Tag Archives: MultiPlug

Vega Resource, LLC – 16% Detection Rate – HEUR:AdWare.Win32.Generic

Hello readers! Just a short post on a publisher called Vega Resource, LLC. I just found a download named “Download.exe” that was digitally by this publisher, and it turns out that it is detected by some anti-virus programs.

Vega Resource, LLC publisher

This is how it looks when double-clicking on the file and Vega Resource, LLC appears as the publisher. It is also possible to check a digital signature by looking at a file’s properties. Here’s a screenshot of the Vega Resource, LLC certificate.

Vega Resource, LLC certificate

By clicking at the Certificate Path tab, we can see that Thawte has issued the certificate:

Vega Resource LLC cert path

The scan result from VirusTotal below clearly shows why you should avoid the Vega Resource, LLC file. It is detected under names such as Generic6.BURQ, a variant of Win32/Adware.MultiPlug.NX, Unwanted-Program ( 004ccd421 ), not-a-virus:HEUR:AdWare.Win32.Generic, PE:Packer.Win32.Mian007.a!1074235325 and Trojan.Agent/Gen-Downloader.

Vega Resource anti-virus report

Did you also run into a download that was digitally signed by Vega Resource, LLC? What kind of download was it and was it reported by the anti-malwares at VirusTotal? Please share in posting comments below.

Hope this blog post helped you avoid some unwanted software on your machine.

Thanks for reading.

Roman Ershov – 18% Detection Rate Says VirusTotal

Welcome! Just wanted to give you the heads up on files digitally signed by Roman Ershov.

Roman Ershov pop up

The certificate is issued by Certum Code Signing CA. Mr Ershov appears to be located in Russia.

Roman Ershov certificate

The reason I’m writing this blog post is that the Roman Ershov file is detected by many of the anti-malware progams at VirusTotal. Avast classifies Download.exe as Win32:FakeDownload-G [PUP], Avira names it TR/Crypt.XPACK.Gen, Microsoft classifies it as SoftwareBundler:Win32/InstalleRex and VIPRE classifies it as MultiPlug (v).

Roman Ershov anti-virus report

Did you also find a Roman Ershov file? What kind of download was it?

Thanks for reading.

Ostap Hohlov – 39% Detection Rate – MultiPlug / MPlug / InstalleRex

Hello! Just wanted to give you the heads up on files digitally signed by Ostap Hohlov.

Ostap Hohlov publisher

It is also possible to check a digital signature by looking at a file’s properties. Here’s a screenshot of the Ostap Hohlov certificate.

Ostap Hohlov certificate

The problem with the Ostap Hohlov file is that it is detected by many of the anti-malware progams. Here are some of the detection names: Win32:FakeDownload-G [PUP], Gen:Variant.Adware.MPlug.62, PUP.Optional.MultiPlug, SoftwareBundler:Win32/InstalleRex and MultiPlug (v).

Ostap Hohlov anti-virus report

Did you also run into a download that was digitally signed by Ostap Hohlov? What kind of download was it and was it detected by the anti-malwares at VirusTotal? Please share by posting a comment.

Thank you for reading.

Oleg Odincov – VirusTotal Reports “MultiPlug”

Hello readers! Just a quick post on a publisher called Oleg Odincov that I found while running some tests for the upcoming FreeFixer release.

Here how Oleg Odincov appears in the UAC dialog when double-clicking on the file:

Oleg Odincov publisher

I’m still waiting on the results from VirusTotal, but it sure looks like another variant of the unwanted MultiPlug software.

Oleg Odincov certificate

Did you also find an Oleg Odincov? Do you remember the download link? Please post it in the comments below and I’ll upload it to VirusTotal to see if that one is also detected.

Thanks for reading.

Artur Flomenko – 11% Detection Rate

Welcome! Just wanted to give you the heads up on files digitally signed by Artur Flomenko.

Artur Flomenko publisher

If you have a Artur Flomenko file on your machine you may have noticed that Artur Flomenko is displayed as the publisher in the UAC dialog when double-clicking on the file. The certificate is issued by Certum Code Signing CA. Mr Flomenko is located in Ukraine.

Artur Flomenko cert

So, what does the anti-virus programs say about the Artur Flomenko file? No problem, I just uploaded the file to VirusTotal and it turned out that some of the anti-virus programs detects the Artur Flomenko file, with names such as Win32:FakeDownload-G [PUP], a variant of Win32/Kryptik.DPGT, Trojan.Downloader, Trj/Genetic.gen and PE:AdWare.Win32.MultiPlug.aq!1075358402.

Artur Flomenko virustotal

Did you also find an Artur Flomenko? Do you remember the download link? Please post it in the comments below and I’ll upload it to VirusTotal to see if that one is also detected.

Thanks for reading.

