Should I block it?

90%
90% of PCs block this file from running.
Possible reason:
Multiple malware detections

VersionsAdditional versions

3.3.140513.1589 7.69%
3.3.131004.1527 7.69%
3.3.130726.1469 7.69%
3.3.130706.1458 7.69%
3.3.130610.1369 7.69%
3.2.121229.1266 38.46%
3.2.121229.1266 7.69%
3.1.110425.1262 7.69%
3.1.110425.1262 7.69%

Relationships


PE structurePE file structure

Show functions
Import table
advapi32.dll
LookupPrivilegeValueW, OpenProcessToken, RegCloseKey, RegSetValueExW, RegQueryValueExW, RegOpenKeyExW, AdjustTokenPrivileges
kernel32.dll
HeapFree, HeapReAlloc, GetLastError, GetTickCount, Sleep, CreateProcessW, FindFirstFileW, FindClose, DeleteFileW, GetTempPathW, GetSystemTimeAsFileTime, MoveFileExW, WriteFile, FindResourceW, SizeofResource, LoadResource, LockResource, WaitForSingleObject, CreateMutexW, SetEvent, ExitProcess, FindNextFileW, RemoveDirectoryW, GetVersion, GetCurrentThread, CreateThread, GetCurrentProcessId, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, GetCurrentProcess, OpenProcess, TerminateProcess, ReadFile, InitializeCriticalSection, CreateDirectoryW, GetShortPathNameW, GetModuleFileNameW, CreateEventW, GetCommandLineW, GetCommandLineA, GetVersionExW, OpenMutexW, WriteConsoleW, SetStdHandle, IsProcessorFeaturePresent, GetConsoleMode, GetConsoleCP, SetFilePointer, GetStringTypeW, MultiByteToWideChar, LCMapStringW, WideCharToMultiByte, RtlUnwind, LoadLibraryW, QueryPerformanceCounter, DeleteCriticalSection, GetFileType, GetFileSize, CloseHandle, GetFileTime, CreateFileW, LeaveCriticalSection, EnterCriticalSection, GetProcessHeap, HeapAlloc, InitializeCriticalSectionAndSpinCount, SetHandleCount, GetEnvironmentStringsW, FreeEnvironmentStringsW, FlushFileBuffers, HeapCreate, GetStdHandle, GetCurrentThreadId, SetLastError, TlsFree, TlsSetValue, TlsGetValue, TlsAlloc, IsValidCodePage, GetOEMCP, GetACP, InterlockedDecrement, InterlockedIncrement, GetCPInfo, GetModuleHandleW, GetProcAddress, HeapSize, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetStartupInfoW, HeapSetInformation, DecodePointer, EncodePointer
ole32.dll
CoCreateInstance, CoInitializeEx, CoUninitialize, CoInitializeSecurity
psapi.dll
EnumProcessModules, EnumProcesses, GetModuleBaseNameW
shell32.dll
ShellExecuteExW, Shell_NotifyIconW, SHGetSpecialFolderPathW
user32.dll
LoadIconW, wsprintfW, FindWindowExW, DispatchMessageW, LoadMenuW, GetSubMenu, SetForegroundWindow, GetSystemMetrics, TrackPopupMenuEx, DestroyMenu, MessageBoxW, SendMessageW, SetDlgItemTextW, SetTimer, EndDialog, LoadCursorW, RegisterClassExW, GetCursorPos, DialogBoxParamW, DefWindowProcW, CreateWindowExW, GetMessageW, TranslateMessage
wininet.dll
InternetConnectA, HttpOpenRequestA, InternetOpenA, InternetReadFile, HttpQueryInfoA, HttpSendRequestA, InternetCloseHandle
ws2_32.dll
WSAConnect, WSAResetEvent, getaddrinfo, WSACreateEvent, WSAEventSelect, WSAWaitForMultipleEvents, WSAEnumNetworkEvents, WSACloseEvent, WSAAccept

VKSaver.exe

VKSaver by AudioVkontakte.ru

Remove VKSaver.exe
Version:   3.3.130610.1369
MD5:   5f004fbc662e78de5250a3f7103b5cda
SHA1:   50f8c30bbcabea6821258fcb010c70d914042469
SHA256:   453a39da92764495d212c67e97c97546b4b4a8d3d73121bc62bccab890f532c1
Warning 6 antivirus scanners has detected malware.

