Tag Archives: Dublin

SAFe store btw – 42% Detection Rate At VirusTotal

Hello readers! Just a quick post on a publisher called SAFe store btw that I found while running some tests for the upcoming FreeFixer release. The suspicious file is named installer_jdownloader_English.exe.

SAFe store btw publisher

You may see “SAFe store btw” appear as the publisher when double-clicking on the installer_jdownloader_English.exe file. You can also see the SAFe store btw certificate by looking under the Digital Signature tab on the file’s properties. According to the certificate, SAFe store btw is located in Dublin in Ireland.

SAFe store btw cert

The scan result from VirusTotal below clearly shows why you should avoid the SAFe store btw file, unless you like bundled software. It is detected under names such as PUA/Outbrowse.Gen, Riskware/OutBrowse, Application.Bundler.Outbrowse.BA, Trojan.Win32.OutBrowse.dpuzhb and Suspici.FCDBA93D.

SAFE store btw anti-virus report

Did you also find an SAFe store btw? Do you remember the download link? Please post it in the comments below and I’ll upload it to VirusTotal to see if that one is also detected.

Thank you for reading.

“Start Now” – 45% Detection Rate – OutBrowse

Welcome! Just wanted to let you know about a publisher called Start Now before going back to writing some code for FreeFixer.

Start Now publisher

If you have a Start Now file on your machine you may have noticed that Start Now is displayed as the publisher in the UAC dialog when double-clicking on the file. It’s possible to view additional information about the certificate by right-clicking on the file, choosing properties and then clicking on the Digital Signatures tab. According to the certificate we can see that Start Now is located in Dublin, Ireland and that the certificate is issued by Go Daddy Secure Certificate Authority – G2.

Start Now cert

The detection rate is 25/56. Avira classifies Player.exe as PUA/Outbrowse.Gen, DrWeb detects it as Trojan.OutBrowse.413, F-Prot classifies it as W32/Outbrowse.B2.gen!Eldorado, F-Secure detects it as Application.Bundler.Outbrowse and VIPRE detects it as Adware.NSIS.Outbrowse.bu (v).

Start Now anti-virus report

Did you also find an Start Now? Do you remember the download link? Please post it in the comments below and I’ll upload it to VirusTotal to see if that one is also detected.

Thank you for reading.

Tiki Taka – 25% Anti-Virus Detection – OutBrowse / Revenyou

Welcome! Just a short post before I call it a day. I found yet another interesting file. It was  was signed by Tiki Taka.

Tiki Taka uac

You may see Tiki Taka appear as the publisher when double-clicking on the Player.exe file. Viewing the certificate information is also possible by looking under the digital signature tab for the file. Here the certificate says that Tiki Taka is located in Dublin, Ireland.

Tiki Taka certificate

I decided to upload the Tiki Taka file to VirusTotal. 25% of the scanners detected the file. PUA/Outbrowse.Gen, Trojan.OutBrowse.68, Win32/OutBrowse.BU potentially unwanted, PUP.Optional.OutBrowse and OutBrowse Revenyou are some of the detection names.

Tiki Taka anti-virus report

Did you also find an Tiki Taka? Do you remember the download link? Please post it in the comments below and I’ll upload it to VirusTotal to see if that one is also detected.

Thank you for reading.

Bon Don Jov – Anti-Virus Detection: 18% – OutBrowse Revenyou

Welcome! Did you just find a file that’s digitally signed by Bon Don Jov and came here to find more about it? You will see Bon Don Jov listed as the verified publisher in the User Account Control dialog that pops up if you try to run the file:

Bon Don Jov in the User Account Control dialog

To get more details on the publisher, you can view the embedded certificate by right-clicking on the file, and looking under the Digital Signatures tab. According to the certificate we can see that Bon Don Jov seems to be located in Dublin, Ireland and that the certificate is issued by GlobalSign CodeSigning CA – G2.

Bon Don Jov certificate - States that the publisher is located in Dublin, Ireland

10 of the scanners at VirusTotal detected the file. Win32:OutBrowse-X [PUP], APPL/Downloader.Gen, Trojan.OutBrowse.54, Win32/OutBrowse.BU potentially unwanted, OutBrowse Revenyou and OutBrowse (fs) were the detection names.

Bon Don Jov anti virus report. 18% Detection Rate. Detection name: OutBrowse

Did you also find a Bon Don Jov file? What kind of download was it? If you remember the download link, please post it in the comments below.

Thanks for reading.

Yes Apps – 36% Detection Rate – OutBrowse

Welcome! Short on time today, but I just wanted to give you the heads up on a publisher called Yes Apps.Yes Apps UAC

Typically you’d see the Yes Apps publisher name appear when double-clicking on the installer_jdownloader_English.exe file: You can also look at the Yes Apps certificate and digital signature by looking under the Digital Signatures tab on the file’s properties. According to the certificate, Yes Apps is located in Dublin, Ireland.

Yes Apps certificate

After uploading the Yes Apps file – installer_jdownloader_English.exe – to VirusTotal, it was clear that it’s probably better to delete the file than running it. The detection rate was 36% and some of the detection names were: Downloader.DGR, APPL/Downloader.Gen, PUP.Optional.OutBrowse, Adware-OutBrowse.e and Trojan.Win32.Generic!BT.

Yes Apps virustotal

Did you also find a file signed by Yes Apps? What kind of download was it and where did you find it?

Thank you for reading.

Mari Mara – 20% Detection Rate – PUP.Optional.Maru / OutBrowse Revenyou

Hello! Just wanted to let you know about a publisher called Mari Mara that I found earlier today. Here’s how the UAC dialog looks like when running the file:

Mari Mara publisher

You can also check the digital signature under the file’s properties. According to the certificate we can see that Mari Mara appears to be located in Dublin, Ireland and that the certificate is issued by GlobalSign CodeSigning CA – G2.

Mari Mara certificate

The VirusTotal report shows that the Mari Mara file should probably be avoided, since setup.exe is detected as Win-PUP/OutBrowse by AhnLab-V3, Mari.668 by AVG, PUA.OutBrowse by Ikarus, PUP.Optional.Maru by Malwarebytes and OutBrowse Revenyou by Sophos.

Mari Mara virustotal

Did you also find a Mari Mara file? What kind of download was it? If you remember the download link, please post it in the comments below.

Thank you for reading.