Shetef Solutions & Consulting (1998) Ltd. – 25% Detection Rate

Good evening! Lately I’ve been looking on the digital signatures on those files that push various types of unwanted programs. Right now I found a new file called FlashPlayer__6741_i1387048386_il2537.exe, digitally signed by Shetef Solutions & Consulting (1998) Ltd..

Shetef Solutions Consulting 1998 Ltd Publisher

You can also look at the Shetef Solutions & Consulting (1998) Ltd. certificate and digital signature by looking under the Digital Signatures tab on the file’s properties. According to the certificate, Shetef Solutions & Consulting (1998) Ltd. is located in Rannana, Israel. The certificate appears to relatively new. Its validity began on the 13th of October.

Shetef Solutions certificate, Rannana, Israel

The issue here is that if FlashPlayer__6741_i1387048386_il2537.exe really was an installer file for Flash Player, it should have been digitally signed by Adobe System Incorporated and not by some unknown company. This looks suspicious.

The VirusTotal report shows that the Shetef Solutions & Consulting (1998) Ltd. file should be avoided, since FlashPlayer__6741_i1387048386_il2537.exe is detected as Adware.Downware.8876 by DrWeb, Gen:Variant.Graftor.161610 by F-Secure and PUP.Optional.Amonetize by Malwarebytes.

Shetef Solutions & Consulting (1998) Ltd. virustotal report

Since the download was detected I decided to give it a try to see what it installed. During my test I could see Wajam, Salus – Net Protector and My Start Search install on my lab machine.

Did you also find a file digitally signed by Shetef Solutions & Consulting (1998) Ltd.? What kind of download was it and where did you find it?

Thanks for reading.

4 thoughts on “Shetef Solutions & Consulting (1998) Ltd. – 25% Detection Rate

  1. The problem is that when I opened a file with the Shetef consulting thing, ( it was a torrent ) my browser got hijacked, my homepage replaced with a “Trove” browser. Obviously this is malware as tens of adds and warnings start popping up to the degree that I cannot USE this new bogus search engine! WORST of all is the fact that even MalwareBytes and Windows Defender are “side-stepped” by this bogus search page. It also does not show up on the “programs and features” sub-menu, so I cannot effectively “uninstall” it!!! Man, these malware ( are these fake search-pages “bots?” “trojans?” “root kits”? …??) are a BITCH to get rid of!!! I even tried calling up the “task manager.” Same problem!, These fake search engines do not show up on the “task manager” screen! So I can’t use that, either!!! And MalwareBytes merely “caused” the bogus search engine to change to ANOTHER bogus search engine!!! What do I do NOW?

  2. Since I am temporarily FORCED to use one of these bogus “browsers”, I can only guess that I am using somebody ELSE’S computer with them WATCHING EVERYTHING I DO OR SAY!!!!
    That’s no good. hey hey hey. How do I make these sinister trojans ( or whatever the heck they are ) GO AWAY!??!

  3. I am trying to download secrets of droon book series but cant find it anywhere
    so i came along to this website and every time i download the program come up with that notice.
    window 8

Comments are closed.