DEAlsFinderPro
from InstalleRex-WebPick
What is DEAlsFinderPro?
Deal Finder Pro is a JustPlug.It web browser extension that is delivered via the WebPick (InstalleRex) download and install manager. It is included with various adware offer bundles and is a cross browser extension that runs with multiple parts including a Windows service, an auto-starting component and the browser toolbar/plugin which is designed to inject advertisements in the browser in form of banner ads, hyper-text links and popups. In addition, some versions might hijack existing advertising on web sites as well as inject affiliate codes in links as coupon offers. The advertisements that are displayed in the browser could include deceptive malvertising ads for 'required' updates of known common programs as well as unwanted pop-ups advertisements. If downloaded these programs install a number of bundled adware utilities and additional browser extensions. Additionally components of the program will modify the browser's default security levels.
Overview
It adds a Browser Helper Object (BHO) to Internet Explorer. The main program executable is Ph1.exe. Typically most users end up uninstalling this just after a few days. The software installer includes 6 files and is usually about 1.34 MB (1,401,450 bytes).
- Possible malware installed by this program
- Loads into the web browser
- Installed as part of a co-bundle
- Injects advertisements unassociated with the underlying web page
- The experts agree, you should remove it!
Warning, multiple anti-virus scanners have detected possible malware in DEAlsFinderPro.
| Ph1.exe (a39af5e5fbc8eee9959c77cb3fc4cc5c) has been flagged by the following 16 scanners: |
| Anti-Virus software | Version | Detection |
| AhnLab-V3 |
2014.03.12 |
Trojan/Win32.Preloader |
| Antiy-AVL |
0.1.0.1 |
GrayWare[AdWare:not-a-virus]/Win32.MegaSearch |
| AVG |
2015.0.3497 |
Generic_r |
| Baidu-International |
4.0.3.14422 |
Adware.Win32.MegaSearch.awwi |
| ESET-NOD32 |
8.9527 |
a variant of Win32/AdWare.MultiPlug.K.gen |
| Fortinet FortiGate |
4/22/2014 |
Adware/Megasearch |
| Kaspersky |
14.0.0.3978 |
not-a-virus:AdWare.Win32.MegaSearch |
| Malwarebytes |
v2014.04.22.11 |
PUP.Optional.MultiPlug.A |
| McAfee |
5600.7153 |
PUP-FFY!A39AF5E5FBC8 |
| McAfee-GW-Edition |
7.7153 |
Heuristic.BehavesLike.Win32.Suspicious.H |
| Panda Antivirus |
14.04.22.11 |
Trj/Genetic.gen |
| Qihoo-360 |
1.0.0.1015 |
HEUR/Malware.QVM10.Gen |
| Sophos |
4.98 |
MultiPlug |
| TrendMicro-HouseCall |
7.2.112 |
TROJ_GEN.R08NH06C914 |
| Vba32 AntiVirus |
3.12.24.3 |
BScope.Trojan.Agent |
| VIPRE Antivirus |
27280 |
MegaSearch Toolbar |
| ZsnVu7z3wM.dll (6bdd2b931e45fa910c821a3beb07928c) has been flagged by the following 29 scanners: |
| Anti-Virus software | Software version | Detection |
| Lavasoft Ad-Aware |
12.0.163.0 |
Application.Generic.604038 |
| Agnitum Outpost |
5.5.1.3 |
