Andrew Kruzov

Publisher Information

Andrew Kruzov is a brand of publishers/developers run by WebPick Internet Holdings Ltd. located in Ramat Ha'Chayal Tel Aviv, Israel. The company is a primary distributor of unwanted software. Andrew Kruzov is a developer of WebPick Internet Holdings and publishes a number of adware web browser plugins designed to monitor web browser behavior and inject advertisements (banner, popups, text-links, etc.) in the browser by using the WebPick InstalleRex monetization delivery platform. These programs from Andrew Kruzov are typiclaly installed on a variety of names and misspellings and are very difficult to remove. According to WebPick, they use developers to sign their adware in order to "throw off competitors".
Authority:
COMODO CA Limited

Valid from:
9/27/2013 2:00:00 AM

Valid to:
9/28/2014 1:59:59 AM

Subject:
CN=Andrew Kruzov, O=Andrew Kruzov, STREET=Savrasova 31, L=Kiev, S=Kiev, PostalCode=03110, C=UA

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
53c0e7306a4ed340cba044d801891a67

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.AndrewKruzov.H, PUP.Installer.AndrewKruzov.M, PUP.Installer.AndrewKruzov.J, PUP.Installer.AndrewKruzov.K, PUP.Installer.AndrewKruzov.S, PUP.Installer.AndrewKruzov.L, PUP.Installer.AndrewKruzov.F, PUP.AndrewKruzov.C, PUP.AndrewKruzov.K, PUP.WebPick.AndrewKruzov.Bundler (M), PUP.WebPick.AndrewKruzov (M)
100.00%

VIPRE Antivirus
Trojan.Win32.Generic, Threat.4150696
72.00%

avast!
Win32:PUP-gen [PUP], Win32:MultiPlug-AQ [PUP]
72.00%

Sophos
MultiPlug, Adware.MultiPlug, PUA 'MultiPlug' (of type Adware)
72.00%

Dr.Web
Trojan.Crossrider.14455, Trojan.Crossrider.12912
72.00%

Emsisoft Anti-Malware
Gen:Variant.Adware.Dropper.101
72.00%

AVG
Generic_r, Generic_r.JY, Adware Generic_r.JY
72.00%

MicroWorld eScan
Gen:Variant.Adware.Dropper.101
70.00%

McAfee
PUP-FID!E028ABA38E13, PUP-FID!8F050AA1539B, PUP-FID!13F650A9E15C, PUP-FID!3A344EE960F9, PUP-FID!1E52FE30241A, PUP-FID!CAEF45A8F4DB
70.00%

NANO AntiVirus
Riskware.Win32.Agent.cwzhej, Riskware.Win32.Crossrider.cwprty
70.00%

1 / 68      (Adware)
294823_.exe  (f4788abd94dcfc16455bd60a2e1b4290)

1 / 68      (Adware)
setup.exe  (49f60c32ef14031ddb499e3bb1484621)

1 / 68      (Adware)
ytab_setup.exe  (8b1f47d7f397432a7b21fce371f7d4c2)

1 / 68      (Adware)
newtab_setup.exe  (778a41ea54ba41fc47a27a679960633e)

1 / 68      (Adware)
ext_setup.exe  (452cf88087cc65d6d51ec34b94806b3b)

1 / 68      (Adware)
extie_setup.exe  (b121426c36584ad320a13a7919d0f653)

1 / 68      (Adware)
browsecoupon_setup.exe  (bcfb14327abd03c4b1b93c8902a96edf)

1 / 68      (Adware)
294823_.exe  (e6a16b1ca2ad61c4d439baaff4537856)

1 / 68      (Adware)
ext_setup.exe  (3f5815e7ccfd3b20253b90c0d662fe82)

1 / 68      (Adware)
ext_setup.exe  (32549dd02aecef87257952b180408f83)

1 / 68      (Adware)
u3kavmb1.exe  (8a4b51474558d49b40d34d1ecd40f8e2)

1 / 68      (Adware)
setup.exe  (9c5df906b4611345bc5e9c94ca08b6ae)

37 / 68    (Adware)
ytab_setup.exe  (d523c74575ae3ebcab13ea5cb1d9e3e7)

36 / 68    (Adware)
newtab_setup.exe  (99ca8c91e40da0a723bd91714c8e527d)

37 / 68    (Adware)
ytab_setup.exe  (80abf90b10066129e0a679be81f27816)

38 / 68    (Adware)
newtab_setup.exe  (3d7467a5de99e45c73ade6dcac031dda)

38 / 68    (Adware)
newtab_setup.exe  (dec9a385d5297dbd712c5d097840b20f)

34 / 68    (Adware)
setup.exe  (8cd514753f9b95843304ff99070a1bcb)

36 / 68    (Adware)
ytab_setup.exe  (725d47195b8d1ce1521d8e24081f026d)

35 / 68    (Adware)
ext_setup.exe  (d258f3fc2e71276faa3a248cb0652ff9)

35 / 68    (Adware)
extie_setup.exe  (201de7ac832a557654185dce2574c20d)

34 / 68    (Adware)
browsecoupon_setup.exe  (7eaf92fcb0cda017fd9ef302ffa78afd)

32 / 68    (Adware)
gj.exe  (b75287ce7b83e17ce6ef548a6c4907a1)

30 / 68    (Adware)
6sqg5af.exe  (61f0732d0eb63f0428500fcc8799f318)

30 / 68    (Adware)
_6g9r_yvsg.exe  (8b5d419c861874010162765f70790c3d)

32 / 68    (Adware)
lutjrm3.exe  (f907e3d0629df5c903bfd456666b9ae5)

9 / 68      (Adware)
sg.exe  (bc92084c303e8bb26e607a394ac3f6fa)

1 / 68      (Adware)
ytab_setup.exe  (e026f3e863354e890457bce5ae3aa67c)

35 / 68    (Adware)
newtab_setup.exe  (b15732ecac90a1209b94859ffe9ca9d8)

30 / 68    (Adware)
294823_.exe  (1c3fb32b509f16eb2b024ced91a3bc80)

 
Latest 30 of 92 files

* Note, the details and description above are based on the code signing digital signature issued to Andrew Kruzov by COMODO CA Limited on September 27, 2013 with the serial number '53c0e7306a4ed340cba044d801891a67'.