HAppy2Save
from InstalleRex-WebPick
What is HAppy2Save?
Happy2Save is a JustPlug.It web browser extension that is delivered via the WebPick (InstalleRex) download and install manager. It is included with various adware offer bundles and is a cross browser extension that runs with multiple parts including a Windows service, an auto-starting component and the browser toolbar/plugin which is designed to inject advertisements in the browser in form of banner ads, hyper-text links and popups. In addition, some versions might hijack existing advertising on web sites as well as inject affiliate codes in links as coupon offers. The advertisements that are displayed in the browser could include deceptive malvertising ads for 'required' updates of known common programs as well as unwanted pop-ups advertisements. If downloaded these programs install a number of bundled adware utilities and additional browser extensions. Additionally components of the program will modify the browser's default security levels.
Overview
It adds a Browser Helper Object (BHO) to Internet Explorer. The primary executable is named 2QAQu3yyh.exe. A majority of users end up uninstalling this less than a week of it being installed. The setup package generally installs about 5 files and is usually about 1.34 MB (1,404,528 bytes).
- Malware detected in the program
- Integrates into the web browser
- Typically distributed through a pay-per-install bundle
- Injects advertisements unassociated with the underlying web page
- The experts agree, you should remove it!
Warning, multiple anti-virus scanners have detected possible malware in HAppy2Save.
2QAQu3yyh.exe (19e5eb31641597fa245deb887aa25817) has been flagged by the following 15 scanners: |
Anti-Virus software | Version | Detection |
AhnLab-V3 |
2014.02.05 |
Trojan/Win32.Preloader |
avast! |
2014.9-140213 |
Win32:Adware-gen [Adw] |
AVG |
2015.0.3564 |
Generic_r |
Baidu-International |
4.0.3.14213 |
Adware.Win32.MegaSearch.Asdt |
ESET-NOD32 |
8.9380 |
a variant of Win32/AdWare.MultiPlug.K.gen |
IKARUS anti.virus |
t3scan.2.2.29 |
not-a-virus:AdWare.Win32.MegaSearch |
Kaspersky |
14.0.0.4316 |
not-a-virus:AdWare.Win32.MegaSearch |
Malwarebytes |
v2014.02.13.08 |
PUP.Optional.MultiPlug.A |
McAfee |
5600.7220 |
PUP-FFY!19E5EB316415 |
McAfee-GW-Edition |
7.7220 |
PUP-FFY!19E5EB316415 |
Panda Antivirus |
14.02.13.08 |
Trj/Genetic.gen |
Qihoo-360 |
1.0.0.1015 |
HEUR/Malware.QVM10.Gen |
Sophos |
4.97 |
Generic PUA EC |
TrendMicro-HouseCall |
7.2.44 |
TROJ_GEN.R08NH06B314 |
VIPRE Antivirus |
26130 |
MegaSearch Toolbar |
2QAQu3yyh.dll (230c8ce3c37ae8b366d3d28ed9a56001) has been flagged by the following 23 scanners: |
Anti-Virus software | Software version | Detection |
AhnLab-V3 |
2014.02.28.02 |
Adware/Win32.Graftor |
Avira AntiVir |
7.11.133.250 |
ADWARE/Adware.Gen |
avast! |
8.0.1489.320 |
Win32:Adware-gen [Adw] |
AVG |
13.0.0.3169 |
Generic_r.GU |
Baidu-International |
3.5.1.41473 |
Adware.Win32.MultiPlug.N |
Comodo Security |
17860 |
ApplicUnwnt.Win32.InstallRex.ALC |
ESET-NOD32 |
9482 |
a variant of Win32/AdWare.MultiPlug.N |
Fortinet FortiGate |
4 |
Riskware/MultiPlug |
G Data |
24 |
Win32.Trojan.Multiplug.A |
IKARUS anti.virus |
T3.1.5.6.0 |
not-a-virus:AdWare.Win32.MegaSearch |
K7 AntiVirus |
9.176.11292 |
Adware ( 004923a41 ) |
K7GW |
9.176.11292 |
Adware ( 004923a41 ) |
Kingsoft AntiVirus |
2013.04.09.267 |
Win32.Troj.Generic.a.(kcloud) |
Malwarebytes |
1.75.0001 |
PUP.Optional.MultiPlug.A |
McAfee |
6.0.4.564 |
Adware-FHP |
McAfee-GW-Edition |
2013 |
Adware-FHP |
NANO AntiVirus |
0.28.0.58101 |
Riskware.Win32.MultiPlug.cthsbt |
Rising Antivirus |
25.0.0.11 |
PE:Malware.Adware!6.1293 |
Sophos |
4.98.0 |
Generic PUA NC |
Symantec |
20131.1.5.61 |
Trojan.Gen.2 |
Trend Micro |
9.740-1012 |
ADW_MULTIPLG |
TrendMicro-HouseCall |
9.700-1001 |
ADW_MULTIPLG |
