Category Archives: digital signature

Onekit Internet S.L – VirusTotal Scan Report

July 25, 2014digital signatureRoger Karlsson

I’ve previously written about JDownloader. Today I noticed that another company called Onekit Internet S.L has signed the JDownloader file.

When I tested the installer, the following programs were bundled and disclosed in the installer:

SoftwareUpdater
iRobinHood Partners Addon
Remote Desktop Access (VuuPC)
PC Speed Up
PassWidget

10 of the anti-virus scanners are detecting the the Onekit Internet S.L file:

Saul Perec VirusTotal Report – 38% Detection Rate

July 13, 2014digital signatureGraftor, InstalleRexRoger Karlsson

Just found a download digitally signed by Saul Perec. I’d recommend being careful if you also have downloaded a file signed by Saul Perec. This the the VirusTotal scan for the Saul Perec file:

Luckily Windows warns when launching a downloaded file and shows the publisher information.

You can also view the Saul Perec certificate by right-clicking on the file, and looking under the Digital Signature tab:

Did you also find a file signed by Saul Perec? Where did you find it and what kind of download was it?

KOMPANIYA КRЕАТА LLC – Detected by 16 anti-virus scanners

July 12, 2014digital signatureAmonetiz, AmonetizeRoger Karlsson

Just wanted to give you the heads up on a publisher called KOMPANIYA КRЕАТА LLC. When I scanned the KOMPANIYA КRЕАТА LLC file, it was detected by 16 of the anti-virus scanners at VirusTotal. Many of the scanners detects it as Amonetiz or Amonetize.

Here’s how KOMPANIYA КRЕАТА LLC appears when running the downloaded file.

You can also view the KOMPANIYA КRЕАТА LLC certificate from the file’s properties. KOMPANIYA КRЕАТА appears to be a Ukrainian company.

Did you also find a file signed by KOMPANIYA КRЕАТА? Where did you find it and what kind of download was it?

Software Updater LLC – VirusTotal and Bundling Report

July 12, 2014adware, digital signatureBundleApp_r, CryptVittalia, VittaliaRoger Karlsson

Found a download a few days ago called JDownloader which was digitally signed by Software Updater LLC.

What caught my attention was the VirusTotal scan report where 12 of the anti-virus programs detected the Software Updater LLC file:

Some of the detection names are BundleApp_r, Trojan.Generic, CryptVittalia, and Adware.Win32.Vittalia.

By looking at the certificate information, it appears that Software Updater LLC is located in Delaware in the United States.

Since the download was detected by some of the anti-virus programs I got curious to see what the Software Updater LLC file installed: Webssearches, SaveClicker, “Help fight Cancer”, VuuPC, PriceMeter, PlusHD and “Acelar el PC” are the programs I could see bundled with the Software Updater LLC download.

Have you also found a download signed by Software Updater LLC? What kind of download was it and where did you find it?

SITE ON SPOT Ltd – Detected by 20 of the 51 anti-virus programs

July 10, 2014digital signatureIsrael, Tel AvivRoger Karlsson

Just a short post on the SITE ON SPOT Ltd. publisher. I found a download called “FlvPlayer”, digitally signed by SITE ON SPOT Ltd. this morning. After uploading the file to VirusTotal, it is clear why it’s a good idea to be careful. 20 of the 54 anti-virus programs detects the SITE ON SPOT Ltd. file:

The SITE ON SPOT Ltd. publisher will appear when double-clicking on the file:

The certificate information can also be viewed from Windows Explorer. The certificate shows that SITE IN SPOT is located in Tel Aviv, Israel.

Did you also find a file signed by SITE ON SPOT Ltd.? What kind of download was it and where did you find it?

Update 2015-02-19: Found another file, signed by “Site on Spot Limited“. I guess it could be from the same publisher.

Alexey Kurilenko – Digital Certificate Warning!

July 10, 2014digital signatureRoger Karlsson

Sorry for the lack of blog posts during the last two weeks. Back to Stockholm after some vacation. Just wanted to give you the heads up on files digitally signed by Alexey Kurilenko. These files may not install what their filename suggests. Just check out the scan results from VirusTotal:

You may see Alexey Kurilenko appear as the publisher when double-clicking on the file. The program name appears as Installer for Wideblue installer.

It’s also possible to view the Alexey Kurilenko certificate by looking at the files properties:

According to the certificate, Alexey Kurilenko is located in Russia.

Did you also find a file signed by Alexey Kurilenko? Where did you find it, and what kind of download was it?

Unitech LLC – Digital Signature Warning!

June 28, 2014digital signatureRoger Karlsson

Short on time today, but I just wanted to give you the heads up on a publisher called Unitech LLC.

I found this file while browsing around at torrent site a few days ago. The file is digitally signed by Unitech LLC, which according to the digital certificate is located in Moscow, Russia:

The reason I’m writing this post is that the Unitech LLC file is detected by some of the anti-virus programs:

Did you also find a Unitech LLC file? What kind of download was it? Was it also detected by the anti-virus programs at VirusTotal?

Igor Moroz – Digital Signature Warning!

June 28, 2014digital signatureRoger Karlsson

Just wanted to give you the heads up on another publisher, named Igor Moroz, that bundles some software. If you have a Igor Moroz file on your machine you may have noticed that Igor Moroz is displayed as the publisher in the UAC dialog when double-clicking on the file.

You can also look at the Igor Moroz certificate and digital signature by looking under the Digital Signatures tab on the file’s properties. According to the certificate, Igor Moroz is located in Kiev, Ukraine.

These are the current VirusTotal detections for the file. TSULoader, InstallRex, InstalleRex and AntiFW are some of the detections shown by the anti-virus scanners.

If you already have installed the software packaged with the Igor Moroz file, you can delete these unwanted programs, files and settings with help from the FreeFixer tool.

Where did you find the Igor Moroz file? What kind of download was it?

Sergey Panov Publisher – Warning!

June 16, 2014digital signatureRoger Karlsson

If you are a regular here on the FreeFixer blog, you know that I’ve been examining files that have a digital signature and bundle various types of potentially unwanted software. Today I found another publisher named Sergey Panov that bundles some software.

If you have a Sergey Panov file on your computer you may have noticed that Sergey Panov pops up as the publisher in the User Account Control dialog when running the file.

You can also examine the Sergey Panov certificate and digital signature by looking under the Digital Signatures tab on the file’s properties. According to the certificate, Sergey Panov is located in Kiev, Ukraine.

These are the current VirusTotal detections for the file. I’d say the 16/52 detection rate by the anti-virus programs is ok.

In case you have already installed the programs bundled with the Sergey Panov download, you can remove these unwanted programs, files and settings with help from the FreeFixer tool.

Where did you find the Sergey Panov download? What kind of download was it?

Overall Media, Inc. – Bundling and VirusTotal detections.

June 14, 2014digital signatureSkypeRoger Karlsson

A few days ago I found a download that was digitally signed by a company called Overall Media, Inc. What caught my attentions was that the download was called SkypeSetup.exe and used the Skype icon for the installer file. This might look like an official Skype download, but it is not.