Hello! Just a quick post today, since I’m busy working with the next release of FreeFixer. Did you see a file, such as vlc-media-player.exe, on your system digitally signed by Hummingbird Limited? Then read on..
The certificate information can also be viewed from Windows Explorer. According to the embedded certificate we can see that Hummingbird Limited is located in Oakland in California, US and that the certificate is issued by VeriSign Class 3 Code Signing 2010 CA.
26% of the scanners detected the file. The vlc-media-player.exe file is detected as Trojan.Vittalia.456 by DrWeb, a variant of Win32/DownloadAdmin.N potentially unwanted by ESET-NOD32, PUP.Optional.DownLoadAdmin by Malwarebytes, DownloadAdmin by McAfee and Trojan.Win32.Generic!BT by VIPRE.
Did you also find a Hummingbird Limited file? Do you remember where you downloaded it?
Thank you for reading.
Hello! Just wanted to give you heads-up on suspicious file I found right now. The file is named vlc-media-player.exe and digitally signed by Social Voicing Solutions.
If you have a Social Voicing Solutions file on your machine you may have noticed that Social Voicing Solutions is displayed as the publisher in the UAC dialog when double-clicking on the file. Viewing the certificate information is also possible by looking under the digital signature tab for the file. Here the certificate says that Social Voicing Solutions is located in San Fransisco in California, US.
VeriSign has issued the certificate:
Gen:Variant.Application.Jaik, PUP.Optional.DownloadAdmin, DownloadAdmin and Trj/Genetic.gen are some detection names according to VirusTotal:
Did you also find a file digitally signed by Social Voicing Solutions? Where did you find it and are the anti-virus programs detecting it? Please share in the comments below.
Thanks for reading.
Hello! Just a short post before I call it a day. I found yet another file that bundled a bunch of unwanted programs, and the file was signed by Trend Interactive.
It is also possible to check a digital signature by looking at a file’s properties. Here’s a screenshot of the Trend Interactive certificate.
Versign has issued the certificate:
When I uploaded the Trend Interactive file to VirusTotal, it came up with a 19% detection rate. The file is detected as PUA/DownloadAdmin.Gen7 by Avira, Gen:Variant.Application.Jaik.8223 by BitDefender and Adware ( 004c86ce1 ) by K7GW.
Did you also find a file digitally signed by Trend Interactive? What kind of download was it and where did you find it?
Hope this blog post helped you avoid some unwanted software on your machine.
Thanks for reading.
Sorry for not posting anything during the days. I’ve been having a few days off visiting friends and family. Before my time off I found another publisher called DIGITAL PLUGIN S.L that bundles some potentially unwanted programs. The file I found was called Player.exe and I could see DIGITAL PLUGIN S.L appear when double-clicking on the file.
Update 2015-06-29: Found another download with the publisher name “Digital Plugin SL“.
Viewing the certificate information is also possible by looking under the digital signature tab for the file. Here the certificate says that DIGITAL PLUGIN S.L is located in Tenerife.
And the certificate was issued by GlobalSign.
The reason for posting about DIGITAL PLUGIN S.L is that the file is detected by many of the anti-virus programs. Currently player.exe is detected by 13 of the 52 anti-virus scanners:
Hope you found this post useful.
Did you also find a download signed by DIGITAL PLUGIN S.L? What kind of download was it?
Update 2015-09-12: Today I noticed another download called google_chrome.exe, signed by Digital Plugin SL.
This is another certificate, issued by VeriSign. VirusTotal reports a 19/57 detection ratio.