Files digitally signed by Sergey Petrov – Be careful!

Long time no see! Found a file that looked very suspicious while helping friend today. The digital signature said Sergey Petrov. Well, check out what the anti-virus programs say about it:

  • Avast Win32:InstalleRex-BI [PUP] 20140328
  • Kingsoft Win32.Troj.AntiFW.b.(kcloud) 20140328
  • GData Win32.Application.InstalleRex.E 20140328
  • K7GW Unwanted-Program ( 0049574e1 ) 20140326
  • Kaspersky Trojan.Win32.AntiFW.b 20140328
  • DrWeb Trojan.WebPick.29 20140328
  • Malwarebytes PUP.Optional.Installrex 20140328
  • McAfee PUP-FHQ!6AB5BB009BA7 20140328
  • Rising PE:PUF.InstallRex!1.9E4C 20140327
  • Qihoo-360 Malware.QVM20.Gen 20140328
  • AVG MalSign.Generic.256 20140328
  • Sophos InstallRex 20140327
  • VIPRE Installerex/WebPick (fs) 20140328
  • VBA32 Downloader.AdLoad 20140327
  • Comodo Application.Win32.InstalleRex.KG 20140328
  • AntiVir ADWARE/InstallRex.Gen7 20140328
  • ESET-NOD32 a variant of Win32/InstalleRex.P 20140328

So, if you see a file digitally signed by Sergey Petrov, stay away from it!

I asked my buddy if he knew how this Sergey Petrov file had been installed on his computer, but he had no idea. Do you know how these files are distributed?

Advertisements