Related blog content
How to remove adware from your PC
Adware the series, part 4 (services)
Adware.GorillaPrice is Malwarebytes’ detection for standalone installers of a family of adware that use a service and several browser extensions to show advertisements on the affected Windows computer.
Systems on which Adware.GorillaPrice is active may notice advertisements both in newly-opened tabs as well as advertisements in open tabs not originating from the sites that are open.
Malwarebytes protects users from Adware.GorillaPrice with its real-time protection technology.
Malwarebytes blocks Adware.GorillaPrice
Malwarebytes can detect and remove Adware.GorillaPrice without further user interaction.
An example of a Malwarebytes removal log from a system affected by Adware.GorillaPrice:
Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 5/24/17 Scan Time: 8:59 AM Log File: mbamSavingsCool.txt Administrator: Yes -Software Information- Version: 3.1.2.1733 Components Version: 1.0.122 Update Package Version: 1.0.2009 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 332294 Threats Detected: 12 Threats Quarantined: 12 Time Elapsed: 1 min, 22 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 1 Adware.GorillaPrice, C:\PROGRAMDATA\MICROSOFT\WINDOWS\NETWORKCACHEMANAGER\NTCACHE.EXE, Quarantined, [1652], [401367],1.0.2009 Module: 1 Adware.GorillaPrice, C:\PROGRAMDATA\MICROSOFT\WINDOWS\NETWORKCACHEMANAGER\NTCACHE.EXE, Quarantined, [1652], [401367],1.0.2009 Registry Key: 3 Adware.GorillaPrice, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ntcache, Delete-on-Reboot, [1652], [401367],1.0.2009 Adware.SavingsCool.PrxySvrRST, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SavingsCool, Delete-on-Reboot, [970], [351594],1.0.2009 Adware.SavingsCool.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Delete-on-Reboot, [970], [-1],0.0.0 Registry Value: 4 Adware.SavingsCool.PrxySvrRST, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Delete-on-Reboot, [970], [-1],0.0.0 Adware.SavingsCool.PrxySvrRST, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Delete-on-Reboot, [970], [-1],0.0.0 Adware.SavingsCool.PrxySvrRST, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Delete-on-Reboot, [970], [-1],0.0.0 Adware.SavingsCool.PrxySvrRST, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Delete-on-Reboot, [970], [-1],0.0.0 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 3 Adware.GorillaPrice, C:\PROGRAMDATA\MICROSOFT\WINDOWS\NETWORKCACHEMANAGER\NTCACHE.EXE, Delete-on-Reboot, [1652], [401367],1.0.2009 Adware.GorillaPrice, C:\USERS\{username}\DESKTOP\NTCACHE.EXE, Delete-on-Reboot, [1652], [401367],1.0.2009 Adware.GorillaPrice, C:\USERS\{username}\DESKTOP\NSIS.EXE, Delete-on-Reboot, [1652], [401367],1.0.2009 Physical Sector: 0 (No malicious items detected) (end)
Select your language