Fileangels – Detected as IBryte and OptimunInstaller

Welcome! Just a note on a publisher called Fileangels. The Fileangels download – setup.exe – was detected when I uploaded it to VirusTotal. Did you also find a download by Fileangels? Was it also detected when you uploaded it to VirusTotal?

This is how Fileangels appears when running the file:

fileangels publisher

By looking at the certificate we can see that Fileangels appears to be located in Kansas City, USA.

Fileangels certificate

The reason I’m writing this blog post is that the Fileangels file is detected by some of the anti-malware scanners at VirusTotal. AVG detects setup.exe as AdPlugin.BNR, Fortinet detects it as W32/Zbot.AAN!tr, Kaspersky detects it as Trojan.Win32.Badur.jukw, Malwarebytes reports PUP.Optional.OptimunInstaller and McAfee detects it as IBryte-FRT. In addition, the Fileangels download was also promoted as a “Java Update”.

fileangels virustotal ibryte

Did you also find a file digitally signed by Fileangels? Where did you find it and are the anti-virus programs detecting it? Please share in the comments below.

Thanks for reading.

11 thoughts on “Fileangels – Detected as IBryte and OptimunInstaller

  1. Got an alert to update my Flash player – it started downloading automatically. When you click on the file it shows signed by Fileangels. No anti-virus warning, but since it wasn’t signed by Adobe I did a quick websearch to see if it was legit.

  2. I am getting this also. It shuts down my computer if I don’t comply. I downloaded Java directly from Oracle and things went smoothly until I tried to send an e-card on 123 Greetings. I got it ready to send and up pops the warning to update. The card was lost as well as the connection to 123 Greetings.
    Also have had it pop up on Yahoo Sports.
    How do we stop this thing?

  3. It appears, oddly, when I access a Cook County (Illinois) site, and starts to auto download “Java” after it flashes a messages that my Java needs updating, which it does not. I am trying to find a way to remove this malware from my system…(and no, it doesn’t appear to show up as a program or extension, so I am digging through my Registry)

  4. Interestingly, I have Mcaffee virus detector that had not been detecting this before. Ran a full scan recently, it found the programs and quarantined them.

    Some other quick fixes: I used a system restore to a date prior to when I think this stuff showed up. That helped, but when I updated microsoft, it was back. I think there is a patch issue.

    The BEST way to get rid of this crap is also the most complicated, and that is to kill it on registry directory, but you will have to know a thing or two before going into that…

    Also check your extensions et al on Google Chrome, sometimes this stuff has “permission” on there, and if you turn permission off, it goes away…

    so try running a full scan of whatever protection program you have
    try system restore
    Registry directory eventually (the registry id for this crap will eventually show up on the web and will be findable via a Google search, but until then, I wouldn’t fool with this method)

  5. This first appeared as a Java Update Alert while using a website on Chrome. After declining the alert download several times it closes down the website. I’ve checked Chrome extensions, plugins, etc. with no luck. I’ve also run Norton Power Eraser, Freefixer and McAfee scans with no luck. It’s probably in the registry directory but I’m not going there. Does anyone know how to get rid of this curse?

  6. ok, after researching this pretty extensively- because that crap rendered my websearches on a PC almost useless as it would pop up on every website- I found a solution that works for me (so far, as my other solutions worked for a while and then stopped) and that is a downloadable Malware destroyer called malwarebytes (can be found at

    I am usually against downloading these “fixes” as many of them are inundated with malware themselves, but this one seemed to be clean, have a great internet wide reputaion, and its free (you can upgrade to a premium version, but everything i read suggested against that as it would interfere some how with your other antivirus program, if you have one).

    It uncovered dozens of malware that I had presumed was deleted by my Mcaffee program but was not, which explained why I would ocassionally get “return” malware….

Comments are closed.