Tag Archives: InstalleRex

IGOR MIHAYLOV – 35% Detection Rate at VirusTotal

June 19, 2015digital signatureGraftor, InstalleRex, MultiPlug, RussiaRoger Karlsson

Hello! Just wanted to give you the heads up on files digitally signed by IGOR MIHAYLOV.

It is also possible to check a digital signature by looking at a file’s properties. Here’s a screenshot of the IGOR MIHAYLOV certificate. It seems Igor is located in Russia.

These are the current VirusTotal detections for the file. Trojan.Adware.Graftor.D30592, Generic6.BBOM, a variant of Win32/Adware.MultiPlug.MN, Gen:Variant.Adware.Graftor and SoftwareBundler:Win32/InstalleRex as a few of the detection names for the file I found.

Did you also find a IGOR MIHAYLOV file? Do you remember where you downloaded it?

Hope this blog post helped you avoid some unwanted software on your machine.

Thanks for reading.

Arseniy Petrov – 39% Detection Rate – MultiPlug / InstalleRex / Qudamah

May 25, 2015digital signatureInstalleRex, MultiPlug, UkraineRoger Karlsson

Hello readers! Sorry for the lack of posts during last week. I’ve been having a few days off.

This morning I playing around and testing some downloads when I found a file signed by Arseniy Petrov.

Windows will display Arseniy Petrov as the publisher when running the file. It is also possible to check a digital signature by looking at a file’s properties. Here’s a screenshot of the Arseniy Petrov certificate.

Arseniy Petrov is located in Ukraine according to the cert.

22 of the anti-virus scanners detected the file. Avira names Download Uc Browser V Handler Zip.exe as TR/Crypt.XPACK.Gen, BitDefender reports Gen:Variant.Adware.Mplug.45, Malwarebytes detects it as PUP.Optional.MultiPlug, Microsoft detects it as SoftwareBundler:Win32/InstalleRex, Sophos reports MultiPlug and Tencent reports Trojan.Win32.Qudamah.Gen.2.

Did you also find a Arseniy Petrov file? Do you remember where you downloaded it?

Thank you for reading.

Saul Perec VirusTotal Report – 38% Detection Rate

July 13, 2014digital signatureGraftor, InstalleRexRoger Karlsson

Just found a download digitally signed by Saul Perec. I’d recommend being careful if you also have downloaded a file signed by Saul Perec. This the the VirusTotal scan for the Saul Perec file:

Luckily Windows warns when launching a downloaded file and shows the publisher information.

You can also view the Saul Perec certificate by right-clicking on the file, and looking under the Digital Signature tab:

Did you also find a file signed by Saul Perec? Where did you find it and what kind of download was it?

Artur Kozak Publisher – Digital Signature Warning!

May 29, 2014digital signatureAdware.Downware, InstalleRex, TSULoader, Win32.AdloadRoger Karlsson

Lately I’ve been looking on the digital signatures on those files that push various types of unwanted programs. This morning I found a new file in the FreeFixer database called digital-photo-2013-11-nov.pdf.exe, digitally signed by Artur Kozak.

You can see who the signer is when double-clicking on an executable file. Artur Kozak appears in the publisher field in the dialog that pops up. You can also see the Artur Kozak certificate under the digital signature tab.

So, why am I warning you about the Artur Kozak file? Check out what the anti-virus programs report about the file:

TSULoader, InstalleRex, Win32.Adload and Adware.Downware are some of the detection names reported by the anti-virus scanners.

Hope this helped you avoid getting some unwanted programs on your machine.

Where did you find the Artur Kozak file? What was the file called?

Daneil Jemoch Publisher – WARNING!

May 26, 2014digital signatureGraftor, InstalleRex, MultiPlugRoger Karlsson

Just a quick post before starting todays programming on the FreeFixer tool. This is the second time I spot a file digitally signed by Daneil Jemoch that bundles lots of unwanted programs. Though I should warn you and hopefully save you from some unnecessary adware cleaning. You can see Daneil Jemoch appear as the publisher when running the file as shown below.

You can also check who signed a file by checking the digital signature tab. The screenshot below shows the Daneil Jemoch certificate. From the certificate info we can see that Daneil Jemoch appears to be located in Kiev, Ukraine.

The anti-virus programs have a decent detection rate for the Daneil Jemoch file:

The anti-virus scanners refers to the file as Graftor, MultiPlug and InstalleRex.

Where did you find the Daneil Jemoch signed file?

Hope you found this post useful. Please let me know by posting a comment.

Boris Burkin Publisher – WARNING

May 23, 2014adware, digital signature, trojanAdware.Downware, Downloader.AdLoad, InstalleRex, Trojan.AntiFW, Win32.InfoLeakRoger Karlsson

Just a short post before I call it a day. I found yet another file that bundled a bunch of unwanted programs, and the file was signed by Boris Burkin. Typically you’d see the Boris Burkin publisher name appear when double-clicking on the file:

You will also see Boris Burkin appear if you check the file’s digital signature.

If you are considering to run the Boris Burkin signed file, I’ll advice you not to. Delete it instead. Just check out detection list by some of the anti-virus program:

The anti-virus program calls the file Trojan.AntiFW, InstalleRex, Adware.Downware, Win32.InfoLeak, Downloader.AdLoad, etc.

Did you also find a file digitally signed by Boris Burkin? Where did you find it and are the anti-virus programs detecting it? Please share in the comments below.

Sergey Petrov Digital Signature – Don’t Run The File

May 5, 2014digital signature, trojandigital signature, InstalleRex, sergey petrov, Trojan.WebPickRoger Karlsson

Recently I’ve been browsing around on some torrent sites to see what software downloads that are hiding behind the ads on these sites. One of the names that often shows up in the digital signature field is Sergey Petrov:

Sergey Petrov digital signature

You will also see Sergey Petrov listed as the verified publisher in the User Account Control dialog that pops up if you try to run the file:

The Sergey Petrov signed files often use names of known TV-series or movies to trick users into running the file.

The scan result from VirusTotal below clearly shows why you should immediately delete the Sergey Petrov file. It is detected under names such as InstalleRex and Trojan.WebPick. 17 of the 52 anti-virus programs detect the file:

Hope this saved you from some unnecessary malware cleaning. In case you’ve already run one of the Sergey Petrov signed files, you can examine your system with FreeFixer to make sure your computer is clean.