AllCheapPrice
from InstalleRex-WebPick
What is AllCheapPrice?
AllCheapPrice is an adware extension that plugs into the user's web browser for IE, Chrome and Firefox and will display additional advertisements in search engines such as Bing and Google. It installs itself as an extension (BHO/plugin) and runs as a background process. This adware program creates an entry in Add or Remove Programs however removing this entry might stop the adware from running, but will not stop ads from displaying. Once installed, it displays ads by injecting new ads in search as well as various web pages that use 3rd party advertising and replaces these ads with its own. The program users the InstalleRex download manager from WebPicks Holdings to install itself on the user's PC. InstalleRex is known for distributing potentially unwanted applications including web browser toolbars and various ad-supported extensions. The software is a variant of a known adware (AKA SaveAs, SaveNShare, DownloadKeeper) but is re-branded to mask its origination although is includes many of the same components.
About (from InstalleRex-WebPick)
We may collect certain information about your web usage and websites you have visited, which may be shared with third parties and used for advertising. NOTE: THE PLUGIN AND OTHER SERVICES COLLECT AND STORES INFORMATION CONCERNING THE WEB PAGES YOU VISIT AND YOUR ACTIVITY ON THOSE PAGES, SUCH AS IMPRESSIONS, CLICKS AND ... Read more
Overview
- Possible malware installed by this program
- Loads into the web browser
- Typically distributed through a pay-per-install bundle
- Injects advertisements unassociated with the underlying web page
- The experts agree, you should remove it!
Warning, multiple anti-virus scanners have detected possible malware in AllCheapPrice.
B0.exe (f5bff621c4c58358b36f8526dec8a264) has been flagged by the following 25 scanners: |
Anti-Virus software | Version | Detection |
Agnitum Outpost |
7.1.1 |
Adware.MegaSearch |
AhnLab-V3 |
2014.01.06 |
Trojan/Win32.Preloader |
Antiy-AVL |
2.0.3.7 |
AdWare/Win32.MegaSearch |
avast! |
2014.9-140126 |
Win32:Adware-gen [Adw] |
AVG |
2015.0.3582 |
Generic5 |
Baidu-International |
4.0.3.14126 |
Adware.Win32.MegaSearch.aBc |
Bkav FE |
1.3.0.4613 |
W32.Clod3fd.Trojan |
Comodo Security |
17558 |
ApplicUnwnt |
ESET-NOD32 |
8.9255 |
a variant of Win32/AdWare.MultiPlug.K.gen |
Fortinet FortiGate |
1/26/2014 |
Adware/Megasearch |
IKARUS anti.virus |
t3scan.2.2.29 |
Win32.AdWare |
K7 AntiVirus |
13.175.10735 |
Adware |
K7GW |
13.175.10735 |
Adware ( 00490ca81 ) |
Kaspersky |
14.0.0.4407 |
not-a-virus:AdWare.Win32.MegaSearch |
Kingsoft AntiVirus |
331020.49267 |
Win32.Troj.MegaSearch.at.(kcloud) |
Malwarebytes |
v2014.01.26.03 |
PUP.Optional.CRXDrop.A |
McAfee |
5600.7238 |
Artemis!F5BFF621C4C5 |
McAfee-GW-Edition |