PUA.BHO! |
| Antiy-AVL |
1.0.0.1 |
Trojan/Win32.TGeneric |
| avast! |
8.0.1489.320 |
Win32:Dropper-gen [Drp] |
| AVG |
14.0.0.3972 |
Generic5.APQB |
| Baidu-International |
3.5.1.41473 |
Adware.Win32.BHO.71 |
| Bitdefender |
7.2 |
Application.Generic.604038 |
| Bkav FE |
1.3.0.4959 |
W32.ToolbarEscort.Adware |
| CAT-QuickHeal |
14.00 |
AdWare.BHO.r6 (Not a Virus) |
| Comodo Security |
18598 |
ApplicUnwnt.Win32.InstallRex.ALC |
| ESET-NOD32 |
9968 |
a variant of Win32/AdWare.MultiPlug.T |
| F-Secure |
11.0.19100.45 |
Application.Generic.604038 |
| G Data |
24 |
Application.Generic.604038 |
| IKARUS anti.virus |
T3.1.6.1.0 |
Win32.SuspectCrc |
| K7 AntiVirus |
9.180.12463 |
Adware ( 004976341 ) |
| K7GW |
9.180.12463 |
Adware ( 004976341 ) |
| Kaspersky |
12.0.0.1225 |
not-a-virus:AdWare.Win32.BHO.bdnc |
| Malwarebytes |
1.75.0.1 |
PUP.Optional.MultiPlug.A |
| McAfee |
6.0.4.564 |
RDN/Generic PUP.x!cf3 |
| McAfee-GW-Edition |
2013 |
RDN/Generic PUP.x!cf3 |
| MicroWorld-eScan |
12.0.250.0 |
Application.Generic.604038 |
| NANO AntiVirus |
0.28.0.60253 |
Riskware.Win32.BHO.dbdfeq |
| Panda Antivirus |
10.0.3.5 |
Trj/CI.A |
| Sophos |
4.98.0 |
Generic PUA IO |
| Symantec |
20131.1.5.61 |
Adware.BL |
| Trend Micro |
9.740.0.1012 |
ADW_MULTIPLUG |
| TrendMicro-HouseCall |
9.700.0.1001 |
ADW_MULTIPLUG |
| Vba32 AntiVirus |
3.12.26.3 |
AdWare.BHO |
| VIPRE Antivirus |
30454 |
Trojan.Win32.Generic!BT |
| ZsnVu7z3wM.x64.dll (600ff6994d8cddce04773e8c738d303d) has been flagged by the following 12 scanners: |
| Anti-Virus software | Software version | Detection |
| AhnLab-V3 |
2014.06.11.00 |
Trojan/Win64.Preloader |
| Baidu-International |
3.5.1.41473 |
Adware.Win64.MultiPlug.81 |
| Comodo Security |
18507 |
ApplicUnwnt |
| ESET-NOD32 |
9926 |
a variant of Win64/Adware.MultiPlug.C |
| G Data |
24 |
Win64.Adware.Megasearch.C |
| IKARUS anti.virus |
T3.1.6.1.0 |
AdWare.MultiPlug |
| Malwarebytes |
1.75.0.1 |
PUP.Optional.MultiPlug.A |
| McAfee |
6.0.4.564 |
RDN/Generic PUP.x!c2k |
| McAfee-GW-Edition |
2013 |
RDN/Generic PUP.x!c2k |
| Symantec |
20131.1.5.61 |
Adware.BL |
| TrendMicro-HouseCall |
9.700.0.1001 |
TROJ_GEN.R0E6H05EU14 |
| VIPRE Antivirus |
30178 |
Trojan.Win32.Generic!BT |
| ZsnVu7z3wM.exe (ef38514253e4dafb6823f236bc47bb5f) has been flagged by the following 7 scanners: |
| Anti-Virus software | Software version | Detection |
| AVG |
13.0.0.3169 |
Generic5.AOBP |
| Comodo Security |
17878 |
ApplicUnwnt |
| ESET-NOD32 |
9495 |
a variant of Win32/AdWare.MultiPlug.S |
| Malwarebytes |
1.75.0001 |
PUP.Optional.MultiPlug.A |
| Qihoo-360 |
1.0.0.1015 |
HEUR/Malware.QVM10.Gen |
| Trend Micro |
9.740-1012 |
ADW_MULTIPLUG |
| TrendMicro-HouseCall |
9.700-1001 |
ADW_MULTIPLUG |
View all 64 all detections
DEAlsFinderPro has been found to be bundled with 3rd party software. If you have not purposefully installed this, you should be safe uninstalling it.
