Lampy Lighty - 46% Detection Rate *

Did you just run into a download or a file on your computer that has been digitally signed by Lampy Lighty? Some of the security products refers to the detected files as Adware.SwiftBrowse.CH and Adware.BrowseFox.V. The detection rate for the Lampy Lighty files collected here is 46%. Please read on for more details.

You will typically see Lampy Lighty when running the file. The publisher name is displayed as the "Verified publisher" in the UAC dialog as the screencap shows:

Screenshot where Lampy Lighty appears as the verified publisher in the UAC dialog

You can also view the Lampy Lighty certificate with the following steps:

  1. Open up Windows Explorer and locate the Lampy Lighty file
  2. Right-click on the file and select Properties
  3. Click the Digital Signatures tab
  4. Click on the View Certificate button

Here is a screenshot of a file signed by Lampy Lighty:

Screenshot of the Lampy Lighty certificate

As you can see in the screencap above, Windows reports that "This digital signature is OK". This means that the file has been published by Lampy Lighty and that no one has tampered with the file.

If you click the View Certificate button shown in the screencap above, you can view all the details of the certificate, such as when it was issued, who issued the certificate, how long it is valid, and so on. You can also see the address for Lampy Lighty, such as the street name, city and country.

VeriSign Class 3 Code Signing 2010 CA has issued the Lampy Lighty certificates. You can also examine the details of the issuer by clicking the View Certificate button shown in the screengrab above.

Lampy Lighty Files

The following are the Lampy Lighty files I have gathered, thanks to the FreeFixer users.

Detection RatioFile Name
14/54{51d6ab57-418a-4317-9cb9-5efc59c6e41c}w64.sys
27/56{018a68a4-bb21-42d3-a42f-868d251c60f1}gw.sys
24/56{094e7033-a17d-45c5-9c1d-92911348b4bb}gw.sys
12/55LampyLightybho.dll
8/55updateLampyLighty.exe
19/56{fb9f5992-2fff-4e5c-a173-989715f2e0ed}w64.sys
24/56{51d6ab57-418a-4317-9cb9-5efc59c6e41c}gw64.sys
37/57maintainer.exe
7/55LampyLightybho.dll
22/56{458b60b1-4822-4864-8803-20585827735f}gw64.sys
6/56{325810e8-1aa4-4db5-9f2d-f1bfa9cbde28}w64.sys

Scanner and Detection Names

Here is the detection names for the Lampy Lighty files. I have grouped the detection names by each scanner engine. Thanks to VirusTotal for the scan results.

