home

www.bitberryupdates.com

BITBERRY SOFTWARE APS

Domain Information

The domain www.bitberryupdates.com registered by BITBERRY SOFTWARE APS was initially registered in June of 2010 through ENOM, INC.. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Manassas, Virginia within the United States which resides on the Leaseweb USA, Inc. network.
Registrar:
ENOM, INC.

Server location:
Virginia, United States (US)

Create date:
Friday, June 18, 2010

Expires date:
Saturday, June 18, 2016

Updated date:
Friday, October 18, 2013

ASN:
AS30633 LEASEWEB-US - Leaseweb USA, Inc.,US

Root domain:
bitberryupdates.com

Whois:
1 bitberryupdates.com record

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.InstallX.J, PUP.Optional.BitberrySoftware.N, PUP.Optional.Installer.FF, PUP.Installer.BitberrySoftware.FF, PUP.InstallX.Installer (M), PUP.NewMedia.NMH.Bundler (M)
92.86%

Sophos
InstallQ, Install Core, Install Core Click run software
57.14%

Dr.Web
Adware.W3i.32, Adware.InstallCore.133, Trojan.MulDrop5.10078, Adware.W3i.30, Adware.Searcher.2650
57.14%

ESET NOD32
Win32/InstallIQ (variant), Win32/InstallCore.CU (variant), Win32/InstallCore.MC, Win32/FileTypeAssistant (variant)
57.14%

VIPRE Antivirus
InstallIQ Installer, InstallCore.b, Adware.Win32.InstallCore.ba
50.00%

McAfee
Artemis!A34F9AC02DB1, Artemis!370EA922FC3E, Artemis!F72A5777498B, Artemis!01D43CE950BA, Artemis!B6EBAB9EE42C
42.86%

Malwarebytes
PUP.PlayPickle, PUP.Optional.InstallCore, PUP.Optional.InstallIQ
42.86%

Trend Micro House Call
TROJ_GEN.F47V0815, TROJ_GEN.F47V1122, TROJ_GEN.F47V0917, TROJ_GEN.F47V0727, TROJ_GEN.F47V0706, TROJ_GEN.F47V0502
42.86%

K7 AntiVirus
Riskware, Unwanted-Program
42.86%

Comodo Security
Application.Win32.InstallIQ.B, Application.Win32.InstallCore.BWAN
35.71%

IKARUS anti.virus
AdWare.InstallIQ
28.57%

AVG
Skodna.Generic_r
28.57%

MicroWorld eScan
Adware.InstallIQ.B
28.57%

Bitdefender
Adware.InstallIQ.B
28.57%

F-Secure
Adware.InstallIQ.B
28.57%

The domain www.bitberryupdates.com has been seen to resolve to the following 2 IP addresses.

162.210.196.7
hosted-by.leaseweb.com
September 2, 2014

209.68.44.149
bitberryupdates.com
February 6, 2014

File downloads found at URLs served by www.bitberryupdates.com.

1 / 68      (Adware)
http://www.bitberryupdates.com/fmp_redir.html?r=fmpdl  (finalmediaplayer2014u1setup.exe)

1 / 68      (Adware)
http://www.bitberryupdates.com/fmp_redir.html?r=fmpdl  (finalmediaplayer_732.exe)

19 / 68    (Adware)
http://www.bitberryupdates.com/ffv_redir.html?r=ffvdl  (freefileviewer_730.exe)

1 / 68      (Adware)
http://www.bitberryupdates.com/fmp_redir.html?r=fmpdl  (finalmediaplayer_732.exe)

2 / 68      (PUP)
http://www.bitberryupdates.com/ffv_redir.html?r=ffvdl  (164221761_stp.exe)

19 / 68    (Adware)
http://www.bitberryupdates.com/ffv_redir.html?r=ffvdl  (freefileviewer_730.exe)

19 / 68    (Adware)
http://www.bitberryupdates.com/ffv_redir.html?r=ffvdl  (freefileviewer_730.exe)

3 / 68      (PUP)
http://www.bitberryupdates.com/ffv_redir.html?r=ffvdl  (icreinstall_freefileviewersetup.exe)

4 / 68      (PUP)
http://www.bitberryupdates.com/ffv_redir.html?r=ffvdl  (ffv_z_setup.exe)

13 / 68    (PUP)
http://www.bitberryupdates.com/ffv_redir.html?r=ffvdl  (icreinstall_freefileviewersetup.exe)

6 / 68      (PUP)
http://www.bitberryupdates.com/fmp_redir.html?r=fmpdl  (finalmediaplayersetup.exe)

2 / 68      (PUP)
http://www.bitberryupdates.com/ffv_redir.html?r=ffvdl  (freefileviewersetup.exe)

12 / 68    (Adware)
http://www.bitberryupdates.com/fmp_redir.html?r=fmpdl  (icreinstall_finalmediaplayersetup.exe)

24 / 68    (Adware)
http://www.bitberryupdates.com/ffv_redir.html?r=ffvdl  (InstallIQ.exe)

The following 16 files have been seen to comunicate with www.bitberryupdates.com in live environments.

TCP » 162.210.196.7:80
fmpcheckforupdates.exe (by Bitberry Software)

TCP » 162.210.196.7:80
fmpcheckforupdates.exe (by Bitberry Software)

TCP » 162.210.196.7:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 162.210.196.7:80
ffvcheckforupdates.exe (Update Checker by Bitberry Software)

TCP » 162.210.196.7:80
fmpcheckforupdates.exe (by Bitberry Software)

TCP » 162.210.196.7:80
ffvcheckforupdates.exe (by Bitberry Software)

TCP » 162.210.196.7:80
fmpcheckforupdates.exe (by Bitberry Software)

TCP » 162.210.196.7:80
ftcheckforupdates.exe (Update Checker by Bitberry Software)

TCP » 162.210.196.7:80
fmpcheckforupdates.exe (Update Checker by Bitberry Software)

TCP » 162.210.196.7:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 162.210.196.7:80
ffvcheckforupdates.exe (Update Checker by Bitberry Software)

TCP » 162.210.196.7:80
fmpcheckforupdates.exe (by Bitberry Software)

TCP » 162.210.196.7:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 162.210.196.7:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 162.210.196.7:80
fmpcheckforupdates.exe (by Bitberry Software)

TCP » 162.210.196.7:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

URL:
http://www.bitberryupdates.com/

Web server:
Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 (PHP/5.4.30)

Compete.com:
US visitors:  10,537

Statistics are for the previous month.

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.