Program details
Displayed publisher: DealsFinderProo
Installation folder: C:\ProgramData\dealsfinderpro
Uninstaller: "C:\ProgramData\DEAlsFinderPro\Ph1.exe" /s /n /C:"ExecuteCommands;UninstallCommands" ""
Estimated size: 1.34 MB
Files installed by DEAlsFinderPro
| Program executable: | Ph1.exe (Malware detected) |
| Path: | C:\ProgramData\dealsfinderpro\Ph1.exe |
| MD5: | a39af5e5fbc8eee9959c77cb3fc4cc5c |
Additional files:
-
(Malware detected) ZsnVu7z3wM.exe (by system Retrieval cluster) - system Retrieval cluster (often)
-
(Malware detected) Ph1.exe (by Setup)
-
(Malware detected) ZsnVu7z3wM.dll (by large) - large (Obtaining operating database with)
-
(Malware detected) ZsnVu7z3wM.x64.dll (by large)
-
Ph1.dll
-
Ph1.x64.dll
Behaviors exhibited
2 Internet Explorer BHOs
- ZsnVu7z3wM.dll is installed in Internet Explorer as a BHO (Browser Helper Object) under the name 'MiinimumoPPrice' with the class of {6E3E8E43-56D8-BDB1-B926-A20075067189}.
- ZsnVu7z3wM.x64.dll is installed in Internet Explorer as a BHO (Browser Helper Object) under the name 'ssaaver box' with the class of {509D3BEC-9E4D-5822-E8E3-2083D5BAB6DD}.
How do I remove DEAlsFinderPro?
You can uninstall DEAlsFinderPro from your computer by using the Add/Remove Program feature in the Window's Control Panel.
- On the Start menu (for Windows 8, right-click the screen's bottom-left corner), click Control Panel, and then, under Programs, do one of the following:
- Windows Vista/7/8/10: Click Uninstall a Program.
- Windows XP: Click Add or Remove Programs.
- When you find the program DEAlsFinderPro, click it, and then do one of the following:
- Windows Vista/7/8/10: Click Uninstall.
- Windows XP: Click the Remove or Change/Remove tab (to the right of the program).
- Follow the prompts. A progress bar shows you how long it will take to remove DEAlsFinderPro.
- If for some reason uninstallation fails, please install Microsoft's uninstall fixer utility which will help fix problems with programs that can't be uninstalled at support.microsoft.com.
How do I reset my web browser?
If your web browser homepage and search settings have been modfied by DEAlsFinderPro you can restore them to their previous default settings.
Microsoft Internet Explorer
- Open Internet Explorer and click the Tools button, and then click Internet options.
- Click the Advanced tab, and then click Reset. Select the Delete personal settings check box if you would also like to remove search providers, Accelerators and home pages. When Internet Explorer finishes applying default settings, click Close, and then click OK.
- The changes will take effect the next time you open IE.
Mozilla Firefox
- At the top of the Firefox window, click the Firefox button, go over to the Help sub-menu and select Troubleshooting Information.
- To continue, click Reset Firefox in the confirmation window that opens. It will close and be reset.
- When it's done, a window will list the information that was imported. Click Finish and Firefox will open.
Google Chrome
- Open Chrome and click the Chrome menu on the browser toolbar.
- Select Settings. In the "Search" section, click Manage search engine. Check if (Default) is displayed next to your preferred search engine. If not, mouse over it and click Make default. Mouse over any other suspicious search engine entries that are not familiar and click X to remove them.
- When the "Show Home button" checkbox is selected, a web address appears below it. If you want the Homepage button to open up a different webpage, click Change to enter a link.
- Restart Google Chrome.
PC BRAND OF CHOICE
100%
Hewlett-Packard
|
|
OS VERSIONS
Win 7 (SP1) 50%
Win 10 50%
|
|
USER ACTIONS
 |
Uninstall it 83%
Keep it 17%
|
|
Windows
Which Windows OS versions does it run on?
| Windows 7 |
50.00% |
|
| Windows 10 |
50.00% |
|
Which OS releases does it run on? |
| Windows 7 Home Premium |
50.00% |
|
| Windows 8.1 |
50.00% |
|
Geography
80.00% of installs come from the United States
Which countries install it?
| United States |
80.00% |
| Netherlands |
20.00% |