CJ Mooter Inc.

Publisher Information

CJ Mooter Inc. is a software publisher located in Gangnam-gu, Seoul in Korea*. The company is a primary distributor of unwanted software. Thre are 3 additional code signing certificates issued to this publisher.
Remove CJ Mooter Inc. Malware - Powered by Reason Core Security
Authority:
VeriSign, Inc.

Valid from:
5/1/2013 9:00:00 AM

Valid to:
8/1/2014 8:59:59 AM

Subject:
CN=CJ Mooter Inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=CJ Mooter Inc., L=Gangnam-gu, S=Seoul, C=KR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
67b841ad06bf7c23c9b3bc83920c4f94

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
Threat.CJMooter, Threat.Installer.CJMooter, PUP.CJMooter (M), PUP.CJMooter.Installer (M)
100.00%

AhnLab V3 Security
Win-PUP/Helper.WinExpand.286256, PUP/Win32.Winexpand, PUP/Win32.HubHelper
29.17%

nProtect
Adware/W32.KrAdword.273968, Adware/W32.Agent.549424, Adware/W32.Agent.253488, Adware.Kraddare.DU
25.00%

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
20.83%

McAfee
Artemis!940E75FA7D2F, Artemis!4EB9B96D58CE, Artemis!FF8DA71C9E6A, Artemis!B6850D7B2E17
16.67%

McAfee Web Gateway
Artemis!940E75FA7D2F, Artemis!4EB9B96D58CE, Heuristic.BehavesLike.Win32.Suspicious-BAY.G, Artemis!B6850D7B2E17
16.67%

Bkav FE
W32.Clodb7a.Trojan, W32.Clod175.Trojan, W32.Clod5e7.Trojan
12.50%

MicroWorld eScan
Trojan.GenericKDV.1349182, Gen:Variant.Adware.Symmi.36013, Adware.Kraddare.DU
12.50%

Trend Micro House Call
TROJ_GEN.R0CBB01A314, TROJ_GEN.F47V0224
12.50%

Bitdefender
Trojan.GenericKDV.1349182, Gen:Variant.Adware.Symmi.36013, Adware.Kraddare.DU
12.50%

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)
winstend_nmog.EXE (winstend_nmog)  (a1fcf1f2e5ea41bb56cb44debd36ff2b)

1 / 68      (Adware)
winxpendup_s6ssi.exe  (4c0402065e77a68b04ac92518a3c9dd3)

1 / 68      (Adware)
WinExpand_s6ssi.dll (WinExpand_s6ssi Module)  (b5ee411045220ed157f18b905cf0135f)

1 / 68      (Adware)
WEUninstall_s6ssi.exe (WEUninstall_s6ssi by CJMooter)  (953660fb6b6c9e6104a8c477dd311af5)

1 / 68      (Adware)
WinExpand_nwcod.dll (WinExpand_nwcod Module)  (fbfebd6c1f985b38b110648b7b715384)

1 / 68      (Adware)
WinExpandPu_nwcod.dll (WinExpandPu_nwcod Module)  (aaa53663f9d1a6cbafd6255f360d45b2)

2 / 68      (Adware)
WEUninstall_nwgn.exe (WEUninstall_nwgn by CJMooter)  (18ede94d9c0383e4bce5ab80c65bd17e)

31 / 68    (Adware)

1 / 68      (Adware)
winstend_nwcod.EXE (winstend_nwcod)  (d65d1563a0b7fdfb2f6c9b0fc20db328)

1 / 68      (Adware)
winxpendup_s4sue.exe  (0110f737e375d7583408827c0ce9956e)

3 / 68      (Adware)
WEUninstall_s4sue.exe (WEUninstall_s4sue by CJMooter)  (7906430ed98ce6fd2e97bf8925fc4891)

2 / 68      (Adware)
WinExpand_s4sue.dll (WinExpand_s4sue Module)  (eca0f8f5161d52adeeca75093b225412)

2 / 68      (Adware)
WinExpand_s2use.dll (WinExpand_s2use Module)  (f2334fc393fe15bd5b563bd0713be4ca)

3 / 68      (Adware)
WinExpand_nwgn.dll (WinExpand_nwgn Module)  (cd095ddfcff505d3458cf41628366bbb)

1 / 68      (Adware)
WinExpandPu_nwgn.dll (WinExpandPu_nwgn Module)  (42fc7419db2df7fa62c2fa10e632eee3)

1 / 68      (Adware)
winxpendup_nwgn.exe (WinxpandUpdate_nwgn)  (9e438cf7395c836b66332a9ac312cf5a)

19 / 68    (Adware)
winexpanddmn_nwgn.dll  (ff8da71c9e6afd273c4ff41f0d6c83ca)

1 / 68      (Adware)
winstend_nwgn.EXE (winstend_nwgn)  (378a85bb724aadf08676b335c51f8fca)

6 / 68      (Adware)
WEUninstall_s2dwm.exe (WEUninstall_s2dwm by CJMooter)  (4eb9b96d58ce5f9da674ca06d15b76cb)

30 / 68    (Adware)

3 / 68      (Adware)
WinExpand_s2dwm.dll (WinExpand_s2dwm Module)  (199db15aacf45aec5aa879a7d989ef2c)

2 / 68      (Adware)
winxpendup_s2dwm.exe  (d4874581e1e21f5c11d528ef543012cd)

The certificates below are also signed by CJ Mooter Inc..

58E039409EC65745DFE47259A1A2B422  (Apr 20, 2012 to Jul 21, 2013)

3D0DAED61E180A0536952254A8C14AAD  (Apr 14, 2011 to Jun 13, 2012)

3337DF1FA8FB0F79AFD72AA77BC85A4F  (Mar 26, 2010 to May 26, 2011)

Remove CJ Mooter Inc. Malware - Powered by Reason Core Security
* Note, the details and description above are based on the code signing digital signature issued to CJ Mooter Inc. by VeriSign, Inc. on May 01, 2013 with the serial number '67b841ad06bf7c23c9b3bc83920c4f94'.