Egor Klochko – 34% Detection Rate – MultiPlug / Graftor

Welcome! Just a note on a publisher called Egor Klochko. The Egor Klochko download – Download Uc Browser V Handler Zip.exe – was detected when I uploaded it to VirusTotal. Did you also find a download by Egor Klochko? Was it also detected when you uploaded it to VirusTotal?

Egor Klochko publisher

Typically you’d see the Egor Klochko publisher name appear when double-clicking on the Download Uc Browser V Handler Zip.exe file: It is also possible to check a digital signature by looking at a file’s properties. Here’s a screenshot of the Egor Klochko certificate.

Egor Klochko certificate

The VirusTotal report shows that the Egor Klochko file should be avoided, since Download Uc Browser V Handler Zip.exe is detected as Trojan.Adware.Graftor.D31885 by Arcabit, Gen:Variant.Adware.Graftor.202885 by BitDefender and PUP.Optional.Multiplug by Malwarebytes.

Egor Klochko anti-virus report

Did you also find a Egor Klochko file? Do you remember where you downloaded it?

Thank you for reading.

SERGEY NIKITIN – Detected as MultiPlug, Graftor, Qudamah etc

Hello! Just a short post on a publisher called SERGEY NIKITIN. I just found a download named Download.exe that was digitally signed by this publisher, and it turns out that it is detected by some anti-virus programs.

SERGEY NIKITIN publisher

You can also look at the SERGEY NIKITIN certificate and digital signature by looking under the Digital Signatures tab on the file’s properties. According to the certificate, SERGEY NIKITIN is located in Zaporizhia, Zaporizhska in Ukraine.

SERGEY NIKITIN certificate

The VirusTotal report shows that the SERGEY NIKITIN file should be avoided, since Download.exe is detected as Gen:Variant.Adware.Graftor.198034 by BitDefender, PUP.Optional.MultiPlug by Malwarebytes, Suspicious.Cloud.5 by Symantec and Trojan.Win32.Qudamah.Gen.4 by Tencent.

SERGEY NIKITIN virus report

Did you also find a SERGEY NIKITIN file?

Thanks for reading.

IGOR MIHAYLOV – 35% Detection Rate at VirusTotal

Hello! Just wanted to give you the heads up on files digitally signed by IGOR MIHAYLOV.

IGOR MIHAYLOV publisher

It is also possible to check a digital signature by looking at a file’s properties. Here’s a screenshot of the IGOR MIHAYLOV certificate. It seems Igor is located in Russia.

IGOR MIHAYLOV cert

These are the current VirusTotal detections for the file. Trojan.Adware.Graftor.D30592, Generic6.BBOM, a variant of Win32/Adware.MultiPlug.MN, Gen:Variant.Adware.Graftor and SoftwareBundler:Win32/InstalleRex as a few of the detection names for the file I found.

IGOR MIHAYLOV anti-virus report

Did you also find a IGOR MIHAYLOV file? Do you remember where you downloaded it?

Hope this blog post helped you avoid some unwanted software on your machine.

Thanks for reading.

Rodion Bordin – 33% Anti-Virus Detection Rate

Hello readers! Just a short note on a publisher called Rodion Bordin.

Rodion Bordin publisher

This is how it looks when double-clicking on the file and Rodion Bordin appears as the publisher. The certificate is issued by Certum Code Signing CA.

Rodion Bordin digital signature

So, why did I put up this blog post? Well, the thing is that the Rodion Bordin file is detected by many of the anti-malware scanners, according to VirusTotal. Ad-Aware detects the file as Trojan.Agent.BKMF, DrWeb names it Trojan.PWS.Qqpass.11207, Malwarebytes names it PUP.Optional.MultiPlug and Tencent classifies it as Trojan.Win32.Qudamah.Gen.0

Rodion Bordin anti-virus report

Did you also find a Rodion Bordin file? What kind of download was it? If you remember the download link, please post it in the comments below.

Thanks for reading.

Kiril Semyakov – 46% Detection Rate – Adware.Agent.PQH / Win32:FakeDownload-F

Hello readers! Just a quick post today, since I’m busy working with the next release of FreeFixer. Did you see a file on your system digitally signed by Kiril Semyakov? Then read on..

Kiril Semyakov publisher

Windows will display Kiril Semyakov as the publisher when running the file. It is also possible to check a digital signature by looking at a file’s properties. Here’s a screenshot of the Kiril Semyakov certificate.

Kiril Semyakov cert

According to this, Kiril is located in Ukraine.

The reason I’m writing this blog post is that the Kiril Semyakov file is detected by many of the anti-malwares at VirusTotal. Avast classifies the file as Win32:FakeDownload-F [PUP], F-Secure reports Adware.Agent.PQH, Ikarus detects it as PUA.Win32.InstalleRex, McAfee-GW-Edition detects it as MultiPlug-FYT and Sophos reports MultiPlug.

Kiril Semyakov anti-virus report

Did you also find a Kiril Semyakov file? What kind of download was it? If you remember the download link, please post it in the comments below.

Thank you for reading.