7.7238 |
Artemis!F5BFF621C4C5 |
Panda Antivirus |
14.01.26.03 |
Trj/Genetic.gen |
Sophos |
4.96 |
Generic PUA BJ |
Symantec |
1/26/2014 rev. 1 |
Trojan.Gen |
Trend Micro |
10.465.26 |
TROJ_GEN.F0C2C00A414 |
TrendMicro-HouseCall |
7.2.26 |
TROJ_GEN.F0C2C00A414 |
Vba32 AntiVirus |
3.12.24.3 |
BScope.Trojan.Agent |
VIPRE Antivirus |
25126 |
Trojan.Win32.Generic!BT |
lcHAAv.exe (1b63b4e4fe4be0d8607d362c3d2f2677) has been flagged by the following 35 scanners: |
Anti-Virus software | Software version | Detection |
Lavasoft Ad-Aware |
12.0.163.0 |
Gen:Variant.Adware.Graftor.146103 |
Agnitum Outpost |
5.5.1.3 |
PUA.MultiPlug! |
AhnLab-V3 |
2014.08.05.00 |
Trojan/Win32.Preloader |
Avira AntiVir |
7.11.165.68 |
Adware/Graftor.146103 |
Antiy-AVL |
1.0.0.1 |
Trojan/Win32.SGeneric |
avast! |
8.0.1489.320 |
Win32:Dropper-gen [Drp] |
AVG |
14.0.0.3986 |
Generic5.AZJV |
AVware |
1.5.0.16 |
Trojan.Win32.Generic!BT |
Baidu-International |
3.5.1.41473 |
Adware.Win32.MultiPlug.81 |
Bitdefender |
7.2 |
Gen:Variant.Adware.Graftor.146103 |
Bkav FE |
1.3.0.4959 |
W32.CanpaktiLTAAI.Adware |
CAT-QuickHeal |
14.00 |
AdWare.MultiPlug.r5 (Not a Virus) |
Comodo Security |
19086 |
ApplicUnwnt |
Emsisoft Anti-Malware |
3.0.0.600 |
Gen:Variant.Adware.Graftor.146103 (B) |
ESET-NOD32 |
10205 |
a variant of Win32/AdWare.MultiPlug.AG |
Fortinet FortiGate |
5.1.152.0 |
Riskware/MultiPlug |
F-Secure |
11.0.19100.45 |
Gen:Variant.Adware.Graftor.146103 |
G Data |
24 |
Gen:Variant.Adware.Graftor.146103 |
IKARUS anti.virus |
T3.1.6.1.0 |
PUA.Generic |
K7 AntiVirus |
9.182.12951 |
Adware ( 0049c94b1 ) |
K7GW |
9.182.12951 |
Adware ( 0049c94b1 ) |
Kaspersky |
12.0.0.1225 |
not-a-virus:AdWare.Win32.MultiPlug.bqfl |
Kingsoft AntiVirus |
2013.4.9.267 |
Win32.Troj.Generic.a.(kcloud) |
Malwarebytes |
1.75.0.1 |
PUP.Optional.MultiPlug |
McAfee |
6.0.4.564 |
RDN/Generic.bfr!ho |
MicroWorld-eScan |
12.0.250.0 |
Gen:Variant.Adware.Graftor.146103 |
NANO AntiVirus |
0.28.2.61349 |
Riskware.Win32.Graftor.dcodwf |
Panda Antivirus |
10.0.3.5 |
Trj/Genetic.gen |
Sophos |
4.98.0 |
Generic PUA IB |
Symantec |
20131.1.5.61 |
WS.Reputation.1 |
Tencent |
1.0.0.1 |
Win32.Risk.Adware.Dzkd |
Trend Micro |
9.740.0.1012 |
TROJ_SPNR.14GN14 |
TrendMicro-HouseCall |
9.700.0.1001 |
TROJ_SPNR.14GN14 |
Vba32 AntiVirus |
3.12.26.3 |
AdWare.MultiPlug |
VIPRE Antivirus |
31936 |
Trojan.Win32.Generic!BT |
iuxU_.exe (5779bbb0fe6c50419ddf9f84e73e4905) has been flagged by the following 28 scanners: |
Anti-Virus software | Software version | Detection |
Agnitum Outpost |
5.5.1.3 |
PUA.MegaSearch! |
AhnLab-V3 |
None |
Trojan/Win32.Preloader |
Avira AntiVir |
7.11.143.202 |
ADWARE/Adware.Gen7 |
Antiy-AVL |
0.1.0.1 |
GrayWare[AdWare:not-a-virus]/Win32.MegaSearch |
avast! |
8.0.1489.320 |
Win32:Adware-gen [Adw] |
AVG |
13.0.0.3169 |
Generic_r.GV |