Overview

vksaver.exe is malware that executes as a process with the local user's privileges. It is set to be start when the PC boots and any user logs into Windows (added to the Run registry key for the all users under the local machine).

DetailsDetails

File name:vksaver.exe
Publisher:AudioVkontakte.ru
Product name:VKSaver
Description:VKSaver tray proxy for saving music from vkontakte.ru
Typical file path:C:\ProgramData\vksaver\vksaver.exe
File version:3.3.130610.1369
Size:121.5 KB (124,416 bytes)
Build date:6/9/2013 9:19 PM
Digital DNA
File packed:No
.NET CLR:No
More details

BehaviorsBehaviors

Startup files (all users) run
Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
  • 'VKSaver' → C:\ProgramData\VKSaver\VKSaver.exe
Scheduled tasks
  • The task 'VKSaverUpdate' runs on boot in the path 'C:\WINDOWS\Tasks\VKSaverUpdate.job'
  • Entry path '\VKSaverUpdate'
Scheduled tasks startups
Set to load on user login (bypasses Windows UAC if enabled)
  • Login entry path '\VKSaverUpdate'
Network connections
  • [TCP] free.ds (92.63.97.148:80)

  • MalwareMalware detections

    Based on 40+ industry antivirus scanners, 6 of them detected the following malware.
    Antivirus engineEngine versionDetection
    McAfee 5.600.1067 Artemis!5F004FBC662E
    McAfee Gateway Anti-Malware v2013-dat Heuristic.BehavesLike.Win32.Suspicious-BAY.K
    Norman 7.01.04 Horst.gen30
    The Hacker 6.8.0.2.314 Posible_Worm32
    Trend Micro HouseCall 9.700.0.1001 TROJ_GEN.R0CBH0AHM13
    VIPRE Antivirus 20802 Trojan.Win32.Generic!BT

    ResourcesResource utilization

    (Note: statistics below are averages based on a minimum sample size of 200 unique participants)
    Averages
     
    CPU
    Total CPU:0.00005632%
    0.028634%
    Kernel CPU:0.00005632%
    0.013761%
    Kernel CPU time:46,875 ms/min
    100,923,805ms/min
    Memory
    Private memory:2.86 MB
    21.59 MB
    Private (maximum):7.48 MB
    Private (minimum):528 KB
    Non-paged memory:2.86 MB
    21.59 MB
    Virtual memory:71.22 MB
    140.96 MB
    Virtual memory (peak):74.97 MB
    169.69 MB
    Working set:528 KB
    18.61 MB
    Working set (peak):7.5 MB
    37.95 MB
    Resource allocations
    Threads:4
    12
    Handles:176
    600

    BehaviorsProcess properties

    Integrety level:System
    Platform:64-bit
    Command line:C:\ProgramData\vksaver\vksaver.exe -autoupdate
    Owner:User
    Parent process:taskeng.exe (Task Scheduler Engine by Microsoft)

    Windows OS versionsDistribution by Windows OS

    OS versiondistribution
    Windows 7 Home Basic 38.46%
    Windows 7 Ultimate 15.38%
    Microsoft Windows XP 15.38%
    Windows 7 Home Premium 15.38%
    Windows 8.1 Single Language 7.69%
    Windows 7 Professional 7.69%

    Distribution by countryDistribution by country

    Russia installs about 46.15% of VKSaver.

    OEM distributionDistribution by PC manufacturer

    PC Manufacturerdistribution
    Lenovo 66.67%
    ASUS 13.33%
    Hewlett-Packard 6.67%
    American Megatrends 6.67%
    Acer 6.67%
    Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

    Download it for FREE