Should I block it?

98%
Yes, 98% block recommendation.
Possible reasons:
Multiple malware detections
Performance resource utilization

Relationships

PE structurePE file structure
Show functions
Import table
advapi32.dll
RegOpenKeyExW
kernel32.dll
GetCommandLineW, FindResourceExW, FindResourceW, FreeLibrary, LoadResource, LoadLibraryExW, VerSetConditionMask, GetModuleHandleW, SizeofResource, GetModuleFileNameW, lstrlenW, RaiseException, VerifyVersionInfoW, GetLastError, GetProcAddress, LockResource, GetFileAttributesExW, SetLastError, LocalAlloc, CloseHandle, SetStdHandle, InterlockedExchange, LoadLibraryA, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSection, DeleteCriticalSection, HeapDestroy, HeapAlloc, HeapFree, HeapReAlloc, HeapSize, GetProcessHeap, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetStartupInfoW, WideCharToMultiByte, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, GetCurrentThreadId, InterlockedDecrement, Sleep, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameA, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetFileType, GetStartupInfoA, HeapCreate, VirtualFree, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, VirtualAlloc, RtlUnwind, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, InitializeCriticalSectionAndSpinCount, LCMapStringA, MultiByteToWideChar, LCMapStringW, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, GetConsoleCP, GetConsoleMode, FlushFileBuffers, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, SetFilePointer, CreateFileA
ole32.dll
CoCreateGuid

BonanzaDealsLive.exe

BonanzaDealsLive Update by Bonanza Deals (Signed)

Remove BonanzaDealsLive.exe
Version:   1.3.23.0
MD5:   9f2041f1ec121713d0bd9996ce97d03e
SHA1:   aa8ff80cb504d6c7cd680d0f098a3896e680a8e9
SHA256:   da3f7a4293dabd3c255bd2ffee8e18d8f34b6b16862b090672b4ef9fe027f703
Warning 5 antivirus scanners has detected malware.

Overview

bonanzadealslive.exe is malware that runs as a service under the name bonanzadealslive1ceb951c2951aa5 with extensive SYSTEM privileges (full administrator access). It is an auto-starting process that used the Windows Task Scheduler service to load when the user logs into Windows (sometimes this is required to bypass the UAC protection). The file is digitally signed by Bonanza Deals which was issued by the COMODO CA Limited certificate authority (CA).

DetailsDetails

File name:bonanzadealslive.exe
Publisher:BonanzaDeals
Product name:BonanzaDealsLive Update
Typical file path:C:\Program Files\bonanzadealslive\update\bonanzadealslive.exe
File version:1.3.23.0
Size:145.48 KB (148,976 bytes)
Build date:8/17/2013 9:31 PM
Certificate
Issued to:Bonanza Deals
Authority (CA):COMODO CA Limited
Digital DNA
PE subsystem:Windows GUI
File packed:No
.NET CLR:No
More details

BehaviorsBehaviors

Services
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
  • bonanzadealslive1ceb951c2951aa5
Scheduled tasks
  • The task 'BonanzaDealsLiveUpdateTaskMachineUA' runs daily in the path 'C:\WINDOWS\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job'
  • The job 'BonanzaDealsLiveUpdateTaskMachineCore' runs on logon in the path 'C:\WINDOWS\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job'
Scheduled tasks startups
Set to load on user login (bypasses Windows UAC if enabled)
  • Login entry path '\BonanzaDealsLiveUpdateTaskMachineCore'
  • Login entry path 'C:\WINDOWS\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job'

MalwareMalware detections

Based on 40+ industry antivirus scanners, 5 of them detected the following malware.
Antivirus engineEngine versionDetection
Comodo Internet Security 17326 Application.Win32.Bonanza.gr
Dr.Web 8.13.11.25 Adware.Shopper.363
Malwarebytes 1.75.0.1 PUP.Optional.BonanzaDeals.A
Symantec 20131.1.5.61 Adware.BL
VIPRE Antivirus 23666 Adware.DealPly (fs)

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.00198987%
0.028634%
Kernel CPU:0.00130627%
0.013761%
User CPU:0.00068360%
0.014873%
Kernel CPU time:156,314 ms/min
100,923,805ms/min
Memory
Private memory:3.71 MB
21.59 MB
Private (maximum):1.95 MB
Private (minimum):224 KB
Non-paged memory:3.71 MB
21.59 MB
Virtual memory:46.54 MB
140.96 MB
Virtual memory (peak):49.63 MB
169.69 MB
Working set:1.54 MB
18.61 MB
Working set (peak):5.06 MB
37.95 MB
Resource allocations
Threads:5
12
Handles:133
600
GUI GDI count:4
103
GUI USER count:3
49

BehaviorsProcess properties

Integrety level:System
Platform:32-bit
Command line:"C:\Program Files\bonanzadealslive\update\bonanzadealslive.exe" /c
Owner:SYSTEM
Windows Service
Display name:bonanzadealslive1ceb951c2951aa5
Parent process:taskeng.exe (Task Scheduler Engine by Microsoft)

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 8 Pro 25.64%
Windows 7 Ultimate 17.95%
Windows Vista Business 15.38%
Microsoft Windows XP 15.38%
Windows 8.1 Enterprise 12.82%
Windows 7 Home Premium 12.82%

Distribution by countryDistribution by country

Portugal installs about 21.21% of BonanzaDealsLive Update.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Hewlett-Packard 26.83%
Dell 24.39%
Intel 24.39%
Acer 12.20%
ASUS 9.76%
GIGABYTE 2.44%
Back to top
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE