Clock Hand - 35% Detection Rate *

Did you just stumble upon a download or a file on your computer that has been digitally signed by Clock Hand? Some of the security products refers to the detected files as Adware.SwiftBrowse.CH and Generic.168. The detection rate for the Clock Hand files collected here is 35%. Please read on for more details.

You will typically notice Clock Hand when double-clicking to run the file. The publisher name is displayed as the "Verified publisher" in the UAC dialog as the screencap shows:

You can view the additional details from the Clock Hand digital signature with the following procedure:

Open up Windows Explorer and locate the Clock Hand file
Right-click the file and select Properties
Click on the Digital Signatures tab
Click on the View Certificate button

Here's a screengrab of a file digitally signed by Clock Hand:

As you can see in the screenshot above, Windows reports that "This digital signature is OK". This means that the file has been published by Clock Hand and that no one has tampered with the file.

If you click the View Certificate button shown in the screenshot above, you can examine all the details of the certificate, such as when it was issued, who issued the certificate, how long it is valid, and so on. You can also examine the address for Clock Hand, such as the street name, city and country.

VeriSign Class 3 Code Signing 2010 CA has issued the Clock Hand certificates. You can also view the details of the issuer by clicking the View Certificate button shown in the screencap above.

Clock Hand Files

These are the Clock Hand files I've collected, thanks to the FreeFixer users.

Detection Ratio	File Name
2/57	ClockHandbho.dll
17/57	ClockHandbho.dll
16/56	{8ec7a18b-bb06-4e8b-bc9b-34809b4a9468}gt.sys
16/57	ClockHandbho.dll
19/55	updateClockHand.exe
21/57	{f4191bb0-3007-4fbd-b83f-cc45648f3845}gw64.sys
24/57	{f4191bb0-3007-4fbd-b83f-cc45648f3845}gw64.sys
21/56	{3788502c-c1e8-40a8-8914-655def81ee5b}gw64.sys
16/56	ClockHand.BrowserAdapter64.exe
17/57	{d3faa606-99ad-4927-8f30-167a217dc4db}gt.sys
29/57	ClockHand.expext.exe
2/57	65F7D090_stp.EXE

Scanner and Detection Names

Here's the detection names for the Clock Hand files. I've grouped the detection names by each scanner engine. Thanks to VirusTotal for the scan results.

