Scan Tack - 18% Detection Rate *

Did you just run into a download or a file on your computer that is digitally signed by Scan Tack? Some of the security products refers to the detected files as Generic.BAC and Adware.SwiftBrowse.Y. The detection rate for the Scan Tack files collected here is 18%. Please read on for more details.

You will probably see Scan Tack when clicking to run the file. The publisher name is displayed as the "Verified publisher" in the UAC dialog as the screenshot shows:

Screenshot where Scan Tack appears as the verified publisher in the UAC dialog

You can view the digital signature details for Scan Tack with the following steps:

  1. Open up Windows Explorer and locate the Scan Tack file
  2. Right-click on the file and select Properties
  3. Click on the Digital Signatures tab
  4. Click on the View Certificate button

Here is a screencap of a file that has been signed by Scan Tack:

Screenshot of the Scan Tack certificate

As you can see in the screenshot above, the Windows OS states that "This digital signature is OK". This implies that the file has been published by Scan Tack and that the file has not been tampered with.

If you click the View Certificate button shown in the screenshot above, you can view all the details of the certificate, such as when it was issued, who issued the certificate, how long it is valid, and so on. You can also see the address for Scan Tack, such as the street name, city and country.

VeriSign Class 3 Code Signing 2010 CA has issued the Scan Tack certificates. You can also examine the details of the issuer by clicking the View Certificate button shown in the screenshot above.

Scan Tack Files

The following are the Scan Tack files I've gathered, thanks to the FreeFixer users.

Detection RatioFile Name
2/50{9acd1534-e8f8-40cb-b5ac-4996fe01175b}gw64.sys
8/53{9acd1534-e8f8-40cb-b5ac-4996fe01175b}gw64.sys
15/51ScanTackbho.dll
5/51{9acd1534-e8f8-40cb-b5ac-4996fe01175b}gw64.sys
2/51ScanTack.BrowserAdapter.exe
2/53{9acd1534-e8f8-40cb-b5ac-4996fe01175b}gw.sys
28/53Setup[1].exe
4/54{9acd1534-e8f8-40cb-b5ac-4996fe01175b}t.sys
1/50wstlibg.sys
8/54{9acd1534-e8f8-40cb-b5ac-4996fe01175b}w64.sys
30/56ScanTackBHO.dll
19/56{814662d1-aa2f-4582-81ca-c1dc0b72f9bb}w64.sys
6/52{9acd1534-e8f8-40cb-b5ac-4996fe01175b}gw.sys
9/54{9acd1534-e8f8-40cb-b5ac-4996fe01175b}w64.sys

Scanner and Detection Names

Here is the detection names for the Scan Tack files. I've grouped the detection names by each scanner engine. Thanks to VirusTotal for the scan results.

ScannerDetection Names
ALYacAdware.SwiftBrowse.Y, Adware.SwiftBrowse.CH
AVGGeneric.BAC, BrowseFox, MalSign.Generic.BAC, BrowseFox.F
AVwareYontoo (fs), Trojan.Win32.Generic!BT
Ad-AwareGen:Variant.Adware.BHO.Agent.4, Adware.SwiftBrowse.Y, Adware.SwiftBrowse.CH
AgnitumPUA.Agent!, Riskware.Agent!
AhnLab-V3Adware/Win32.Agent
AntiVirAPPL/BrowseFox.Gen2
Antiy-AVLGrayWare[AdWare:not-a-virus]/Win32.Agent, Trojan/Win32.TSGeneric
AvastWin32:BrowseFox-J [PUP]
AviraAdware/BrowseFox.apb
Baidu-InternationalAdware.Win32.BrowseFox.D, Adware.Win32.BrowseFox.71, Adware.Win32.Agent.aanW
BitDefenderGen:Variant.Adware.BHO.Agent.4, Adware.SwiftBrowse.Y, Adware.SwiftBrowse.CH
ClamAVWin.Adware.Swiftbrowse-497
ComodoApplication.Win32.Altbrowse.AK, Application.Win32.BrowseFox.JM
DrWebTrojan.BPlug.28, Trojan.BPlug.144, Tool.NetFilter.313
ESET-NOD32a variant of Win32/BrowseFox.F, a variant of Win32/BrowseFox.I, a variant of Win32/BrowseFox.O, a variant of Win64/BrowseFox.CG
EmsisoftGen:Variant.Adware.BHO.Agent.4 (B), Adware.SwiftBrowse.Y (B), Adware.SwiftBrowse.CH (B)
F-ProtW64/A-59c9c70a!Eldorado
F-SecureGen:Variant.Adware.BHO.Agent.4, Adware.SwiftBrowse.Y, Adware.SwiftBrowse.CH
FortinetAdware/Agent, Riskware/BrowseFox
GDataGen:Variant.Adware.BHO.Agent.4, Adware.SwiftBrowse.Y, Adware.SwiftBrowse.CH
IkarusAdWare.SpadeCast, AdWare.SwiftBrowse
JiangminAdware/Agent.izz
K7AntiVirusUnwanted-Program ( 00454f261 ), Trojan ( 0040f9921 )
K7GWUnwanted-Program ( 00454f261 ), Trojan ( 0040f9921 )
Kasperskynot-a-virus:AdWare.Win32.Agent.ahbx
KingsoftWin32.Troj.Agent.ah.(kcloud), VIRUS_UNKNOWN
MalwarebytesPUP.Optional.ScanTack.A
McAfeeArtemis!FAEFA0300063, Artemis!CA88AE632946, Artemis!8130792ECC1B, Artemis!5374806AF27C, BrowseFox-FRR, Artemis!6126619EBF6C, Artemis!3C8E270ECF3F
McAfee-GW-EditionArtemis!FAEFA0300063, Artemis!CA88AE632946, Artemis!5374806AF27C, BrowseFox-FRR, Artemis!6126619EBF6C, Artemis!3C8E270ECF3F
MicroWorld-eScanGen:Variant.Adware.BHO.Agent.4, Adware.SwiftBrowse.Y, Adware.SwiftBrowse.CH
NANO-AntivirusRiskware.Win32.Agent.cuenda, Trojan.Win32.BPlug.dfogbn
PandaTrj/CI.A
Qihoo-360Win32/Virus.Adware.06a
RisingNS:PUF.SilenceInstaller!1.9DDF
SUPERAntiSpywareAdware.BrowseFox/Variant
SophosBrowseSmart, Generic PUA KO, Generic PUA AB
TencentWin32.Trojan.Suspicious.Hvtq
TrendMicro-HouseCallSuspicious_GEN.F47V0614, TROJ_GEN.F47V0409, TROJ_GE.54D5AFF7, Suspicious_GEN.F47V0611, Suspicious_GEN.F47V0623, TROJ_GEN.F47V0607
VBA32AdWare.SwiftBrowse
VIPRETrojan.Win32.Generic!BT, Yontoo (fs)
ZillyaAdware.Yotoon.Win64.14
nProtectAdware.SwiftBrowse.Y, Adware.SwiftBrowse.CH

* How the Detection Percentage is Calculated

The detection percentage is based on that I've collected 789 scan reports for the Scan Tack files. 139 of these scan reports came up with some sort of detection. You can review the full details of the scan results by examining the files listed above.

Analysis Details

The analysis has been done on certificates with the following serial numbers:

Comments

No comments posted yet.

Leave a reply