Hi there! Was looking for some downloads to play around with and found one, digitally signed by LLC “DEKA-SOFT”:
You can see who the signer is when double-clicking on an executable file. LLC “DEKA-SOFT” appears in the publisher field in the dialog that pops up. It is also possible to check a digital signature by looking at a file’s properties. Here’s a screenshot of the LLC “DEKA-SOFT” certificate.
According to the certificate, DEKASOFT is located Ukraine. Comodo has issued the certificated back in July.
The reason I’m writing this blog post is that the LLC DEKA-SOFT file is detected by some of the anti-virus software at VirusTotal. Ikarus reports PUA.Bundler.Amonetize, ESET-NOD32 names the file as a variant of Win32/Amonetize.JT potentially unwanted, NANO-Antivirus calls it Trojan.Win32.Agent.dxmgor and Rising detects it as PE:Malware.RDM.14!5.14[F1].
Did you also find a LLC “DEKA-SOFT” file? Do you remember where you downloaded it?
Thank you for reading.
Hi,
found a .exe file of the named LLC “DEKA-SOFT” on this side:
https://www.youtube .com/playlist?list=PLQClbeczwHiRgTQJ6oYL44S3d4vN45nIi
sincerely,
Same detection with Norton on three games from the
http://www.programas-gratis .net site in spanish.
All the downloads have almost the same amount of bytes.
Please check it out and tell me what to do.
My Norton blocked it but I am not sure if it is so.
Thanks.
I would stay away from those downloads. I’m pretty sure Norton is correctly detecting the files.
hxxp://direktindirme .com/en/6666/?k=Malwarebytes.Anti.Exploit&s=MjQ0fDQ3MDJ8RlJ8MnwxfGFsbHNvZnR3YXJlZG93bmxvYWQuY29tfFkyRjAqYkdGdVpHbHVaM00
sir; I want to install another program but when I click on the setup file it begin this program and that program do’snot install. so plz guide me how I can solve this problem.
Dear all
found a .exe file certified by LLC “DEKA-SOFT” on this side
hxxp://www.ebookpara .com/
hxxp://bookportable .org/
I am scared to use it. Pl tell whether it is safe or not?
Don’t run the file. Delete it to avoid getting a bunch of unwanted programs on your machine.
I tried to play an .mkv file using XVid, and a pop-up appeared saying I didn’t have the right codecs, and to download them HERE at this supposed XVid-sponsored site. I warily clicked, and just as alarms started popping up all over my screen the anti-virus program stopped the installation of LLC DEKA-SOFT. I’m guessing they’re involved with media downloads of some sort
Good to hear your anti-virus software stopped the installation.