Adware.GorillaPrice is Malwarebytes' detection for standalone installers of a family of adwarethat use a service and several browser extensions to show advertisements on the affected Windows computer.
Systems on which Adware.GorillaPrice is active may notice advertisements both in newly-opened tabs as well as advertisements in open tabs not originating from the sites that are open.
Malwarebytes can detect and remove Adware.GorillaPrice without further user interaction.
An example of a Malwarebytes removal log from a system affected by Adware.GorillaPrice:
Malwarebyteswww.malwarebytes.com-Log Details-Scan Date: 5/24/17Scan Time: 8:59 AMLog File: mbamSavingsCool.txtAdministrator: Yes-Software Information-Version: 3.1.2.1733Components Version: 1.0.122Update Package Version: 1.0.2009License: Premium-System Information-OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser:{computername}\{username}-Scan Summary-Scan Type: Threat ScanResult: CompletedObjects Scanned: 332294Threats Detected: 12Threats Quarantined: 12Time Elapsed: 1 min, 22 sec-Scan Options-Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: Enabled-Scan Details-Process: 1Adware.GorillaPrice, C:\PROGRAMDATA\MICROSOFT\WINDOWS\NETWORKCACHEMANAGER\NTCACHE.EXE, Quarantined, [1652], [401367],1.0.2009Module: 1Adware.GorillaPrice, C:\PROGRAMDATA\MICROSOFT\WINDOWS\NETWORKCACHEMANAGER\NTCACHE.EXE, Quarantined, [1652], [401367],1.0.2009Registry Key: 3Adware.GorillaPrice, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ntcache, Delete-on-Reboot, [1652], [401367],1.0.2009Adware.SavingsCool.PrxySvrRST, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SavingsCool, Delete-on-Reboot, [970], [351594],1.0.2009Adware.SavingsCool.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Delete-on-Reboot, [970], [-1],0.0.0Registry Value: 4Adware.SavingsCool.PrxySvrRST, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Delete-on-Reboot, [970], [-1],0.0.0Adware.SavingsCool.PrxySvrRST, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Delete-on-Reboot, [970], [-1],0.0.0Adware.SavingsCool.PrxySvrRST, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Delete-on-Reboot, [970], [-1],0.0.0Adware.SavingsCool.PrxySvrRST, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Delete-on-Reboot, [970], [-1],0.0.0Registry Data: 0(No malicious items detected)Data Stream: 0(No malicious items detected)Folder: 0(No malicious items detected)File: 3Adware.GorillaPrice, C:\PROGRAMDATA\MICROSOFT\WINDOWS\NETWORKCACHEMANAGER\NTCACHE.EXE, Delete-on-Reboot, [1652], [401367],1.0.2009Adware.GorillaPrice, C:\USERS\{username}\DESKTOP\NTCACHE.EXE, Delete-on-Reboot, [1652], [401367],1.0.2009Adware.GorillaPrice, C:\USERS\{username}\DESKTOP\NSIS.EXE, Delete-on-Reboot, [1652], [401367],1.0.2009Physical Sector: 0(No malicious items detected)(end)
Select your language