Tag Archives: MultiPlug

YURIY DRACHEV – VirusTotal Detects The Download as “MultiPlug”

Welcome! Just a quick post today. Did you just find a file signed by YURIY DRACHEV? Then read on..

YURIY DRACHEV publisher

Windows will display YURIY DRACHEV as the publisher when running the file. It is also possible to check a digital signature by looking at a file’s properties. Here’s a screenshot of the YURIY DRACHEV certificate. Yuriy is according to the cert located in Russia.

YURIY DRACHEV certificate

If you are considering to run the YURIY DRACHEV signed file, I’ll advice you not to. This is yet another variant of the unwanted MultiPlug software.

Thanks for reading.

VIKTOR AGRAPOVICH – 35% Detection – MPlug / MultiPlug

Hi there! Just a short post before I call it a day. I found yet another file that bundled a bunch of unwanted programs, and the file was signed by VIKTOR AGRAPOVICH.

VIKTOR AGRAPOVICH publisher

Typically you’d see the VIKTOR AGRAPOVICH publisher name appear when double-clicking on the file: It is also possible to check a digital signature by looking at a file’s properties. Here’s a screenshot of the VIKTOR AGRAPOVICH certificate. Viktor seems to be located in Russia.

VIKTOR AGRAPOVICH cert

The scan result from VirusTotal below clearly shows why you should avoid the VIKTOR AGRAPOVICH file. It is detected under names such as Generic6.AYBD, Gen:Variant.Adware.Mplug, Trojan ( 0040fa761 ), PUP.Optional.MultiPlug and MultiPlug-FXN.

VIKTOR AGRAPOVICH virus total

Did you also find a VIKTOR AGRAPOVICH file?

Thank you for reading.

ALEKSEY TIMOFEEV – 32% Detection Rate

Hello! Just a note on a publisher called ALEKSEY TIMOFEEV. The ALEKSEY TIMOFEEV download was detected when I uploaded it to VirusTotal. Did you also find a download by ALEKSEY TIMOFEEV? Was it also detected when you uploaded it to VirusTotal?

ALEKSEY TIMOFEEV publisher

If you have a ALEKSEY TIMOFEEV file on your computer you may have noticed that ALEKSEY TIMOFEEV pops up as the publisher in the User Account Control dialog when running the file. The certificate is issued by Certum Code Signing CA.

ALEKSEY TIMOFEEV certificate

Aleksey appears to be located in Russia.

The scan result from VirusTotal below clearly shows why you should avoid the ALEKSEY TIMOFEEV file. It is detected under names such as a variant of Win32/Adware.MultiPlug.LX, Gen:Variant.Adware.Mplug and Trojan.Win32.Qudamah.Gen.2.

ALEKSEY TIMOFEEV anti-virus report

Did you also find a ALEKSEY TIMOFEEV download? What kind of download was it?

Thank you for reading.

SERGEY STAROSTIN – 12% Detection Rate – MultiPlug

Hello readers! Did you just find a file that’s digitally signed by SERGEY STAROSTIN and came here to find more about it?

SERGEY STAROSTIN publisher

You can see who the signer is when double-clicking on an executable file. SERGEY STAROSTIN appears in the publisher field in the dialog that pops up. The certificate is issued by Certum Code Signing CA. Sergey is located in Russia.SERGEY STAROSTIN certificate

So, why am I writing about the SERGEY STAROSTIN file? Check out what the anti-malware scanners report about the file:

SERGEY STAROSTIN virus total

are a few of the detection names for Medal Of Honour PC Game Full version Free Download.exe.

Did you also find a SERGEY STAROSTIN file? Do you remember where you downloaded it?

Thank you for reading.

ALEKSANDR SHORNIKOV – 30% Detection Rate at VirusTotal

Hi there! Just a quick post on a file digitally signed by ALEKSANDR SHORNIKOV.

ALEKSANDR SHORNIKOV publisher

If you have a ALEKSANDR SHORNIKOV file on your machine you may have noticed that ALEKSANDR SHORNIKOV is displayed as the publisher in the UAC dialog when double-clicking on the file. The certificate is issued by Certum Code Signing CA.

ALEKSANDR SHORNIKOV certificate

17 of the 56 anti-virus scanners detected the file. Avast classifies it as Win32:FakeDownload-E [PUP], Avira detects it as TR/Crypt.XPACK.Gen, F-Secure classifies it as Gen:Variant.Adware.MPlug, Tencent reports Trojan.Win32.Qudamah.Gen.2 and VBA32 detects it as suspected of Heur.Malware-Cryptor.Multiplug.

ALEKSANDR SHORNIKOV virus total report

Since you probably came here after finding a file that was digitally signed by ALEKSANDR SHORNIKOV, please share what kind of download it was and if it was detected by the anti-malware progams at VirusTotal.

Thank you for reading.

ALEKSANDR FEDOROV – 28% Detection Rate

Welcome! If you’ve been following me for the last year you know that I’ve been examining many software publishers that put a digital signature on their downloads. Today I found another publisher called ALEKSANDR FEDOROV.

