Hi there! Just a note on a publisher called Igor Menyalo. The Igor Menyalo download was detected when I uploaded it to VirusTotal. Did you also find a download by Igor Menyalo? Was it also detected when you uploaded it to VirusTotal?
That’s how it looks when double-clicking on the file and Igor Menyalo appears as the publisher. It is also possible to check a digital signature by looking at a file’s properties. Here’s a screenshot of the Igor Menyalo certificate.
Igor Menyalo appears to be located in Russia.
TR/Crypt.XPACK.Gen, Gen:Variant.Adware.Kazy.611186, W32/S-0625bdde!Eldorado, PUP.Optional.MultiPlug and Trojan.Win32.Qudamah.Gen.0 are some detection names according to VirusTotal:
I decided to run the Igor Menyalo signed file, and it offered three additional programs called PriceMinus, BestAdBlocker and MyPC Backup in the installer.
Did you also find an Igor Menyalo? Do you remember the download link? Please post it in the comments below and I’ll upload it to VirusTotal to see if that one is also detected.
Thank you for reading.
Hi there! Did you just find a file that’s digitally signed by Tiger Download and came to this blog to find more about it? I ran into this one while I was looking at the steady stream of files submitted to the FreeFixer library.
The reason for posting about Tiger Download is that the file is detected by many of the anti-virus programs. F-Secure classifies flashplayerpro_Setup.exe as Gen:Variant.Adware.Kazy.491026, Kaspersky detects it as not-a-virus:AdWare.Win32.iBryte.jig, Malwarebytes detects it as PUP.Optional.Fusion.A and VIPRE names it Optimum Installer (fs). Big thanks to VirusTotal for the scan report.
Another problem with the Tiger Download file is how it is named: “flashplayerpro”. Users might think that it is an official Flash Player setup file, but it’s not. The official Flash Player download should be signed by Adobe Systems Incorporated, not by Tiger Download. Here’s how the official Flash Player installer should look like when you run it:
Did you also find a Tiger Download file? Do you remember where you downloaded it?
Thanks for reading.
Hi there! Just wanted to give you the heads up on files digitally signed by Andrey Hmelnikov.
It is also possible to check a digital signature by looking at a file’s properties. Here’s a screenshot of the Andrey Hmelnikov certificate. He’s located in Russia.
So, what does the anti-virus programs say about the Andrey Hmelnikov file? No problem, I just uploaded the file to VirusTotal and it turned out that many of the anti-virus programs detects the Andrey Hmelnikov file, with names such as Gen:Variant.Adware.Kazy, and MultiPlug.
To see more in details what changes the Andrey Hmelnikov file would do on a user’s computer I decided to run the file on my lab machine. The installer bundled some additional software such as GoSave and YoutubeAdBlocke.
Did you also find an Andrey Hmelnikov file? Do you remember the download link? Please post it in the comments below and I’ll upload it to VirusTotal to see if that one is also detected.
Thank you for reading.
Hi there! Just a quick Sunday post on a file named flashplayerpro_Setup.exe signed by Liquidbuild that I found while reviewing some files submitted to the FreeFixer database of files. The problem is that flashplayerpro_Setup.exe is not an official Flash Player download. If it was, it should be digitally signed by Adobe Systems Incorporated.
When I uploaded the Liquidbuild file to VirusTotal, it came up with a 28% detection rate. The file is detected as Adware/iBryte.bxow by Avira, Gen:Variant.Kazy.466717 by BitDefender, Gen:Variant.Kazy.466717 by F-Secure and Optimum Installer (fs) by VIPRE. It’s probably better to stay away from this file.
Did you also find a Liquidbuild file?
Thanks for reading.
Stumbled on a file this morning, digitally signed by Igor Kramoren.
The issue with the Igor Kramoren file is that it is detected by many of the anti-virus programs. Here are some of the detection names:
- BitDefender Gen:Variant.Zusy.100672
- DrWeb Trojan.Siggen6.21336
- ESET-NOD32 a variant of Win32/AdWare.MultiPlug.AQ
- F-Secure Gen:Variant.Zusy.100672
- Ikarus AdWare.Graftor
- Malwarebytes PUP.Optional.InstallRex
- McAfee PUP-FMH
- Panda Trj/Kazy.AS
Did you also find a file digitally signed by Igor Kramoren? What kind of download was it and where did you find it?