Hi there! Just a quick post on a publisher called Alekxandr Zabaro that I found while running some tests for the upcoming FreeFixer release. The suspicious file is named Download.exe.
It is also possible to check a digital signature by looking at a file’s properties. Here’s a screenshot of the Alekxandr Zabaro certificate.
After uploading the Alekxandr Zabaro file – Download.exe – to VirusTotal, it was clear that it’s probably better to delete the file than running it. The detection rate was 13% and some of the detection names were: Win32:MultiPlug-AAE [PUP], a variant of Win32/Adware.MultiPlug.MO and Unwanted-Program ( 0040f9681 ).
Did you also find a Alekxandr Zabaro file? Do you remember where you downloaded it?
Hope this blog post helped you avoid some unwanted software on your machine.
Thank you for reading.
Visiting “hxxp://a.fieldconsole .xyz/v24377?product_name=Microsoft+Project+2013+P” will download a file called “microsoft-project-2013-professional-2013.exe”, signed by the same guy. This file is obviously malware, it collects data stored by web browsers, installs a local proxy and downloads an additional certificate (assumably used for intercepting HTTPS traffic).
Thank you Andreas!