Another day, another infection.
This time it’s the threat that goes by the name of Savings Bull (sample.dll) which is a form of Adware / Malware that infects a user’s computer and listens by proxy to network traffic of the infected victim.
Savings Bull copies itself to your hard disk. The typical file name is sample.dll.
Savings Bull is adware which, when installed on a PC, may embed an unwanted browser extension, plug-in or add-on. I take it that this Savings Bull may be distributed through packaged free programs.
I haven’t encountered a single antivirus solution which flags this. Rather I have had encounters with customers and staff I support that have had issues connecting to local resources on their respective networks; in each case connecting to either .local address spaces or resources using port 8080
In my case a user was unable to connect to Visual Studio Team Foundation Server
Removing this was simple as this:
- Open Windows Control Panel
- Programs > Uninstall or change a program
- Sort by date
- Looking for an icon with an S and named Savingbull Filter and uninstall it.
9 replies on “Savings Bull Filter Removal”
[…] More on this here […]
I have a problem, the program doesn’t show up in my control panel, so I can’t uninstall it, can you help?
You could attempt to use WMI to locate the GUID if it was installed. I have posted steps here:
What you want to attempt is opening a cmd prompt as administrator. Then type wmic, from here you can type product list to get a list of products that have been installed despite what is shown in add/remove.
What I do to help me with sorting it typing the following: WMIC PRODUCT GET Caption, IdentifyingNumber > c:\info.txt
Once this is done and I have identified what I would like to remove. I simply type: MSIEXEC /X {GUID}
This should work, please let me know if this info helped
I got confused, can you explain the instruction in a simpler way?
Nevermind, I managed to figure it out, THANK YOU SO MUCH!
Well I did not figure it out
The “thing” that is going this is “savings bull” I uninstalled it in the control panel but it is still attachment adware to the google screen
I did the product list and can not find what you want me to find
so this is depressing
the hide of those people
Also to note if you feel this has been installed as a add-on to Chrome, Firefox or Internet Explorer you can simply look in your add-on section of each and remove. As I am one to be paranoid I would just reset all extensions to default.
And when all else is unanswered; you can use your favorite malware cleaner software. – Good Luck
Thank you – I forgot I can do that!!!
I will try it now
mine was set as “t” rather than “r”. isp2 installfilter64 and verbose.