ScannerDetection Names
ALYacAdware.BrowseFox.V, Adware.SwiftBrowse.CH, Adware.BrowseFox.BQ
AVGGeneric.2B2, BrowseFox.F, Generic6.DAP
AVwareTrojan.Win32.Generic!BT, Yontoo (fs)
Ad-AwareAdware.SwiftBrowse.CH, Adware.BrowseFox.V, Adware.BrowseFox.BQ
AgnitumRiskware.Agent!, PUA.BrowseFox!
AhnLab-V3Adware/Win32.SwiftBrowse
Antiy-AVLGrayWare[NetTool:not-a-virus]/Win64.NetFilter.a, GrayWare[AdWare:not-a-virus]/Win32.Yotoon.bfm
AvastWin32:BrowseFox-DQ [PUP], Win32:Adware-BYZ [PUP]
AviraAdware/BrowseFox.A.1227, ADWARE/BrowseFox.Gen2, ADWARE/BrowseFox.Gen7
Baidu-InternationalAdware.Win32.Yotoon.kam, Adware.Win64.BrowseFox.BCC, Adware.Win32.BrowseFox.BO, Adware.MSIL.BrowseFox.BH, Adware.Win32.BrowseFox.V
BitDefenderAdware.SwiftBrowse.CH, Adware.BrowseFox.V, Adware.BrowseFox.BQ
BkavW32.HfsAdware.65C7
CAT-QuickHealAdWare.Yotoon.A5
ClamAVWin.Adware.Swiftbrowse-497, Win.Adware.Netfilter-134, Win.Adware.Agent-22685
ComodoTrojWare.Win32.AltBrowse.IZZV, Application.Win32.BrowseFox.JM, Application.Win32.BrowseFox.B
CyrenW32/A-de841313!Eldorado
DrWebTool.NetFilter.313, Trojan.BPlug.167, Trojan.BPlug.281
ESET-NOD32a variant of Win64/BrowseFox.CC, a variant of Win32/BrowseFox.O, a variant of Win64/BrowseFox.CG potentially unwanted, Win32/BrowseFox.V potentially unwanted
EmsisoftAdware.SwiftBrowse.CH (B), Adware.BrowseFox.V (B), Adware.BrowseFox.BQ (B)
F-ProtW32/A-76f53fd6!Eldorado, W64/A-59c9c70a!Eldorado, W32/A-de841313!Eldorado
F-SecureAdware.SwiftBrowse.CH, Adware.BrowseFox.V, Adware.BrowseFox.BQ
FortinetRiskware/BrowseFox, Adware/BrowseFox
GDataAdware.SwiftBrowse.CH, Adware.BrowseFox.V, Adware.BrowseFox.BQ
JiangminAdWare/Yotoon.am, AdWare/Yotoon.ap
K7AntiVirusUnwanted-Program ( 004b2a6b1 ), Unwanted-Program ( 0040f9881 ), Adware ( 0040f9f21 ), Trojan ( 004af26b1 )
K7GWUnwanted-Program ( 004b2a6b1 ), Unwanted-Program ( 0040f9881 ), Adware ( 0040f9f21 ), Trojan ( 004af26b1 )
Kasperskynot-a-virus:AdWare.Win32.Yotoon.kam, not-a-virus:AdWare.Win32.Yotoon.bfm
KingsoftWin32.Troj.Generic.a.(kcloud)
MalwarebytesPUP.Optional.LampyLighty.A, Adware.SwiftBrowse, PUP.Optional.SwiftBrowse
McAfeeArtemis!A1BADC83C770, Artemis!3D3DF5472620, BrowseFox-FTR, Artemis!5DCB63C08BAB
McAfee-GW-EditionArtemis, BrowseFox-FTR
MicroWorld-eScanAdware.SwiftBrowse.CH, Adware.BrowseFox.V, Adware.BrowseFox.BQ
NANO-AntivirusRiskware.Win32.NetFilter.dgkdox, Trojan.Win32.BPlug.dfohwl, Riskware.Win32.Kranet.dgiwfc, Riskware.Win64.NetFilter.dlapal
Qihoo-360Win32/Virus.Adware.618, HEUR/Malware.QVM30.Gen, Win32/Virus.Adware.708
SUPERAntiSpywareAdware.SwiftBrowse
SymantecYontoo.C, Yontoo.C!gen2, Trojan.Gen.2
TencentWin32.Adware.Yotoon.Akyw
TrendMicroHS_BROWSEFOX.SM
TrendMicro-HouseCallHS_BROWSEFOX.SM
VBA32AdWare.Win64.Yotoon, AdWare.Yotoon
VIPRETrojan.Win32.Generic!BT, Yontoo (fs)
ZillyaBackdoor.CPEX.Win32.29350, Adware.Yotoon.Win64.14, Adware.Kranet.Win32.476
nProtectAdware.SwiftBrowse.CH, Adware.BrowseFox.V, Trojan-Clicker/W32.Yotoon.123640

* How the Detection Percentage is Calculated

The detection percentage is based on the fact that I've gathered 1011 scan results for the Lampy Lighty files. 469 of these scan reports came up with some sort of detection. You can review the full details of the scan reports by examining the files listed above.

Analysis Details

The analysis is based on certificates with the following serial numbers:

Comments

No comments posted yet.

Leave a reply