Tag Archives: Kazy

Igor Menyalo – 41% Detection Rate – MultiPlug / Qudamah / Kazy

Hi there! Just a note on a publisher called Igor Menyalo. The Igor Menyalo download  was detected when I uploaded it to VirusTotal. Did you also find a download by Igor Menyalo? Was it also detected when you uploaded it to VirusTotal?

Igor Menyalo publisher

That’s how it looks when double-clicking on the file and Igor Menyalo appears as the publisher. It is also possible to check a digital signature by looking at a file’s properties. Here’s a screenshot of the Igor Menyalo certificate.

Igor Menyalo certificate

 

Igor Menyalo appears to be located in Russia.

TR/Crypt.XPACK.Gen, Gen:Variant.Adware.Kazy.611186, W32/S-0625bdde!Eldorado, PUP.Optional.MultiPlug and Trojan.Win32.Qudamah.Gen.0 are some detection names according to VirusTotal:

Igor Menyalo anti-virus report

I decided to run the Igor Menyalo signed file, and it offered three additional programs called PriceMinus, BestAdBlocker and MyPC Backup in the installer.

Did you also find an Igor Menyalo? Do you remember the download link? Please post it in the comments below and I’ll upload it to VirusTotal to see if that one is also detected.

Thank you for reading.

Tiger Download – 33% Detection Rate – Kazy / IBryte

Hi there! Did you just find a file that’s digitally signed by Tiger Download and came to this blog to find more about it? I ran into this one while I was looking at the steady stream of files submitted to the FreeFixer library.

The reason for posting about Tiger Download is that the file is detected by many of the anti-virus programs. F-Secure classifies flashplayerpro_Setup.exe as Gen:Variant.Adware.Kazy.491026, Kaspersky detects it as not-a-virus:AdWare.Win32.iBryte.jig, Malwarebytes detects it as PUP.Optional.Fusion.A and VIPRE names it Optimum Installer (fs). Big thanks to VirusTotal for the scan report.

Tiger Download

Another problem with the Tiger Download file is how it is named: “flashplayerpro”. Users might think that it is an official Flash Player setup file, but it’s not. The official Flash Player download should be signed by Adobe Systems Incorporated, not by Tiger Download. Here’s how the official Flash Player installer should look like when you run it:

Adobe Systems Incorporated - Adobe Flashplayer Installer

Did you also find a Tiger Download file? Do you remember where you downloaded it?

Thanks for reading.

Andrey Hmelnikov – 35% Detection Rate – Kazy/MultiPlug

Hi there! Just wanted to give you the heads up on files digitally signed by Andrey Hmelnikov.

Andrey  Hmelnikov publisher

It is also possible to check a digital signature by looking at a file’s properties. Here’s a screenshot of the Andrey Hmelnikov certificate. He’s located in Russia.

Andrey  Hmelnikov certificate

So, what does the anti-virus programs say about the Andrey Hmelnikov file? No problem, I just uploaded the file to VirusTotal and it turned out that many of the anti-virus programs detects the Andrey Hmelnikov file, with names such as Gen:Variant.Adware.Kazy, and MultiPlug.

Andrey Hmelnikov virustotal

 

To see more in details what changes the Andrey Hmelnikov file would do on a user’s computer I decided to run the file on my lab machine. The installer bundled some additional software such as GoSave and YoutubeAdBlocke.

Did you also find an Andrey Hmelnikov file? Do you remember the download link? Please post it in the comments below and I’ll upload it to VirusTotal to see if that one is also detected.

Thank you for reading.

Liquidbuild detected as Kazy, iBryte and Optimum Installer

Hi there! Just a quick Sunday post on a file named flashplayerpro_Setup.exe signed by Liquidbuild that I found while reviewing some files submitted to the FreeFixer database of files. The problem is that flashplayerpro_Setup.exe is not an official Flash Player download. If it was, it should be digitally signed by Adobe Systems Incorporated.

When I uploaded the Liquidbuild file to VirusTotal, it came up with a 28% detection rate. The file is detected as Adware/iBryte.bxow by Avira, Gen:Variant.Kazy.466717 by BitDefender, Gen:Variant.Kazy.466717 by F-Secure and Optimum Installer (fs) by VIPRE. It’s probably better to stay away from this file.

Liquidbuild virustotal report

Did you also find a Liquidbuild file?

Thanks for reading.

Igor Kramoren – Warning for files signed by this publisher!

Stumbled on a file this morning, digitally signed by Igor Kramoren.

Igor Kramoren Certificate Igor Kramoren publisher

The issue with the Igor Kramoren file is that it is detected by many of the anti-virus programs. Here are some of the detection names:

  • BitDefender Gen:Variant.Zusy.100672
  • DrWeb Trojan.Siggen6.21336
  • ESET-NOD32 a variant of Win32/AdWare.MultiPlug.AQ
  • F-Secure Gen:Variant.Zusy.100672
  • Ikarus AdWare.Graftor
  • Malwarebytes PUP.Optional.InstallRex
  • McAfee PUP-FMH
  • Panda Trj/Kazy.AS

Did you also find a file digitally signed by Igor Kramoren? What kind of download was it and where did you find it?