Scanner	Detection Names
ALYac	Adware.NetFilter.J, Adware.SwiftBrowse.CH, Gen:Variant.Adware.Graftor.173090
AVG	Generic.168, Generic_r.YJ, AdPlugin.CUB
AVware	Trojan.Win32.Generic!BT, Yontoo (fs), Adware.BrowseFox
Ad-Aware	Adware.SwiftBrowse.CH, Gen:Variant.Adware.Graftor.173090
Agnitum	Riskware.Agent!, Riskware.NetTool!
AhnLab-V3	Adware/Win32.BrowseFox, PUP/Win32.BrowseFox
Antiy-AVL	GrayWare[NetTool:not-a-virus]/Win64.NetFilter.a, RiskWare[WebToolbar:not-a-virus]/Win32.Agent
Avast	MSIL:BrowseFox-BA [PUP]
Avira	ADWARE/BrowseFox.Gen2, ADWARE/BrowseFox.Gen7
Baidu-International	Adware.Win32.BrowseFox.AE, Adware.MSIL.BrowseFox.G, Adware.Win64.BrowseFox.CO, Adware.Win32.BrowseFox.AA
BitDefender	Adware.SwiftBrowse.CH, Gen:Variant.Adware.Graftor.173090
Bkav	W32.HfsAdware.F6FC, W32.HfsAdware.9A76, W32.HfsAdware.BAD9, W32.HfsAdware.9A23, W32.HfsAdware.22D9, W32.HfsAdware.A63A
ClamAV	Win.Adware.Netfilter-130, Win.Adware.Swiftbrowse-497, Win.Adware.Browsefox-378, Win.Adware.Agent-38510
Comodo	TrojWare.Win32.AltBrowse.IZZV, Application.Win32.BrowseFox.AK
Cyren	W32/S-f64f6ec1!Eldorado, W32/A-b3b70cb0!Eldorado, W32/S-e8c6878a!Eldorado, W64/A-59c9c70a!Eldorado, W64/S-ae7ba29a!Eldorado, W32/S-43570a6e!Eldorado
DrWeb	Trojan.Yontoo.632, Trojan.Yontoo.1734, Tool.NetFilter.313, Trojan.Yontoo.1022
ESET-NOD32	a variant of Win32/BrowseFox.AE potentially unwanted, a variant of Win32/Komodia.A potentially unsafe, a variant of MSIL/BrowseFox.G potentially unwanted, Win64/BrowseFox.CO potentially unwanted, a variant of Win32/NetFilter.A potentially unsafe, a variant of Win32/BrowseFox.AA potentially unwanted, Win32/BrowseFox.C potentially unwanted
Emsisoft	Adware.SwiftBrowse.CH (B), Gen:Variant.Adware.Graftor.173090 (B)
F-Prot	W32/S-f64f6ec1!Eldorado, W32/A-b3b70cb0!Eldorado, W32/S-e8c6878a!Eldorado, W64/A-59c9c70a!Eldorado, W64/S-ae7ba29a!Eldorado, W32/S-43570a6e!Eldorado
F-Secure	Adware.NetFilter.J, Adware.SwiftBrowse.CH, Gen:Variant.Adware.Graftor
GData	Adware.NetFilter.J, Adware.SwiftBrowse.CH, Gen:Variant.Adware.Graftor.173090
Ikarus	AdWare.BrowseFox
Jiangmin	AdWare/SwiftBrowse.dxt, AdWare/Yotoon.aq, AdWare/Yotoon.kp, AdWare/LinkSwift.ach
K7AntiVirus	Unwanted-Program ( 004a8e8b1 ), Adware ( 700000121 ), Adware ( 0040f9f21 ), Trojan ( 004b50b11 ), Unwanted-Program ( 004b51ae1 )
K7GW	Trojan ( 004b55d71 ), Adware ( 700000121 ), Adware ( 0040f9f21 ), Trojan ( 004b50b11 )
Malwarebytes	PUP.Optional.ClockHand.A
McAfee	BrowseFox-FWI, Artemis!842498CC91DD, BrowseFox-FUU, Artemis!74D8D2426CB5, BrowseFox-FVA
McAfee-GW-Edition	BrowseFox-FWI, Artemis, BrowseFox-FUU, BrowseFox-FVA
MicroWorld-eScan	Adware.SwiftBrowse.CH, Gen:Variant.Adware.Graftor.173090
NANO-Antivirus	Trojan.Win32.Yontoo.dnkubo, Riskware.Win32.NetFilter.dgqvkd, Riskware.Win32.BPlug.djpkri, Riskware.Win32.BrowseFox.dlbjxp
Panda	PUP/Astromenda
Qihoo-360	HEUR/QVM30.1.Malware.Gen, Win32/Virus.Adware.708, HEUR/QVM00.1.Malware.Gen
Sophos	Browse Fox
TrendMicro	HS_BROWSEFOX.SM
TrendMicro-HouseCall	Suspicious_GEN.F47V0213, Suspicious_GEN.F47V0215, HS_BROWSEFOX.SM, Suspicious_GEN.F47V0301
VBA32	AdWare.MSIL.Agent
VIPRE	Trojan.Win32.Generic!BT, Yontoo (fs), Adware.BrowseFox
Zillya	Adware.Yotoon.Win64.10, Adware.Yotoon.Win64.14, Trojan.Katusha.Win32.37070
nProtect	Adware.NetFilter.J, Adware.SwiftBrowse.CH

* How the Detection Percentage is Calculated

The detection percentage is based on the fact that I've gathered 1077 scan reports for the Clock Hand files. 380 of these scan results came up with some sort of detection. If you like, you can review the full details of the scan results by examining the files listed above.

Clock Hand - 35% Detection Rate *

Clock Hand Files

Scanner and Detection Names

* How the Detection Percentage is Calculated

Analysis Details

Comments

Leave a reply