ALEKSANDR FEDOROV publisher

You can see who the signer is when double-clicking on an executable file. ALEKSANDR FEDOROV appears in the publisher field in the dialog that pops up. It is also possible to check a digital signature by looking at a file’s properties. Here’s a screenshot of the ALEKSANDR FEDOROV certificate. According to that he is located in Russia.

ALEKSANDR FEDOROV certificate

The reason for posting about ALEKSANDR FEDOROV is that the file is detected by many of the anti-virus programs. Fortinet reports Download Uc Browser V Handler Zip.exe as Riskware/Badur, GData detects it as Gen:Variant.Adware.MPlug.42, Malwarebytes detects it as PUP.Optional.Multiplug and Tencent calls it Trojan.Win32.Qudamah.Gen.2.

ALEKSANDR FEDOROV

Since you probably came here after finding a download that was signed by ALEKSANDR FEDOROV, please share what kind of download it was and if it was reported by the anti-viruses at VirusTotal.

Thank you for reading.

Artem Leonidov – 18% Detection Rate – MultiPlug

Hello readers! Just a short note on a publisher called Artem Leonidov. This is how Artem Leonidov appears when running the file:

Artem  Leonidov publisher

The certificate is issued by Certum Code Signing CA. And the publisher is located in Russia:

Artem  Leonidov certificate

When I uploaded the file to VirusTotal – as I usually do when I find something that looks suspicious – 18% of the scanners detected the file. The file is detected as a variant of Win32/Adware.MultiPlug.LG by ESET-NOD32, PUP.Optional.Bundle by Malwarebytes, Trojan.Win32.Qudamah.Gen.6 by Tencent and suspected of Heur.Malware-Cryptor.Multiplug by VBA32.

Artem Leonidov virus total report

Did you also find a Artem Leonidov file? Do you remember where you downloaded it?

Thank you for reading.

Dmitry Taranov – 32% Detection Rate at VirusTotal.com

Welcome! Just wanted to give you the heads up on a publisher called Dmitry Taranov located in Ukraine.

Dmitry Taranov publisher

Typically you’d see the Dmitry Taranov publisher name appear when double-clicking on the Medal Of Honour PC Game Full version Free Download.exe file: The certificate is issued by Certum Code Signing CA.

Dmitry Taranov certificate

So what’s the problem? Well, currently 32% of the anti-virus scanners over at VirusTotal detected the file. Some of the detection names for the Medal Of Honour PC Game Full version Free Download.exe file are Gen:Variant.Adware.Mplug, Trojan ( 0040fa761 ), not-a-virus:Downloader.Win32.Agent.dlzx and MultiPlug.

Dmitry Taranov anti-virus report

Did you also run into a file that was digitally signed by Dmitry Taranov? What kind of download was it and was it reported by the anti-malwares at VirusTotal? Please share by posting a comment.

Thanks for reading.

VYACHESLAV KULOV – 30% Detection Rate at VirusTotal

Hello! Lately I’ve been looking on the digital signatures on those files that push various types of unwanted programs. This morning I found a new file called Medal Of Honour PC Game Full version Free Download.exe, digitally signed by VYACHESLAV KULOV.

VYACHESLAV KULOV publisher

You can see who the signer is when double-clicking on an executable file. VYACHESLAV KULOV appears in the publisher field in the dialog that pops up and he appears to be located in Russia. The certificate is issued by Certum Code Signing CA.

VYACHESLAV KULOV certificate

When I uploaded the VYACHESLAV KULOV file to VirusTotal, it came up with a 30% detection rate. The file is detected as a variant of Win32/Adware.MultiPlug.KU by ESET-NOD32, Gen:Variant.Adware.Mplug by F-Secure, MultiPlug by Sophos and suspected of Heur.Malware-Cryptor.Multiplug by VBA32.

VYACHESLAV KULOV anti-virus report

The download bundled a bunch of other software, such as PriceMinus and BestAdBlocker.

Did you also find a VYACHESLAV KULOV file? What kind of download was it? If you remember the download link, please post it in the comments below.

Thanks for reading.

Arseniy Petrov – 39% Detection Rate – MultiPlug / InstalleRex / Qudamah

Hello readers! Sorry for the lack of posts during last week. I’ve been having a few days off.

This morning I playing around and testing some downloads when I found a file signed by Arseniy Petrov.

Arseniy Petrov publisher

Windows will display Arseniy Petrov as the publisher when running the file. It is also possible to check a digital signature by looking at a file’s properties. Here’s a screenshot of the Arseniy Petrov certificate.

Arseniy Petrov certificate

Arseniy Petrov is located in Ukraine according to the cert.

22 of the anti-virus scanners detected the file. Avira names Download Uc Browser V Handler Zip.exe as TR/Crypt.XPACK.Gen, BitDefender reports Gen:Variant.Adware.Mplug.45, Malwarebytes detects it as PUP.Optional.MultiPlug, Microsoft detects it as SoftwareBundler:Win32/InstalleRex, Sophos reports MultiPlug and Tencent reports Trojan.Win32.Qudamah.Gen.2.

Arseniy Petrov anti-virus report

Did you also find a Arseniy Petrov file? Do you remember where you downloaded it?

Thank you for reading.