Another day, another infection.

This time it’s the threat that goes by the name of Savings Bull (sample.dll) which is a form of Adware / Malware that infects a user’s computer and listens by proxy to network traffic of the infected victim.

Savings Bull copies itself  to your hard disk. The typical file name is sample.dll.

Savings Bull is adware which, when installed on a PC, may embed an unwanted browser extension, plug-in or add-on.  I take it that this Savings Bull may be distributed through packaged free programs.

I haven’t encountered a single  antivirus solution which flags this. Rather I have had encounters with customers and staff I support that have had issues connecting to local resources on their respective networks; in each case connecting to either .local address spaces or resources using port 8080

In my case a user was unable to connect to Visual Studio Team Foundation Server

Removing this was simple as this:

  • Open Windows Control Panel
  • Programs > Uninstall or change a program
  • Sort by date
  • Looking for an icon with an S and named Savingbull Filter and uninstall it.