Categories
How-To Technical

Savings Bull Filter Removal

Another day, another infection.

This time it’s the threat that goes by the name of Savings Bull (sample.dll) which is a form of Adware / Malware that infects a user’s computer and listens by proxy to network traffic of the infected victim.

Savings Bull copies itself  to your hard disk. The typical file name is sample.dll.

Savings Bull is adware which, when installed on a PC, may embed an unwanted browser extension, plug-in or add-on.  I take it that this Savings Bull may be distributed through packaged free programs.

I haven’t encountered a single  antivirus solution which flags this. Rather I have had encounters with customers and staff I support that have had issues connecting to local resources on their respective networks; in each case connecting to either .local address spaces or resources using port 8080

In my case a user was unable to connect to Visual Studio Team Foundation Server

Removing this was simple as this:

  • Open Windows Control Panel
  • Programs > Uninstall or change a program
  • Sort by date
  • Looking for an icon with an S and named Savingbull Filter and uninstall it.

9 replies on “Savings Bull Filter Removal”

You could attempt to use WMI to locate the GUID if it was installed. I have posted steps here:

What you want to attempt is opening a cmd prompt as administrator. Then type wmic, from here you can type product list to get a list of products that have been installed despite what is shown in add/remove.

What I do to help me with sorting it typing the following: WMIC PRODUCT GET Caption, IdentifyingNumber > c:\info.txt

Once this is done and I have identified what I would like to remove. I simply type: MSIEXEC /X {GUID}

This should work, please let me know if this info helped

Well I did not figure it out

The “thing” that is going this is “savings bull” I uninstalled it in the control panel but it is still attachment adware to the google screen

I did the product list and can not find what you want me to find

so this is depressing

the hide of those people

Also to note if you feel this has been installed as a add-on to Chrome, Firefox or Internet Explorer you can simply look in your add-on section of each and remove. As I am one to be paranoid I would just reset all extensions to default.

And when all else is unanswered; you can use your favorite malware cleaner software. – Good Luck

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.