home

What is DealPly and how did I get infected with it?

2
I have noticed a new browser extension in Chrome called DealPly. I'm not 100% sure what it does by herdProtect scanners detect this as potentially unwanted. I personally think it is adware but would really like to understand what it is, how, it works and how my PC was infected by this adware.
adware  dealply  
Share
Asked Apr 28 '14 at 9:33
Add a comment

2 Answers

 
1
According to Microsoft, the software is adware and detected as Adware:Win32/DealPly. From the write-up at Microsoft's Malware encyclopedia , DealPly is an adware program shows ads as you browse the web. It can be downloaded from the program's website or bundled with some third-party software installation programs. Adware:Win32/DealPly installs itself as a BHO (browser helper object), which can be seen in Internet Explorer's Manage Add-ons window. In Google Chrome as you suggested, this gets installed as a Chrome Extension. It updates itself by creating a scheduled Windows task called DealPlyUpdate that runs daily. Once installed, DealPly displays offers to you as you browse the Internet.

The following files/folders are installed along with DealPly:

C:\Program Files\DealPly
  • DealPly.crx
  • DealPly.xpi
  • DealPlyIE.dll
  • DealPlyIE64.dll
  • DealPlyUpdateVer.exe
  • icon.ico
  • uninst.exe
C:\Program Files\DealPlyLive
C:\Program Files\DealPlyLive\Update (this folder holds all the updated files downloaded by the updater mechanism.)
  • DealPlyLive.exe
Most files distributed by this adware are digitally signed by 'DealPly Technologies Ltd'.
Share
Answered Apr 28 '14 at 9:56
Add a comment
 
 
1
DealPly is actually run by and distributed by ironSource. The software can be downloaded through the website directly (dealply.com) but is more often bundled with third party installers, mostly ones that use the ironSource download and install manager called installCore. Other companies that bundle it include but are not limited to the following adware distributors:
  • Secure Installer (downloader.downloadinfo.co)
  • I.T.N.T. SRL (soft32.com)
  • Vitbian telecom sl/Down Install
  • and dozens of others
Share
Answered Apr 28 '14 at 10:15
Add a comment

Know someone who can answer? Share a link to this question via email, Google+, Twitter, or Facebook.

Your Answer

Not the answer you're looking for? Ask your own question.

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.