Tag Archives: InstalleRex

IGOR MIHAYLOV – 35% Detection Rate at VirusTotal

Hello! Just wanted to give you the heads up on files digitally signed by IGOR MIHAYLOV.


It is also possible to check a digital signature by looking at a file’s properties. Here’s a screenshot of the IGOR MIHAYLOV certificate. It seems Igor is located in Russia.


These are the current VirusTotal detections for the file. Trojan.Adware.Graftor.D30592, Generic6.BBOM, a variant of Win32/Adware.MultiPlug.MN, Gen:Variant.Adware.Graftor and SoftwareBundler:Win32/InstalleRex as a few of the detection names for the file I found.

IGOR MIHAYLOV anti-virus report

Did you also find a IGOR MIHAYLOV file? Do you remember where you downloaded it?

Hope this blog post helped you avoid some unwanted software on your machine.

Thanks for reading.

Arseniy Petrov – 39% Detection Rate – MultiPlug / InstalleRex / Qudamah

Hello readers! Sorry for the lack of posts during last week. I’ve been having a few days off.

This morning I playing around and testing some downloads when I found a file signed by Arseniy Petrov.

Arseniy Petrov publisher

Windows will display Arseniy Petrov as the publisher when running the file. It is also possible to check a digital signature by looking at a file’s properties. Here’s a screenshot of the Arseniy Petrov certificate.

Arseniy Petrov certificate

Arseniy Petrov is located in Ukraine according to the cert.

22 of the anti-virus scanners detected the file. Avira names Download Uc Browser V Handler Zip.exe as TR/Crypt.XPACK.Gen, BitDefender reports Gen:Variant.Adware.Mplug.45, Malwarebytes detects it as PUP.Optional.MultiPlug, Microsoft detects it as SoftwareBundler:Win32/InstalleRex, Sophos reports MultiPlug and Tencent reports Trojan.Win32.Qudamah.Gen.2.

Arseniy Petrov anti-virus report

Did you also find a Arseniy Petrov file? Do you remember where you downloaded it?

Thank you for reading.

Saul Perec VirusTotal Report – 38% Detection Rate

Just found a download digitally signed by Saul Perec. I’d recommend being careful if you also have downloaded a file signed by Saul Perec. This the the VirusTotal scan for the Saul Perec file:

Saul Perec Virus Total

Luckily Windows warns when launching a downloaded file and shows the publisher information.

Saul Perec Publisher

You can also view the Saul Perec certificate by right-clicking on the file, and looking under the Digital Signature tab:

Saul Perec Certificate

Did you also find a file signed by Saul Perec? Where did you find it and what kind of download was it?

Artur Kozak Publisher – Digital Signature Warning!

Lately I’ve been looking on the digital signatures on those files that push various types of unwanted programs. This morning I found a new file in the FreeFixer database called digital-photo-2013-11-nov.pdf.exe, digitally signed by Artur Kozak.

You can see who the signer is when double-clicking on an executable file. Artur Kozak appears in the publisher field in the dialog that pops up. You can also see the Artur Kozak certificate under the digital signature tab.

So, why am I warning you about the Artur Kozak file? Check out what the anti-virus programs report about the file:


TSULoader, InstalleRex, Win32.Adload and Adware.Downware are some of the detection names reported by the anti-virus scanners.

Hope this helped you avoid getting some unwanted programs on your machine.

Where did you find the Artur Kozak file? What was the file called?

Daneil Jemoch Publisher – WARNING!

Just a quick post before starting todays programming on the FreeFixer tool. This is the second time I spot a file digitally signed by Daneil Jemoch that bundles lots of unwanted programs. Though I should warn you and hopefully save you from some unnecessary adware cleaning. You can see Daneil Jemoch appear as the publisher when running the file as shown below.

Daneil Jemoch Publisher - Excellent4App Daneil Jemoch publisher

You can also check who signed a file by checking the digital signature tab. The screenshot below shows the Daneil Jemoch certificate. From the certificate info we can see that Daneil Jemoch appears to be located in Kiev, Ukraine.


Daneil Jemoch, Kiev, Ukraine

The anti-virus programs have a decent detection rate for the Daneil Jemoch file:

Daneil Jemoch virus total

The anti-virus scanners refers to the file as Graftor, MultiPlug and InstalleRex.

Where did you find the  Daneil Jemoch signed file?

Hope you found this post useful. Please let me know by posting a comment.

Boris Burkin Publisher – WARNING

Just a short post before I call it a day. I found yet another file that bundled a bunch of unwanted programs, and the file was signed by Boris Burkin. Typically you’d see the Boris Burkin publisher name appear when double-clicking on the file:

Boris Burkin Publisher

You will also see Boris Burkin appear if you check the file’s digital signature.

Boris Burkin Digital Certificate

Boris Burkin, kyiv, kyivska

If you are considering to run the Boris Burkin signed file, I’ll advice you not to. Delete it instead. Just check out detection list by some of the anti-virus program:


The anti-virus program calls the file Trojan.AntiFW, InstalleRex, Adware.Downware, Win32.InfoLeak, Downloader.AdLoad, etc.

Did you also find a file digitally signed by Boris Burkin? Where did you find it and are the anti-virus programs detecting it? Please share in the comments below.

Sergey Petrov Digital Signature – Don’t Run The File

Recently I’ve been browsing around on some torrent sites to see what software downloads that are hiding behind the ads on these sites. One of the names that often shows up in the digital signature field is Sergey Petrov:

Sergey Petrov digital signature

You will also see Sergey Petrov listed as the verified publisher in the User Account Control dialog that pops up if you try to run the file:

Sergey Petrov AppReady

The Sergey Petrov signed files often use names of known TV-series or movies to trick users into running the file.

The scan result from VirusTotal below clearly shows why you should immediately delete the Sergey Petrov file. It is detected under names such as InstalleRex and Trojan.WebPick. 17 of the 52 anti-virus programs detect the file:

Sergey Petrov Virustotal

Hope this saved you from some unnecessary malware cleaning. In case you’ve already run one of the Sergey Petrov signed files, you can examine your system with FreeFixer to make sure your computer is clean.