Monthly Archives: May 2015

SERGEY SEMENOV – 14% Detection Rate

digital signature

Welcome! Just a quick post on a publisher called SERGEY SEMENOV.

SERGEY SEMENOV publisher

It is also possible to check a digital signature by looking at a file’s properties. Here’s a screenshot of the SERGEY SEMENOV certificate. Sergey appears to be located in Russia.

SERGEY SEMENOV cert

Fortinet detects the file as Riskware/Badur, Tencent classifies it as Trojan.Win32.Qudamah.Gen.2 and VBA32 detects it as suspected of Heur.Malware-Cryptor.Multiplug.

SERGEY SEMENOV anti virus report

Did you also find a SERGEY SEMENOV file? What kind of download was it? If you remember the download link, please post it in the comments below.

Thank you for reading.

just accepT – 12% Detection Rate – OutBrowse

digital signature, ,

Hi there! Short on time today, but I just wanted to give you the heads up on a publisher called just accepT.

just accepT publisher

You can see who the signer is when double-clicking on an executable file. just accepT appears in the publisher field in the dialog that pops up. You can also see the just accepT certificate by looking under the Digital Signature tab on the file’s properties. According to the certificate, just accepT is located in Dublin in Ireland.

just accepT certificate

After uploading the just accepT file – Player.exe – to VirusTotal, it was clear that it’s probably better to delete the file than running it. The detection rate was 12% and some of the detection names were: Downloader.HFI and Artemis!83841CFEAEC6.

just accepT virus total

Did you also find a just accepT file?

Thank you for reading.

How To Reset Google Chrome’s Settings

Uncategorized

Google Chrome allows you to reset the browser settings with a few clicks. Sometimes programs that you download and install can change your Chrome settings. In some cases, you can see new extensions extensions and toolbars or a new search engine. Resetting your browser settings will reset the unwanted changes caused by installing other programs.

Your bookmarks and passwords will not be cleared when using the reset feature.

Follow these steps to reset the settings in Chrome:

  1. Click the Chrome menu chrome menu button in the upper-right corner of Chrome.
  2. Select Settings.
  3. Click Show advanced settings and locate the “Reset browser settings” section. chrome reset browser settings button
  4. Click the Reset browser settings button.
  5. In the confirmation dialog that appears, review the changes the reset feature performs, then click Resetchrome reset confirm

Thanks for reading. Did this solve the problem you were experiencing?

ALEKSANDR FEDOROV – 28% Detection Rate

digital signature,

Welcome! If you’ve been following me for the last year you know that I’ve been examining many software publishers that put a digital signature on their downloads. Today I found another publisher called ALEKSANDR FEDOROV.

ALEKSANDR FEDOROV publisher

You can see who the signer is when double-clicking on an executable file. ALEKSANDR FEDOROV appears in the publisher field in the dialog that pops up. It is also possible to check a digital signature by looking at a file’s properties. Here’s a screenshot of the ALEKSANDR FEDOROV certificate. According to that he is located in Russia.

ALEKSANDR FEDOROV certificate

The reason for posting about ALEKSANDR FEDOROV is that the file is detected by many of the anti-virus programs. Fortinet reports Download Uc Browser V Handler Zip.exe as Riskware/Badur, GData detects it as Gen:Variant.Adware.MPlug.42, Malwarebytes detects it as PUP.Optional.Multiplug and Tencent calls it Trojan.Win32.Qudamah.Gen.2.

ALEKSANDR FEDOROV

Since you probably came here after finding a download that was signed by ALEKSANDR FEDOROV, please share what kind of download it was and if it was reported by the anti-viruses at VirusTotal.

Thank you for reading.

Safemode Install (Fried Cookie Ltd) – 9% Detection Rate

digital signature,

Hi there! Just a short post on a publisher called Safemode Install (Fried Cookie Ltd) before going back to some coding on FreeFixer. The file is called chrome_setup.exe.

Safemode Install Fried Cookie Ltd certificate

By looking at the certificate we can see that Safemode Install (Fried Cookie Ltd) appears to be located in Tel Aviv in Israel.

The issue here is that if chrome_setup.exe really was an installer for Google Chrome, it should be signed by Google Inc. and not by some unknown company. Here’s how the authentic Google Chrome looks like when you double click on it. Notice that the “Verified publisher” says “Google Inc”.
Chrome Google Inc publisher

So, what’s the problem? Well, some of the anti-virus over at VirusTotal detects the Safemode Install file. Application.Win32.FriedCookie.CIRK, Trojan.InstallCore.844, a variant of Win32/InstallCore.ZM potentially unwanted and PUP.Optional.InstallCore.SID.C are some of the detection names.

Safemode Install anti-virus report

Did you also find an Safemode Install (Fried Cookie Ltd)? Do you remember the download link? Please post it in the comments below and I’ll upload it to VirusTotal to see if that one is also detected.

Thanks for reading.

Artem Leonidov – 18% Detection Rate – MultiPlug

digital signature,

Hello readers! Just a short note on a publisher called Artem Leonidov. This is how Artem Leonidov appears when running the file:

Artem Leonidov publisher

The certificate is issued by Certum Code Signing CA. And the publisher is located in Russia:

Artem Leonidov certificate

When I uploaded the file to VirusTotal – as I usually do when I find something that looks suspicious – 18% of the scanners detected the file. The file is detected as a variant of Win32/Adware.MultiPlug.LG by ESET-NOD32, PUP.Optional.Bundle by Malwarebytes, Trojan.Win32.Qudamah.Gen.6 by Tencent and suspected of Heur.Malware-Cryptor.Multiplug by VBA32.

