Tag Archives: Kiev

LLC “DIVAROS SOFT” – 9% Detection Rate – PUP.Optional.LoadMoney

Hello! Having a quick break from the programming I’m doing right now. I’m doing some work on the freefixer.com web site. Just wanted to give you the heads up on a publisher called LLC “DIVAROS SOFT” that I ran into this morning:

LLC DIVAROS SOFT publisher

You will also see LLC “DIVAROS SOFT” listed as the verified publisher in the User Account Control dialog that pops up if you try to run the file: It is also possible to check a digital signature by looking at a file’s properties. Here’s a screenshot of the LLC “DIVAROS SOFT” certificate. As you can see LLC DIVAROS SOFT is located in Kiev, Ukraine.

LLC DIVAROS SOFT certificate

Comodo has issued the certificate.

So, why am I writing about the LLC “DIVAROS SOFT” file? Check out what the anti-virus software report about the file:

LLC DIVAROS SOFT anti-virus report

Avira calls it ADWARE/Amonetize.Gen7, AVG names it as Generic.A6F, VBA32 calls it SScope.Downware.Amonetize and Malwarebytes calls it PUP.Optional.LoadMoney are a few of the detection names for the file.

Did you also find a LLC “DIVAROS SOFT” file?

Thanks for reading. Now, back to coding…

LLC “B2B SOFT UA” – 14% Detection Rate

Hello readers! Just a short post before I call it a day. I found yet another file that bundled a bunch of unwanted programs, and the file was signed by LLC “B2B SOFT UA”.

LLC B2B SOFT UA publisher

You will also see LLC “B2B SOFT UA” listed as the verified publisher in the User Account Control dialog that pops up if you try to run the file: The certificate is issued by COMODO RSA Code Signing CA. The company is located in Kiev, Ukraine:

LLC B2B SOFT UA certificate

The VirusTotal report shows that the LLC “B2B SOFT UA” file should be avoided, since How I Met Your Mother S09E22 HDTV x264KILLERS[ettv]__15022_i1707449201_il379351.exe is detected as ADWARE/Amonetize.Gen by Avira, PE:Malware.RDM.15!5.15[F1] by Rising, HEUR/QVM10.1.Malware.Gen by Qihoo-360 and Trj/Genetic.gen by Panda.

LLC B2B SOFT UA virus report

Did you also find a LLC “B2B SOFT UA” file? What kind of download was it? If you remember the download link, please post it in the comments below.

Thanks for reading.

cpm.exe, CPUMiner and LLC “Kelte-Proekt” – Removal Instructions

I just ran into a Bitcoin miner this morning called cpm.exe. If you have cpm.exe on your machine, you’ll see it in the Task Manager:

cpm.exe task manager

The cpm.exe file is digitally signed by a Ukrainian company called LLC “Kelte-Proekt”:LLC Kelte-Proekt cert

cpm.exe was bundled with an unofficial download of Google Chrome:

CPUMiner

You can easily remove cpm.exe with FreeFixer. Just select cpm.exe under “Registry Startups” and “Processes”.

Hope that helped you figure out what cpm.exe is, how it got onto your machine and how to remove it.

Thanks for reading.

Vladislav Mastenko – 38% Detection – Terkcop / MultiPlug

Welcome! Just a short note on a publisher called Vladislav Mastenko.

Vladislav Mastenko publisher

If you have a Vladislav Mastenko file on your computer you may have noticed that Vladislav Mastenko pops up as the publisher in the User Account Control dialog when running the file. To view more information about the embedded certificate you can right-click on the file, then choose Properties and then select the Digital Signatures tab. According to the certificate we can see that Vladislav Mastenko seems to be located in Ukraine and that the certificate is issued by DigiCert Assured ID Code Signing CA-1.

Vladislav Mastenko cert

I decided to upload the Vladislav Mastenko file to VirusTotal. Currently, the detection rate is 21/56. Gen:Variant.Adware.Terkcop.32, Win32:FakeDownload-G [PUP], Gen:Variant.Adware.Terkcop.32 and a variant of Win32/Adware.MultiPlug.NI are some of the detection names.

Vladislav Mastenko virustotal

Did you also find a file digitally signed by Vladislav Mastenko? What kind of download was it and where did you find it?

Thanks for reading.

LLC BK UKRBUDMONTAZH – 11% Anti-Virus Detection – Amonetize

Welcome! Short on time today, but I just wanted to give you the heads up on a publisher called LLC BK UKRBUDMONTAZH.

LLC BK UKRBUDMONTAZH publisher

If you have a LLC BK UKRBUDMONTAZH file on your machine you may have noticed that LLC BK UKRBUDMONTAZH is displayed as the publisher in the UAC dialog when double-clicking on the file. The certificate information can also be viewed from Windows Explorer. According to the certificate we can see that LLC BK UKRBUDMONTAZH seems to be located in Ukraine and that the certificate is issued by COMODO RSA Code Signing CA.

LLC BK UKRBUDMONTAZH cert

When I uploaded the LLC BK UKRBUDMONTAZH file to VirusTotal, it came up with a 11% detection rate. The file is detected as Trojan/Win32.TGeneric by Antiy-AVL, Amonetize (fs) by AVware, Trojan.Amonetize.2350 by DrWeb, a variant of Win32/Amonetize.EF potentially unwanted by ESET-NOD32 and Amonetize (fs) by VIPRE.

LLC BK UKRBUDMONTAZH virus report

Since you probably came here after finding a download that was digitally signed by LLC BK UKRBUDMONTAZH, please share what kind of download it was and if it was detected by the anti-malwares at VirusTotal.

Thanks for reading.