Eran Vaterfeld

Publisher Information

Eran Vaterfeld is a brand of publishers/developers run by WebPick Internet Holdings Ltd. located in Ramat Ha'Chayal Tel Aviv, Israel. The company is a primary distributor of unwanted software. Eran Vaterfeld is a developer of WebPick Internet Holdings and publishes a number of adware web browser plugins designed to monitor web browser behavior and inject advertisements (banner, popups, text-links, etc.) in the browser by using the WebPick InstalleRex monetization delivery platform. These programs from Eran Vaterfeld are typiclaly installed on a variety of names and misspellings and are very difficult to remove. According to WebPick, they use developers to sign their adware in order to "throw off competitors".
Authority:
COMODO CA Limited

Valid from:
7/10/2013 7:00:00 AM

Valid to:
7/11/2014 6:59:59 AM

Subject:
CN=Eran Vaterfeld, O=Eran Vaterfeld, STREET=Shtruk 15, L=Tel Aviv, S=Tel Aviv, PostalCode=64042, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00cf0201f072612c73f4f11fe23420b802

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
Adware.WebPick.Installer (M), PUP.WebPick.EranVaterfeld (M), PUP.WebPick.EranVaterfeld.Bundler (M), PUP.WebPick.EranVaterfeld.Installer (M)
100.00%

McAfee
PUP-FDX!B50872A2FFF2, PUP-FIC, PUP-FIC!D133F67B710B, PUP-FIC!ED789E545379, PUP-FIC!0BF92DA02867, Program.PUP-FIC, PUP-FIC!4B76C1F6D0C0
80.00%

Malwarebytes
PUP.Optional.Installrex, PUP.Optional.MultiPlug.A, PUP.Optional.Multiplug, PUP.Optional.Installex
80.00%

K7 Gateway Antivirus
Unwanted-Program , Trojan , Adware , Virus
80.00%

Agnitum Outpost
PUA.Downloader, PUA.MultiPlug, PUA.InstalleRex, Adware.Agent
80.00%

avast!
Win32:InstalleRex-Z [PUP], Win32:InstalleRex-Y [PUP]
80.00%

Kaspersky
not-a-virus:HEUR:Downloader.Win32.AdLoad, not-a-virus:HEUR:AdWare.Win32.Agent, not-a-virus:HEUR:AdWare.Win32.MultiPlug, not-a-virus:AdWare.Win32.Agent
80.00%

NANO AntiVirus
Riskware.Win32.Downware.ctkpjj, Riskware.Win32.Agent.dalhvg, Riskware.Win32.Agent.dafwqq, Riskware.Win32.MultiPlug.dcbxiz
80.00%

Comodo Security
Application.Win32.InstalleRex.KG, Application.Win32.Multiplug.R, Application.Win32.MegaSearch.ATK, Application.Win32.Multiplug.GETF
80.00%

Dr.Web
Adware.Downware.1442, Trojan.Crossrider.21707, Trojan.Crossrider.20906, Trojan.WebPick.2726, Trojan.Crossrider.25544, Trojan.Crossrider.20709
80.00%

43 / 68    (Adware)
download.exe (SummerSoft)  (0b1215e047be0118c2b2065401d76677)

40 / 68    (Adware)
download.exe (StarApp)  (ba4ce1b17ea858bb4dee0b0e4bb47fe1)

1 / 68      (Adware)

1 / 68      (Adware)

35 / 68    (Adware)
setupytb.exe (the one collection by end-user for to)  (b0513ac0fc4751110ba9cc36575189e8)

38 / 68    (Adware)
setupytb.exe (and DBMSs Database by DBMS are)  (e2e8b84cff15a98f0934b084d53a6ede)

38 / 68    (Adware)
setuplh.exe (and DBMSs Database by DBMS are)  (6909a2188ab73d517a006b42b4b7d3b2)

38 / 68    (Adware)
setupespl.exe (and DBMSs Database by DBMS are)  (fae14f61f6845ec578b49984102b9d7e)

38 / 68    (Adware)
extie_setup.exe (and DBMSs Database by DBMS are)  (4c29b81f8177258515d76a3867894370)

31 / 68    (Adware)
setupytb.exe (structure the by heart that)  (8a9e472d99261c2a14521231d4a7a870)

38 / 68    (Adware)
setupespl.exe (structure the by heart that)  (f9a112260dab0edb81ef46680b743738)

36 / 68    (Adware)
setupbc.exe (structure the by heart that)  (2a3f942fc6b6e3fc8099caf01004b1ce)

43 / 68    (Adware)
setupespl.exe (by profiler heart of software The)  (4ef0086d2bb186753d23f604b124187b)

38 / 68    (Adware)
setupytb.exe (by profiler heart of software The)  (566a70ae37d18bb13453ed897da65693)

43 / 68    (Adware)
setupespl.exe (by profiler heart of software The)  (42f98678abcfb5ee405a46a700e379a7)

41 / 68    (Adware)
setupbc.exe (by profiler heart of software The)  (4217e6cbee89455d10f552400ec78aa1)

1 / 68      (Adware)
uy50xsif.exe (SummerSoft)  (600c7b668050624c73d5cbb6935ad58f)

39 / 68    (Adware)
sharebeastdownload.exe (SummerSoft)  (ca1a43d3aee12f4f75a28a293767ea90)

43 / 68    (Adware)
setupespl.exe (by profiler heart of software The)  (b72ecd11b97f39b332ce40c8f5d7c622)

43 / 68    (Adware)
download.exe (SummerSoft)  (5bb0e9339bb82967105d28b98da4dab5)

42 / 68    (Adware)
294823_.exe (modifying are channel either by Data)  (496344d1db473e67d33194d959a61e49)

43 / 68    (Adware)
setupespl.exe (by profiler heart of software The)  (d0718fbf791ce5d4658e38b046a9f4fa)

43 / 68    (Adware)
setupespl.exe (by profiler heart of software The)  (787b68e77b9534ea7a1050364ccba0b8)

1 / 68      (Adware)

33 / 68    (Adware)
setupytb.exe (and modern by RAID DBMSs)  (be6c7e1774b0779aa6de91889c030a87)

1 / 68      (Adware)
ruqyahsyar_iyah.mp3.exe (SummerSoft)  (cc76b63bf9bb8cb927b76256b9836b7c)

1 / 68      (Adware)

34 / 68    (Adware)
vaudixie_extension.exe (information by DBMS)  (5c4ef42c140bc65470cb3ed80564cea9)

40 / 68    (Adware)
setupytb.exe (information by DBMS)  (de19c14ae82b407592daabd3d35c81d9)

40 / 68    (Adware)
setuplh.exe (information by DBMS)  (b80ab326fb397fdfe7eafe5c25191448)

 
Latest 30 of 3,399 files

Downloads URLs for files signed by Eran Vaterfeld.

40 / 68    (Adware)
http://lp.vaudix.com/.../Download.exe  (ba4ce1b17ea858bb4dee0b0e4bb47fe1)

39 / 68    (Adware)
http://lp.ezdownloadpro.info/.../SharebeastDownload.exe  (ca1a43d3aee12f4f75a28a293767ea90)

1 / 68      (Adware)
http://lp.ezdownloadpro.info/.../RUQYAHSYAR_IYAH.mp3.exe  (cc76b63bf9bb8cb927b76256b9836b7c)

The following publishers (by Authenticode signature organization name) are related.

* Note, the details and description above are based on the code signing digital signature issued to Eran Vaterfeld by COMODO CA Limited on July 10, 2013 with the serial number '00cf0201f072612c73f4f11fe23420b802'.