VIPRE Antivirus |
26926 |
JustPlugIt (fs) |
Y_gdVVos.dll (6710e2de4c373aca84865f90c0eca5ee) has been flagged by the following 23 scanners: |
Anti-Virus software | Software version | Detection |
Lavasoft Ad-Aware |
12.0.163.0 |
Application.Generic.676804 |
Agnitum Outpost |
5.5.1.3 |
PUA.MultiPlug! |
AhnLab-V3 |
2014.08.04.00 |
Adware/Win32.Agent |
AVG |
14.0.0.3986 |
Generic5.AYZN |
AVware |
1.5.0.16 |
Trojan.Win32.Generic!BT |
Baidu-International |
3.5.1.41473 |
Adware.Win32.MultiPlug.81 |
Bitdefender |
7.2 |
Application.Generic.676804 |
Comodo Security |
19068 |
ApplicUnwnt |
ESET-NOD32 |
10196 |
a variant of Win32/AdWare.MultiPlug.AY |
Fortinet FortiGate |
5.1.152.0 |
Riskware/MultiPlug |
F-Secure |
11.0.19100.45 |
Application.Generic.676804 |
G Data |
24 |
Application.Generic.676804 |
IKARUS anti.virus |
T3.1.6.1.0 |
PUA.Generic |
K7 AntiVirus |
9.182.12926 |
Adware ( 0049c94b1 ) |
K7GW |
9.182.12926 |
Adware ( 0049c94b1 ) |
Malwarebytes |
1.75.0.1 |
PUP.Optional.MultiPlug |
McAfee |
6.0.4.564 |
RDN/Generic PUP.x!chv |
McAfee-GW-Edition |
2013 |
RDN/Generic PUP.x!chv |
MicroWorld-eScan |
12.0.250.0 |
Application.Generic.676804 |
Panda Antivirus |
10.0.3.5 |
Trj/CI.A |
Sophos |
4.98.0 |
Generic PUA DE |
TrendMicro-HouseCall |
9.700.0.1001 |
TROJ_GEN.R0CBH06GI14 |
VIPRE Antivirus |
31878 |
Trojan.Win32.Generic!BT |
Y_gdVVos.exe (c16252d1e226b9266c6ca054203f2e00) has been flagged by the following 21 scanners: |
Anti-Virus software | Software version | Detection |
Lavasoft Ad-Aware |
12.0.163.0 |
Application.Generic.679463 |
Agnitum Outpost |
5.5.1.3 |
PUA.MultiPlug! |
AhnLab-V3 |
2014.07.23.00 |
Trojan/Win32.Preloader |
avast! |
8.0.1489.320 |
Win32:Dropper-gen [Drp] |
AVG |
14.0.0.3986 |
Generic5.AYZO |
Baidu-International |
3.5.1.41473 |
Adware.Win32.MultiPlug.81 |
Bitdefender |
7.2 |
Application.Generic.679463 |
Comodo Security |
18944 |
ApplicUnwnt |
ESET-NOD32 |
10140 |
a variant of Win32/AdWare.MultiPlug.AG |
Fortinet FortiGate |
5.1.152.0 |
Riskware/MultiPlug |
F-Secure |
11.0.19100.45 |
Application.Generic.679463 |
G Data |
24 |
Application.Generic.679463 |
K7 AntiVirus |
9.181.12806 |
Adware ( 0049c94b1 ) |
K7GW |
9.181.12812 |
Adware ( 0049c94b1 ) |
Malwarebytes |
1.75.0.1 |
PUP.Optional.MultiPlug |
McAfee |
6.0.4.564 |
RDN/Generic.bfr!ho |
McAfee-GW-Edition |
2013 |
RDN/Generic.bfr!ho |
MicroWorld-eScan |
12.0.250.0 |
Application.Generic.679463 |
Sophos |
4.98.0 |
Generic PUA CC |
TrendMicro-HouseCall |
9.700.0.1001 |
TROJ_GEN.R0CBH06GI14 |
VIPRE Antivirus |
31520 |
Trojan.Win32.Generic!BT |
2QAQu3yyh.x64.dll (bab49b61943c026b825a714d2175635a) has been flagged by the following 20 scanners: |
Anti-Virus software | Software version | Detection |
AhnLab-V3 |
None |
Trojan/Win32.Preloader |
Avira AntiVir |
7.11.138.26 |
ADWARE/Adware.Gen |
AVG |
13.0.0.3169 |
Generic_r.GX |
Baidu-International |
3.5.1.41473 |
Adware.Win64.MultiPlug.40 |
Comodo Security |
17963 |
ApplicUnwnt |
ESET-NOD32 |
9568 |
a variant of Win64/Adware.MultiPlug.A |
G Data |
24 |
Win64.Trojan.Multiplug.B |
IKARUS anti.virus |
T3.1.5.6.0 |
not-a-virus:AdWare.Win32.MegaSearch |
K7 AntiVirus |
9.176.11510 |
Adware ( 004922f61 ) |
K7GW |
9.176.11510 |
Adware ( 004922f61 ) |
Malwarebytes |
1.75.0001 |
PUP.Optional.MultiPlug.A |
McAfee |
6.0.4.564 |
RDN/Generic PUP.x!brl |
McAfee-GW-Edition |
2013 |
RDN/Generic PUP.x!brl |
Norman |
7.03.02 |
Multiplug.A |
Qihoo-360 |
1.0.0.1015 |
Win32/Trojan.Adware.273 |
Sophos |
4.98.0 |
MultiPlug |
SUPERAntiSpyware |
5.6.0.1032 |
Adware.Multiplug/Variant |
Trend Micro |
9.740-1012 |
ADW_MULTIPLG |
TrendMicro-HouseCall |
9.700-1001 |
ADW_MULTIPLG |
VIPRE Antivirus |
27584 |
Win64.Adware.MultiPlug |
View all 102 all detections
HAppy2Save has been found to be bundled with 3rd party software. If you have not purposefully installed this, you should be safe uninstalling it.
