V.X. Technocom – Bundling, VirusTotal Detections and Digital Signature Information

If you’ve been following my recent posts here on the FreeFixer blog, you know that I’ve been looking at files that have a valid digital signature and bundle various types of potentially unwanted programs. A few days ago I found another publisher named V.X. Technocom that bundles software.

The file was called Game_of_Thrones_S04E02_HDTV_x264-2HD[ettv].exe.

If you have a V.X. Technocom download on your computer you may have noticed that Closed Joint-Stock Company “V.X. Technocom appears as the publisher in the UAC dialog when double-clicking on the file.

V.X. Technocom Publisher

You can also see the V.X. Technocom certificate by looking under the Digital Signature tab on the file’s properties. According to the certificate, V.X. Technocom is located in Moscow, Russia.

v.x.-technocom-digital-signature

v.x.-technocom-moscow-russia

These are the current VirusTotal detections for the file. Adware/Savy.ahdd and GetPrivate are the detection names by AntiVir and VIPRE:

v.x.-technocom-closed-joint-stock-company-getprivate-adware-savy.ahdd

Since the download was detected I decided to give it a try to see what it installed. During my test I could see AduckySweet-Page, ShopperFriend and Block-N-Surf, as shown in the screenshots below:

v.x.-technocom is bundling SweetPage v.x.-technocom is bundling Block-N-Surf v.x-technocom ShopperFriendaducky

After accepting the offers a bunch of new files and settings appeared. Here are some of the files:

  • WindowsUpdater.exe
  • winsystem.exe
  • svcsystem.exe
  • PluginService.exe
  • privoxy.exe

A bunch of new ads also started to pop up, labeled monkeytize and RightCoupon.

Monkeytize Ads

You can remove these unwanted ads, files and settings with help from the FreeFixer tool.

Where did you find the V.X. Technocom download? What kind of download was it?