, CallNextHookEx, SetWindowsHookExA, SetTimer, KillTimer, DispatchMessageA, TranslateMessage, GetMessageA, GetWindowTextA, EnumWindows, GetForegroundWindow, SetFocus, BringWindowToTop, SetForegroundWindow, AttachThreadInput, IsWindowVisible, GetDC, wvsprintfA, DestroyWindow

wininet.dll

HttpOpenRequestA, InternetConnectA, InternetCrackUrlA, InternetOpenA, InternetGetCookieA, InternetSetCookieA, InternetSetOptionA, HttpSendRequestA, HttpQueryInfoA, InternetReadFile, InternetCloseHandle

vid-saver-bg.exe

Vid-Saver by Awesome Apps (Signed)

Remove vid-saver-bg.exe

Version:	1.1.151.54
MD5:	648fceb7244e09105402a1b176a4559b
SHA1:	26935bbafe7b30872e401b39c83c97a4e49fea18
SHA256:	90bcf8336ffa9a834c5f828b35295c3c9a618de5ff8a052e56dfb0313c059cb0

Warning 4 antivirus scanners has detected malware.

What is vid-saver-bg.exe?

Vid-Saver exe (vid-saver-bg.exe) is a background process that is loaded with Internet Explorer via the Vid-Saver BHO. Vid-Saver is an adware type program that has causes serious performance issues to your PC by installing a number of plug-ins and add-ins to your web browser and Windows. It injects ads directly by modifying web pages based on your surfing habits.

About vid-saver-bg.exe (from Awesome Apps)

“With Vid-Saver, you can quickly download and save your favorite streaming videos for offline watching! Transfer videos to your mobile devices to watch on the go, or watch from your computer without th”

Details

File name:	vid-saver-bg.exe
Publisher:	215 Apps
Product name:	Vid-Saver
Description:	Vid-Saver exe
Typical file path:	C:\Program Files\vid-saver\vid-saver-bg.exe
Original name:	Vid-Saver.exe
File version:	1.1.151.54
Size:	926.38 KB (948,608 bytes)
Certificate
Issued to:	Awesome Apps
Authority (CA):	Thawte
Expiration date:	Thursday, August 29, 2013
Digital DNA
PE subsystem:	Windows GUI
File packed:	No
.NET CLR:	No

More details

Network connections

[UDP] listens on port 56971

Malware detections

Based on 40+ industry antivirus scanners, 4 of them detected the following malware.

Antivirus engine	Engine version	Detection
AVG	2014.0.3629	Suspicion: unknown virus
Symantec	20121.3.0.76	WS.Reputation.1
Trend Micro HouseCall	9.700.0.1001	TROJ_GEN.RCBH1LE
VIPRE Antivirus	15194	GamePlayLabs (v)

Resource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)

Averages

CPU
Total CPU:	0.18204548%	0.028634%
Kernel CPU:	0.09987298%	0.013761%
User CPU:	0.08217249%	0.014873%
Kernel CPU time:	1,853 ms/min	100,923,805ms/min
Context switches:	12/sec	284/sec
Memory
Private memory:	6.66 MB	21.59 MB
Private (maximum):	7.22 MB
Private (minimum):	5.63 MB
Non-paged memory:	6.66 MB	21.59 MB
Virtual memory:	81.97 MB	140.96 MB
Virtual memory (peak):	86.98 MB	169.69 MB
Working set:	4.76 MB	18.61 MB
Working set (peak):	13.98 MB	37.95 MB
Resource allocations
Threads:	8	12
Handles:	225	600
GUI GDI count:	9	103
GUI GDI peak:	11	142
GUI USER count:	5	49
GUI USER peak:	8	71

Process properties

Integrety level:	Low
Platform:	32-bit
Command line:	"C:\Program Files\vid-saver\vid-saver-bg.exe" /createbg
Owner:	User
Parent process:	iexplore.exe (by Microsoft)

Distribution by Windows OS

OS version	distribution
Windows 7 Ultimate N	100.00%

Distribution by country

United States installs about 100.00% of Vid-Saver.

Remove Adware and Spyware Programs, FREE Download!