Adware.GorillaPrice

Short bio

Adware.GorillaPrice is Malwarebytes' detection for standalone installers of a family of adwarethat use a service and several browser extensions to show advertisements on the affected Windows computer.

Symptoms

Systems on which Adware.GorillaPrice is active may notice advertisements both in newly-opened tabs as well as advertisements in open tabs not originating from the sites that are open.

Protection

Malwarebytes blocks Adware.GorillaPrice

Remediation

Malwarebytes can detect and remove Adware.GorillaPrice without further user interaction.

1. Please download Malwarebytesto your desktop.
2. Double-click MBSetup.exeand follow the prompts to install the program.
3. When your Malwarebytes for Windowsinstallation completes, the program opens to the Welcome to Malwarebytes screen.
4. Click on the Get started button.
5. Click Scan to start a Threat Scan.
6. Click Quarantineto remove the found threats.
7. Reboot the system if prompted to complete the removal process.

Malwarebytes removal log

An example of a Malwarebytes removal log from a system affected by Adware.GorillaPrice:

Malwarebyteswww.malwarebytes.com-Log Details-Scan Date: 5/24/17Scan Time: 8:59 AMLog File: mbamSavingsCool.txtAdministrator: Yes-Software Information-Version: 3.1.2.1733Components Version: 1.0.122Update Package Version: 1.0.2009License: Premium-System Information-OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser:{computername}\{username}-Scan Summary-Scan Type: Threat ScanResult: CompletedObjects Scanned: 332294Threats Detected: 12Threats Quarantined: 12Time Elapsed: 1 min, 22 sec-Scan Options-Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: Enabled-Scan Details-Process: 1Adware.GorillaPrice, C:\PROGRAMDATA\MICROSOFT\WINDOWS\NETWORKCACHEMANAGER\NTCACHE.EXE, Quarantined, [1652], [401367],1.0.2009Module: 1Adware.GorillaPrice, C:\PROGRAMDATA\MICROSOFT\WINDOWS\NETWORKCACHEMANAGER\NTCACHE.EXE, Quarantined, [1652], [401367],1.0.2009Registry Key: 3Adware.GorillaPrice, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ntcache, Delete-on-Reboot, [1652], [401367],1.0.2009Adware.SavingsCool.PrxySvrRST, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SavingsCool, Delete-on-Reboot, [970], [351594],1.0.2009Adware.SavingsCool.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Delete-on-Reboot, [970], [-1],0.0.0Registry Value: 4Adware.SavingsCool.PrxySvrRST, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Delete-on-Reboot, [970], [-1],0.0.0Adware.SavingsCool.PrxySvrRST, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Delete-on-Reboot, [970], [-1],0.0.0Adware.SavingsCool.PrxySvrRST, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Delete-on-Reboot, [970], [-1],0.0.0Adware.SavingsCool.PrxySvrRST, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Delete-on-Reboot, [970], [-1],0.0.0Registry Data: 0(No malicious items detected)Data Stream: 0(No malicious items detected)Folder: 0(No malicious items detected)File: 3Adware.GorillaPrice, C:\PROGRAMDATA\MICROSOFT\WINDOWS\NETWORKCACHEMANAGER\NTCACHE.EXE, Delete-on-Reboot, [1652], [401367],1.0.2009Adware.GorillaPrice, C:\USERS\{username}\DESKTOP\NTCACHE.EXE, Delete-on-Reboot, [1652], [401367],1.0.2009Adware.GorillaPrice, C:\USERS\{username}\DESKTOP\NSIS.EXE, Delete-on-Reboot, [1652], [401367],1.0.2009Physical Sector: 0(No malicious items detected)(end)