Files digitally signed by Sergey Petrov – Be careful!

Long time no see! Found a file that looked very suspicious while helping friend today. The digital signature said Sergey Petrov. Well, check out what the anti-virus programs say about it:

  • Avast Win32:InstalleRex-BI [PUP] 20140328
  • Kingsoft Win32.Troj.AntiFW.b.(kcloud) 20140328
  • GData Win32.Application.InstalleRex.E 20140328
  • K7GW Unwanted-Program ( 0049574e1 ) 20140326
  • Kaspersky Trojan.Win32.AntiFW.b 20140328
  • DrWeb Trojan.WebPick.29 20140328
  • Malwarebytes PUP.Optional.Installrex 20140328
  • McAfee PUP-FHQ!6AB5BB009BA7 20140328
  • Rising PE:PUF.InstallRex!1.9E4C 20140327
  • Qihoo-360 Malware.QVM20.Gen 20140328
  • AVG MalSign.Generic.256 20140328
  • Sophos InstallRex 20140327
  • VIPRE Installerex/WebPick (fs) 20140328
  • VBA32 Downloader.AdLoad 20140327
  • Comodo Application.Win32.InstalleRex.KG 20140328
  • AntiVir ADWARE/InstallRex.Gen7 20140328
  • ESET-NOD32 a variant of Win32/InstalleRex.P 20140328

So, if you see a file digitally signed by Sergey Petrov, stay away from it!

I asked my buddy if he knew how this Sergey Petrov file had been installed on his computer, but he had no idea. Do you know how these files are distributed?