Baidu-International |
3.5.1.41473 |
Adware.Win32.MegaSearch.81 |
CAT-QuickHeal |
12.00 |
Adware.Megasearch.at (Not a Virus) |
Comodo Security |
18114 |
ApplicUnwnt |
Dr.Web |
7.00.9.04080 |
Trojan.Crossrider.8290 |
ESET-NOD32 |
9684 |
a variant of Win32/AdWare.MultiPlug.K.gen |
Fortinet FortiGate |
4 |
Adware/Megasearch |
IKARUS anti.virus |
T3.1.6.1.0 |
Win32.AdWare |
K7 AntiVirus |
9.176.11777 |
Adware ( 00490ca81 ) |
K7GW |
9.176.11777 |
Adware ( 00490ca81 ) |
Kaspersky |
12.0.0.1225 |
not-a-virus:AdWare.Win32.MegaSearch.at |
Malwarebytes |
1.75.0001 |
PUP.Optional.MultiPlug.A |
McAfee |
6.0.4.564 |
PUP-FFY!5779BBB0FE6C |
McAfee-GW-Edition |
2013 |
PUP-FFY!5779BBB0FE6C |
NANO AntiVirus |
0.28.0.59288 |
Riskware.Win32.MegaSearch.cvwfkf |
Panda Antivirus |
10.0.3.5 |
Trj/Genetic.gen |
Qihoo-360 |
1.0.0.1015 |
HEUR/Malware.QVM10.Gen |
Rising Antivirus |
25.0.0.11 |
PE:Malware.MegaSearch!6.17B2 |
Sophos |
4.98.0 |
MultiPlug |
Trend Micro |
9.740-1012 |
TROJ_GEN.R0CBC0PDE14 |
TrendMicro-HouseCall |
9.700-1001 |
TROJ_GEN.R0CBC0PDE14 |
Vba32 AntiVirus |
3.12.26.0 |
BScope.Trojan.Agent |
VIPRE Antivirus |
28282 |
MegaSearch Toolbar |
lcHAAv.dll (938a58a18228d9c556965deb4f74e494) has been flagged by the following 18 scanners: |
Anti-Virus software | Software version | Detection |
AhnLab-V3 |
2014.08.02.00 |
Adware/Win32.Agent |
avast! |
8.0.1489.320 |
Win32:Dropper-gen [Drp] |
AVG |
14.0.0.3986 |
Generic5.AZJT |
AVware |
1.5.0.16 |
Trojan.Win32.Generic!BT |
Baidu-International |
3.5.1.41473 |
Adware.Win32.MultiPlug.81 |
Comodo Security |
19052 |
ApplicUnwnt |
ESET-NOD32 |
10192 |
a variant of Win32/AdWare.MultiPlug.AY |
Fortinet FortiGate |
5.1.152.0 |
Riskware/MultiPlug |
IKARUS anti.virus |
T3.1.6.1.0 |
PUA.Generic |
K7 AntiVirus |
9.182.12926 |
Adware ( 0049c94b1 ) |
K7GW |
9.182.12926 |
Adware ( 0049c94b1 ) |
Malwarebytes |
1.75.0.1 |
PUP.Optional.MultiPlug |
McAfee |
6.0.4.564 |
RDN/Generic PUP.x!chv |
McAfee-GW-Edition |
2013 |
RDN/Generic PUP.x!chv |
Sophos |
4.98.0 |
Generic PUA NF |
Trend Micro |
9.740.0.1012 |
ADW_MULTIPLUG |
TrendMicro-HouseCall |
9.700.0.1001 |
ADW_MULTIPLUG |
VIPRE Antivirus |
31840 |
Trojan.Win32.Generic!BT |
i4dGf04F_v.exe (19e5eb31641597fa245deb887aa25817) has been flagged by the following 15 scanners: |
Anti-Virus software | Software version | Detection |
AhnLab-V3 |
2014.02.05.00 |
Trojan/Win32.Preloader |
avast! |
8.0.1489.320 |
Win32:Adware-gen [Adw] |
AVG |
13.0.0.3169 |
Generic_r.GV |
Baidu-International |
3.5.1.41473 |
Adware.Win32.MegaSearch.Asdt |
ESET-NOD32 |
9380 |
a variant of Win32/AdWare.MultiPlug.K.gen |
IKARUS anti.virus |
T3.1.5.6.0 |
not-a-virus:AdWare.Win32.MegaSearch |
Kaspersky |
12.0.0.1225 |
not-a-virus:AdWare.Win32.MegaSearch.at |
Malwarebytes |
1.75.0001 |
PUP.Optional.MultiPlug.A |
McAfee |
6.0.4.564 |