Program details
Displayed publisher: Happiy2Save
Installation folder: C:\ProgramData\happy2save
Uninstaller: "C:\ProgramData\HAppy2Save\2QAQu3yyh.exe" /s /n /C:"ExecuteCommands;UninstallCommands" ""
Estimated size: 1.34 MB
Files installed by HAppy2Save
Program executable: | 2QAQu3yyh.exe (Malware detected) |
Path: | C:\ProgramData\happy2save\2QAQu3yyh.exe |
MD5: | 19e5eb31641597fa245deb887aa25817 |
Additional files:
-
(Malware detected) 2QAQu3yyh.exe (by Setup)
-
(Malware detected) Y_gdVVos.dll (by their The) - their The (plans operating)
-
(Malware detected) Y_gdVVos.exe (by related) - related (fails modern for)
-
(Malware detected) 2QAQu3yyh.dll
-
(Malware detected) 2QAQu3yyh.x64.dll
Behaviors exhibited
3 Internet Explorer BHOs
- Y_gdVVos.dll is installed in Internet Explorer as a BHO (Browser Helper Object) under the name 'CHeiaPiMe' with the class of {FA45C323-1F5F-2B09-EE2F-F4341CE4076A}.
- 2QAQu3yyh.dll is installed in Internet Explorer as a BHO (Browser Helper Object) under the name 'AAllTiubeNoAds' with the class of {8D621B1E-8A42-DF58-5D0C-5E4BD29DEE7F}.
- 2QAQu3yyh.x64.dll is installed in Internet Explorer as a BHO (Browser Helper Object) under the name 'YTubeAdsREmover' with the class of {5B18A513-9478-7337-A2E0-417851707651}.
How do I remove HAppy2Save?
You can uninstall HAppy2Save from your computer by using the Add/Remove Program feature in the Window's Control Panel.
- On the Start menu (for Windows 8, right-click the screen's bottom-left corner), click Control Panel, and then, under Programs, do one of the following:
- Windows Vista/7/8/10: Click Uninstall a Program.
- Windows XP: Click Add or Remove Programs.
- When you find the program HAppy2Save, click it, and then do one of the following:
- Windows Vista/7/8/10: Click Uninstall.
- Windows XP: Click the Remove or Change/Remove tab (to the right of the program).
- Follow the prompts. A progress bar shows you how long it will take to remove HAppy2Save.
- If for some reason uninstallation fails, please install Microsoft's uninstall fixer utility which will help fix problems with programs that can't be uninstalled at support.microsoft.com.
How do I reset my web browser?
If your web browser homepage and search settings have been modfied by HAppy2Save you can restore them to their previous default settings.
Microsoft Internet Explorer
- Open Internet Explorer and click the Tools button, and then click Internet options.
- Click the Advanced tab, and then click Reset. Select the Delete personal settings check box if you would also like to remove search providers, Accelerators and home pages. When Internet Explorer finishes applying default settings, click Close, and then click OK.
- The changes will take effect the next time you open IE.
Mozilla Firefox
- At the top of the Firefox window, click the Firefox button, go over to the Help sub-menu and select Troubleshooting Information.
- To continue, click Reset Firefox in the confirmation window that opens. It will close and be reset.
- When it's done, a window will list the information that was imported. Click Finish and Firefox will open.
Google Chrome
- Open Chrome and click the Chrome menu on the browser toolbar.
- Select Settings. In the "Search" section, click Manage search engine. Check if (Default) is displayed next to your preferred search engine. If not, mouse over it and click Make default. Mouse over any other suspicious search engine entries that are not familiar and click X to remove them.
- When the "Show Home button" checkbox is selected, a web address appears below it. If you want the Homepage button to open up a different webpage, click Change to enter a link.
- Restart Google Chrome.
PC BRAND OF CHOICE
100%
Toshiba
|
|
USER ACTIONS
|
Uninstall it 82%
Keep it 18%
|
|
|
MOST USED OS
~99%
Windows 7 (SP1)
|
Geography
80.00% of installs come from the United States
Which countries install it?
United States |
80.00% |
India |
20.00% |