Artem Leonidov virus total report

Did you also find a Artem Leonidov file? Do you remember where you downloaded it?

Thank you for reading.

Dmitry Taranov – 32% Detection Rate at VirusTotal.com

Uncategorized

Welcome! Just wanted to give you the heads up on a publisher called Dmitry Taranov located in Ukraine.

Dmitry Taranov publisher

Typically you’d see the Dmitry Taranov publisher name appear when double-clicking on the Medal Of Honour PC Game Full version Free Download.exe file: The certificate is issued by Certum Code Signing CA.

Dmitry Taranov certificate

So what’s the problem? Well, currently 32% of the anti-virus scanners over at VirusTotal detected the file. Some of the detection names for the Medal Of Honour PC Game Full version Free Download.exe file are Gen:Variant.Adware.Mplug, Trojan ( 0040fa761 ), not-a-virus:Downloader.Win32.Agent.dlzx and MultiPlug.

Dmitry Taranov anti-virus report

Did you also run into a file that was digitally signed by Dmitry Taranov? What kind of download was it and was it reported by the anti-malwares at VirusTotal? Please share by posting a comment.

Thanks for reading.

VYACHESLAV KULOV – 30% Detection Rate at VirusTotal

digital signature,

Hello! Lately I’ve been looking on the digital signatures on those files that push various types of unwanted programs. This morning I found a new file called Medal Of Honour PC Game Full version Free Download.exe, digitally signed by VYACHESLAV KULOV.

VYACHESLAV KULOV publisher

You can see who the signer is when double-clicking on an executable file. VYACHESLAV KULOV appears in the publisher field in the dialog that pops up and he appears to be located in Russia. The certificate is issued by Certum Code Signing CA.

VYACHESLAV KULOV certificate

When I uploaded the VYACHESLAV KULOV file to VirusTotal, it came up with a 30% detection rate. The file is detected as a variant of Win32/Adware.MultiPlug.KU by ESET-NOD32, Gen:Variant.Adware.Mplug by F-Secure, MultiPlug by Sophos and suspected of Heur.Malware-Cryptor.Multiplug by VBA32.

VYACHESLAV KULOV anti-virus report

The download bundled a bunch of other software, such as PriceMinus and BestAdBlocker.

Did you also find a VYACHESLAV KULOV file? What kind of download was it? If you remember the download link, please post it in the comments below.

Thanks for reading.

Remove Fruit Basket – FruitBasket Removal Instructions

adware,

Just wanted to write a short blog post before going back to programming. As usual I was looking around on the Internet to see what is being bundled with some software downloads. This time I found something called Fruit Basket. Fruit Basket seems to be a variant of BrowseFox that I blogged about previously. If Fruit Basket is installed and running on your computer, you will see a new add-on called FruitBasket added into Firefox and Internet Explorer.

Fruit Basket firefox add-on

 

I didn’t see anything added into Google Chrome. Did FruitBasket install into Chrome on your machine?

I’ll show how to remove Fruit Basket in this blog post with the FreeFixer removal tool.

Fruit Basket is bundled in other software’s installers.

When I stumble upon some new bundled software I normally upload it to VirusTotal to verify if the anti-malware scanners there detect anything interesting. 20 of the scanners detected the file. Some of the detection names for Fruit Basket are ADWARE/BrowseFox.Gen2, W32/S-f64f6ec1!Eldorado, Gen:Variant.Adware.Mikey, Gen:Variant.Adware.Mikey.11547 and AdWare.MSIL.Agent.

FruitBasket anti-virus report

Removing Fruit Basket is straightforward with FreeFixer. Just select the Fruit Basket files/settings for removal and then click the Fix button and the problem will be solved.

remove FruitBasket firefox remove Fruit Basket ie

Hope this helped you remove the Fruit Basket adware.

Do you also have Fruit Basket on your machine? Any idea how it installed? Please let me and the readers know by posting a comments. Thank you very much!

Thank you for reading and welcome back.

Arseniy Petrov – 39% Detection Rate – MultiPlug / InstalleRex / Qudamah

digital signature, ,

Hello readers! Sorry for the lack of posts during last week. I’ve been having a few days off.

This morning I playing around and testing some downloads when I found a file signed by Arseniy Petrov.

Arseniy Petrov publisher

Windows will display Arseniy Petrov as the publisher when running the file. It is also possible to check a digital signature by looking at a file’s properties. Here’s a screenshot of the Arseniy Petrov certificate.

Arseniy Petrov certificate

Arseniy Petrov is located in Ukraine according to the cert.

22 of the anti-virus scanners detected the file. Avira names Download Uc Browser V Handler Zip.exe as TR/Crypt.XPACK.Gen, BitDefender reports Gen:Variant.Adware.Mplug.45, Malwarebytes detects it as PUP.Optional.MultiPlug, Microsoft detects it as SoftwareBundler:Win32/InstalleRex, Sophos reports MultiPlug and Tencent reports Trojan.Win32.Qudamah.Gen.2.

Arseniy Petrov anti-virus report

Did you also find a Arseniy Petrov file? Do you remember where you downloaded it?

Thank you for reading.