PUP-FFY!19E5EB316415 |
McAfee-GW-Edition |
2013 |
PUP-FFY!19E5EB316415 |
Panda Antivirus |
10.0.3.5 |
Trj/Genetic.gen |
Qihoo-360 |
1.0.0.1015 |
HEUR/Malware.QVM10.Gen |
Sophos |
4.97.0 |
Generic PUA EC |
TrendMicro-HouseCall |
9.700-1001 |
TROJ_GEN.R08NH06B314 |
VIPRE Antivirus |
26130 |
MegaSearch Toolbar |
O_urG76Dz.dll (1305e75a5e77ece0845806814d753836) has been flagged by the following 12 scanners: |
Anti-Virus software | Software version | Detection |
AhnLab-V3 |
2014.08.05.00 |
Adware/Win32.Agent |
AVG |
14.0.0.3986 |
Generic5.AYSX |
AVware |
1.5.0.16 |
Trojan.Win32.Generic!BT |
Comodo Security |
19086 |
ApplicUnwnt |
ESET-NOD32 |
10205 |
a variant of Win32/AdWare.MultiPlug.AY |
Fortinet FortiGate |
5.1.152.0 |
Riskware/MultiPlug |
Malwarebytes |
1.75.0.1 |
PUP.Optional.MultiPlug |
McAfee |
6.0.4.564 |
RDN/Generic PUP.x!chv |
McAfee-GW-Edition |
2013.2 |
RDN/Generic PUP.x!chv |
Sophos |
4.98.0 |
Generic PUA KF |
TrendMicro-HouseCall |
9.700.0.1001 |
TROJ_GEN.R0C9H06GB14 |
VIPRE Antivirus |
31942 |
Trojan.Win32.Generic!BT |
B0.dll (1550537f5aee53fec3b74eb4605f8483) has been flagged by the following 11 scanners: |
Anti-Virus software | Software version | Detection |
Avira AntiVir |
7.11.124.160 |
ADWARE/Adware.Gen |
AVG |
13.0.0.3169 |
Generic5.ALFJ |
Baidu-International |
3.5.1.41473 |
Adware.Win32.MultiPlug.40 |
Comodo Security |
17589 |
ApplicUnwnt |
ESET-NOD32 |
9277 |
a variant of Win32/AdWare.MultiPlug.N |
K7 AntiVirus |
9.175.10807 |
Adware ( 004923a41 ) |
K7GW |
9.175.10807 |
Adware ( 004923a41 ) |
Malwarebytes |
1.75.0.1 |
PUP.Optional.MultiPlug.A |
Rising Antivirus |
25.0.0.11 |
PE:Malware.Adware!6.1293 |
TrendMicro-HouseCall |
9.700.0.1001 |
TROJ_GEN.F47V1230 |
VIPRE Antivirus |
25302 |
JustPlugIt (fs) |
O_urG76Dz.exe (80d691f736b42440928faba7ec88cf78) has been flagged by the following 10 scanners: |
Anti-Virus software | Software version | Detection |
AhnLab-V3 |
2014.07.16.00 |
Trojan/Win32.Preloader |
AVG |
14.0.0.3986 |
Generic5.AYTB |
Comodo Security |
18866 |
ApplicUnwnt |
ESET-NOD32 |
10104 |
a variant of Win32/AdWare.MultiPlug.AG |
Fortinet FortiGate |
5.1.152.0 |
Riskware/MultiPlug |
McAfee |
6.0.4.564 |
RDN/Generic PUP.x!c2a |
McAfee-GW-Edition |
2013 |
RDN/Generic PUP.x!c2a |
Sophos |
4.98.0 |
Generic PUA AO |
TrendMicro-HouseCall |
9.700.0.1001 |
TROJ_GEN.R0CBH06G714 |
VIPRE Antivirus |
31320 |
Trojan.Win32.Generic!BT |
O_urG76Dz.x64.dll (9b44cf590f064eaf267c2fe11a2f6d7a) has been flagged by the following 9 scanners: |
Anti-Virus software | Software version | Detection |
AhnLab-V3 |
2014.08.07.00 |
Trojan/Win64.Preloader |
AVG |
14.0.0.3986 |
Generic_r.QB |
Baidu-International |
3.5.1.41473 |
Trojan.Win64.MultiPlug.BD |
ESET-NOD32 |
10216 |
a variant of Win64/Adware.MultiPlug.D |
IKARUS anti.virus |
T3.1.6.1.0 |
PUA.Multiplug |
Malwarebytes |
