If you are a regular here on the FreeFixer blog you know that I’ve been looking on the certificates used to sign files that bundled various types of unwanted software.
While I was looking around on some recently submitted files here on freefixer.com I found a file called java_setup.exe signed by a company called File Monarch. The problem here is that if this really was a setup file for Java, it would have been digitally signed by Oracle and not by some unknown company. This looks very suspicious. And the VirusTotal report shows that the File Monarch file should be avoided, since java_setup.exe is detected as Adware.IBryte, Optimum Installer and Trojan.Win32.Buzus.
This tactic appears to be pretty common to get users to install something that they didn’t want: Pop up some file and claim that Java or the Flash Player needs to be updated.
Well, hope that helped you avoid some adware or whatever this java_setup.exe file would install.
Did you also find some file signed by File Monarch, or a file falsely claiming to be a Java setup file? Where did you find them?
I’ll dig around a bit more in the FreeFixer database to see if there’s some other faked Java setup files.
Like an idiot, I downloaded this. Literally as I hit Install, my eye caught the bogus File Monarch as the publisher. Can’t believe I did something so dumb! Now I can’t find it in my program files. How to Uninstall? Thanks!
I have not tested the File Monarch myself, so I don’t know what it installs. If you have the download link for java_setup.exe, please post it, and I’ll test the file to see what it installs.
I’d also recommend a scan with some anti-malware program. FreeFixer can also help you identify and remove unwanted software on your machine.
So this has been popping up on my laptop for ages now, havn’t downloaded it, but it forces open on every other page i open, i have an active popup blocker which gets everything else but not this. I’ve ran security essentials/spybot etc. to which they say my computer is clean but this keeps happening, if you figure it out i would love to know how to fix this.
cheers
Filename: Drivers.exe
____________________________
Details
Stability Unknown, Very Few Users, Very New, Good
Origin
Downloaded from
Unknown
Activity
Actions performed: Suspicious actions performed: None
____________________________
Developers
File Monarch
Version
3.7.1.0
Identified
9/8/2014 at 6:28:58 PM
Last Used
Not Available
Startup Item
No
____________________________
Unknown
This program crash history is not known.
Very Few Users
Fewer than 5 users in the Norton Community have used this file.
Very New
This file was released less than 1 week ago.
Good
Norton has given this file a favorable rating.
____________________________
Source File:
drivers.exe
____________________________
File Thumbprint – SHA:
ef4c59fd447eb2c3a7b616042e16de8d4ebf5119200b443473d04da44ef48be3
File Thumbprint – MD5:
Not available