Should I block it?
90% of PCs block this file from running.
Possible reason:
Multiple malware detections
Additional versions
Relationships
VKSaver.exe
VKSaver by AudioVkontakte.ru
| Version: | 3.3.130706.1458 |
| MD5: | 810bb055fde9cf800cceb3197921928f |
| SHA1: | 874948b717c94c78434bf9204fa42ccdf62a6275 |
| SHA256: | dccc3e31c1dcac713836b7004c1cd5789b9f380035cce619da27c1d2dde6f733 |
Warning 8 antivirus scanners has detected malware.
Overview
vksaver.exe is malware that executes as a process with the local user's privileges. It is set to be start when the PC boots and any user logs into Windows (added to the Run registry key for the all users under the local machine).
Details
| File name: | vksaver.exe |
| Publisher: | AudioVkontakte.ru |
| Product name: | VKSaver |
| Description: | VKSaver tray proxy for saving music from vkontakte.ru |
| Typical file path: | C:\ProgramData\vksaver\vksaver.exe |
| File version: | 3.3.130706.1458 |
| Size: | 128 KB (131,072 bytes) |
| Build date: | 7/6/2013 3:46 PM |
| Digital DNA |
| File packed: | No |
| .NET CLR: | No |
More details
Behaviors
Startup files (all users) run
Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
- 'VKSaver' → C:\ProgramData\VKSaver\VKSaver.exe
Scheduled tasks
- The task 'VKSaverUpdate' runs on boot in the path 'C:\WINDOWS\Tasks\VKSaverUpdate.job'
- Entry path '\VKSaverUpdate'
Scheduled tasks startups
Set to load on user login (bypasses Windows UAC if enabled)
- Login entry path '\VKSaverUpdate'
Malware detections
Based on 40+ industry antivirus scanners, 8 of them detected the following malware.
| Antivirus engine | Engine version | Detection |
| AVG |
13.0.0.3169 |
Proxy.BAJJ |
| Ikarus |
T3.1.5.4.0 |
Trojan-Proxy.BAJJ |
| McAfee |
5.600.1067 |
Artemis!810BB055FDE9 |
| McAfee Gateway Anti-Malware |
v2013-dat |
Heuristic.BehavesLike.Win32.Suspicious-BAY.K |
| Norman |
7.02.06 |
Horst.gen30 |
| The Hacker |
6.8.0.4.335 |
Posible_Worm32 |
| Trend Micro HouseCall |
9.700.0.1001 |
TROJ_GEN.R0C1H01G613 |
| VIPRE Antivirus |
21838 |
Trojan.Win32.Generic!BT |
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
| CPU |
| Total CPU: | 0.00057189% | |
| Kernel CPU: | 0.00056775% | |
| User CPU: | 0.00000414% | |
| Kernel CPU time: | 4,368,028 ms/min | |
| Context switches: | 28/sec | |
| Memory |
| Private memory: | 8.16 MB | |
| Private (maximum): | 14.4 MB | |
| Private (minimum): | 5.97 MB | |
| Non-paged memory: | 8.16 MB | |
| Virtual memory: | 94.04 MB | |
| Virtual memory (peak): | 356.54 MB | |
| Working set: | 11.57 MB | |
| Working set (peak): | 19.68 MB | |
| Resource allocations |
| Threads: | 14 | |
| Handles: | 2250 | |
| GUI GDI count: | 18 | |
| GUI GDI peak: | 20 | |
| GUI USER count: | 7 | |
| GUI USER peak: | 7 | |
Process properties
| Integrety level: | Undefined |
| Platform: | 64-bit |
| Command line: | "C:\ProgramData\vksaver\vksaver.exe" |
| Owner: | User |
Distribution by Windows OS
| OS version | distribution |
| Windows 7 Home Basic |
38.46% |
|
| Windows 7 Ultimate |
15.38% |
|
| Microsoft Windows XP |
15.38% |
|
| Windows 7 Home Premium |
15.38% |
|
| Windows 8.1 Single Language |
7.69% |
|
| Windows 7 Professional |
7.69% |
|
Distribution by country
Russia installs about 46.15% of VKSaver.
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| Lenovo |
66.67% |
|
| ASUS |
13.33% |
|
| Hewlett-Packard |
6.67% |
|
| American Megatrends |
6.67% |
|
| Acer |
6.67% |
|