1.75.0.1 |
PUP.Optional.Preload |
McAfee |
6.0.4.564 |
Artemis!9B44CF590F06 |
McAfee-GW-Edition |
2013.2 |
Artemis!9B44CF590F06 |
TrendMicro-HouseCall |
9.700.0.1001 |
Suspicious_GEN.F47V0702 |
FCOxDNTbUX.exe (584cad63d062e99c0a4b07d334fbd440) has been flagged by the following 8 scanners: |
Anti-Virus software | Software version | Detection |
AhnLab-V3 |
2014.06.18.00 |
Dropper/Win32.Preloader |
Antiy-AVL |
1.0.0.1 |
Trojan/Win32.TGeneric |
AVG |
14.0.0.3972 |
Generic5.AVYG |
ESET-NOD32 |
9962 |
a variant of Win32/AdWare.MultiPlug.Y |
McAfee |
6.0.4.564 |
Artemis!584CAD63D062 |
McAfee-GW-Edition |
2013 |
Artemis!584CAD63D062 |
TrendMicro-HouseCall |
9.700.0.1001 |
Suspicious_GEN.F47V0611 |
VIPRE Antivirus |
30414 |
Trojan.Win32.Generic!BT |
B0.x64.dll (9e0383fb82ce83bd785951c20f3fe959) has been flagged by the following 4 scanners: |
Anti-Virus software | Software version | Detection |
AhnLab-V3 |
2013.12.31.00 |
Trojan/Win32.Preloader |
Baidu-International |
3.5.1.41473 |
Adware.Win64.MultiPlug.A |
ESET-NOD32 |
9234 |
a variant of Win64/Adware.MultiPlug.A |
Malwarebytes |
1.75.0.1 |
PUP.Optional.MultiPlug.A |
View all 175 all detections
AllCheapPrice has been found to be bundled with 3rd party software. If you have not purposefully installed this, you should be safe uninstalling it.
Program details
Displayed publisher: AllCheapPriCe
URL: justplug.it
Installation folder: C:\ProgramData\allcheapprice
Uninstaller: "C:\ProgramData\AllCheapPrice\B0.exe" /s /n /C:"ExecuteCommands;UninstallCommands" ""
Estimated size: 1.34 MB
Files installed by AllCheapPrice
Program executable: | B0.exe (Malware detected) |
Path: | C:\ProgramData\allcheapprice\B0.exe |
MD5: | f5bff621c4c58358b36f8526dec8a264 |
Additional files:
-
(Malware detected) O_urG76Dz.exe (by and Successful application engineering database) - and Successful application engineering database (of)
-
(Malware detected) B0.exe (by Setup)
-
(Malware detected) i4dGf04F_v.exe (by Setup)
-
(Malware detected) iuxU_.exe
-
(Malware detected) FCOxDNTbUX.exe (by of of comprise) - of of comprise (requirements)
-
(Malware detected) lcHAAv.dll (by or is software) - or is software (management)
-
(Malware detected) lcHAAv.exe (by its particular) - its particular (concerned)
-
(Malware detected) O_urG76Dz.dll (by right IDE) - right IDE (data)
-
(Malware detected) O_urG76Dz.x64.dll (by right IDE)
-
(Malware detected) B0.dll
-
(Malware detected) B0.x64.dll
Behaviors exhibited
5 Internet Explorer BHOs
- O_urG76Dz.dll is installed in Internet Explorer as a BHO (Browser Helper Object) under the name 'ExtraShuopper' with the class of {03377F79-0DFC-5409-5604-9CCAE2D85F97}.
- lcHAAv.dll is installed in Internet Explorer as a BHO (Browser Helper Object) under the name 'RanddomiPraice' with the class of {B358B6D3-476B-9DAD-17F1-1B7799A31D4A}.
