Hi there! Just wanted to give you the heads up on files digitally signed by safe InStAll OPT.

You can see who the signer is when double-clicking on an executable file. safe InStAll OPT appears in the publisher field in the dialog that pops up. To get more details on the publisher, you can view the certificate by right-clicking on the file, and looking under the Digital Signatures tab. According to the certificate we can see that safe InStAll OPT appears to be located in Ireland and that the certificate is issued by thawte SHA256 Code Signing CA.

Here’s Thawte in the certificate chain:

When I uploaded the file to VirusTotal – as I usually do when I find something that looks suspicious – 28% of the antivirus scanners detected the file. The file is detected as Downloader.USS by AVG, PUP.Optional.Bundle by Malwarebytes and Adware-OutBrowse.h by McAfee-GW-Edition.

Did you also find a safe InStAll OPT file? What kind of download was it? If you remember the download link, please post it in the comments below.

Thanks for reading.

Hello readers! If you are a regular here on the FreeFixer blog, you know that I’ve been examining files that have a digital signature and bundle various types of potentially unwanted software. Today I found another publisher named viD PLAY that bundles some software.

If you have a viD PLAY file on your computer you may have noticed that viD PLAY pops up as the publisher in the User Account Control dialog when running the file. The certificate is issued by thawte SHA256 Code Signing CA.

Thawte at the root in the certificate chain:

After uploading the viD PLAY file – Player.exe – to VirusTotal, it was clear that it’s probably better to delete the file than running it. The detection rate was 33% and some of the detection names were: Downloader.UIA, PUP.Optional.Vidplay, Adware-OutBrowse.h and OutBrowse.

Did you also find a viD PLAY file? What kind of download was it? If you remember the download link, please post it in the comments below.

Thank you for reading.