- B0.dll is installed in Internet Explorer as a BHO (Browser Helper Object) under the name 'FuindBestDeal' with the class of {9A09C003-191B-B8DD-079A-8383CF72792F}.
- O_urG76Dz.x64.dll is installed in Internet Explorer as a BHO (Browser Helper Object) under the name 'SavENewaAopipz' with the class of {2B03A3CE-3049-B856-D4FC-9FD3B1D1F1E9}.
- B0.x64.dll is installed in Internet Explorer as a BHO (Browser Helper Object) under the name 'FunDEals' with the class of {481986C3-3C16-0A16-B5B7-8F66C391BF19}.
How do I remove AllCheapPrice?
You can uninstall AllCheapPrice from your computer by using the Add/Remove Program feature in the Window's Control Panel.
- On the Start menu (for Windows 8, right-click the screen's bottom-left corner), click Control Panel, and then, under Programs, do one of the following:
- Windows Vista/7/8/10: Click Uninstall a Program.
- Windows XP: Click Add or Remove Programs.
- When you find the program AllCheapPrice, click it, and then do one of the following:
- Windows Vista/7/8/10: Click Uninstall.
- Windows XP: Click the Remove or Change/Remove tab (to the right of the program).
- Follow the prompts. A progress bar shows you how long it will take to remove AllCheapPrice.
- If for some reason uninstallation fails, please install Microsoft's uninstall fixer utility which will help fix problems with programs that can't be uninstalled at support.microsoft.com.
How do I reset my web browser?
If your web browser homepage and search settings have been modfied by AllCheapPrice you can restore them to their previous default settings.
Microsoft Internet Explorer
- Open Internet Explorer and click the Tools button, and then click Internet options.
- Click the Advanced tab, and then click Reset. Select the Delete personal settings check box if you would also like to remove search providers, Accelerators and home pages. When Internet Explorer finishes applying default settings, click Close, and then click OK.
- The changes will take effect the next time you open IE.
Mozilla Firefox
- At the top of the Firefox window, click the Firefox button, go over to the Help sub-menu and select Troubleshooting Information.
- To continue, click Reset Firefox in the confirmation window that opens. It will close and be reset.
- When it's done, a window will list the information that was imported. Click Finish and Firefox will open.
Google Chrome
- Open Chrome and click the Chrome menu on the browser toolbar.
- Select Settings. In the "Search" section, click Manage search engine. Check if (Default) is displayed next to your preferred search engine. If not, mouse over it and click Make default. Mouse over any other suspicious search engine entries that are not familiar and click X to remove them.
- When the "Show Home button" checkbox is selected, a web address appears below it. If you want the Homepage button to open up a different webpage, click Change to enter a link.
- Restart Google Chrome.
OS VERSIONS
Win 7 (SP1) 67%
Win 10 17%
|
|
USER ACTIONS
|
Uninstall it 81%
Keep it 19%
|
|
|
COUNTRY POPULARITY
63.64%
United States
|
Windows
Which Windows OS versions does it run on?
Windows 7 |
83.33% |
|
Windows 10 |
16.67% |
|
Which OS releases does it run on? |
Windows 7 Home Premium |
33.33% |
|
Windows 7 Ultimate |
33.33% |
|
Windows 7 Professional |
16.67% |
|
Windows 8 |
16.67% |
|
Geography
63.64% of installs come from the United States
Which countries install it?
United States |
63.64% |
MA |
9.09% |
Mexico |
9.09% |
Sweden |
9.09% |
Slovakia |
9.09% |
PC manufacturers
What PC manufacturers (OEMs) have it installed?
Hewlett-Packard |
33.33% |
|
Sony |
16.67% |
|
Samsung |
16.67% |
|
Dell |
16.67% |
|
Acer |
16.67% |
|
Common models |
Sony SVE1513K1ESI |
16.67% |
|
Samsung 90X3A |
16.67% |
|
HP ProBook 4530s |
16.67% |
|
HP G72 Notebook PC |
16.67% |
|
ECS P67H2-A3 |
16.67% |
|
Dell Inspiron N5050 |
16.67% |
|