goodcomms Inc.

Publisher Information

goodcomms Inc. is a software publisher located in Seongnam-si, Gyeonggi-Do in Korea*. A majority of the programs developed by the company can be classified as adware or other potentially unwanted programs. Thre are 3 additional code signing certificates issued to this publisher.
Remove goodcomms Inc. Malware - Powered by Reason Core Security
Authority:
Thawte, Inc.

Valid from:
11/18/2011 9:00:00 AM

Valid to:
11/18/2012 8:59:59 AM

Subject:
CN=goodcomms Inc., OU=marketing, O=goodcomms Inc., L=Seongnam-si, S=Gyeonggi-do, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
195a4cba4a685695c96ed6e8c5a0ea1d

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.GoodComms.IndigoRoseCorporation (M), PUP.GoodComms (M), PUP.GoodComms.Installer (M), Threat.Win.Reputation.IMP
91.49%

AhnLab V3 Security
PUP/Win32.WebCompass, PUP/Win32.AppIs, Win-PUP/Helper.AppIs.47248, Win-PUP/Helper.Appls.875640
38.30%

Malwarebytes
Adware.Kraddare, Adware.KorAd
25.53%

Trend Micro House Call
TROJ_GEN.F47V0115, TROJ_GEN.F47V0118, TROJ_GEN.F47V1122, ADW_BHO, TROJ_GEN.F47V1007, ADW_KORAD, TROJ_GEN.FCBCBLA, ADW_KRADDARE, TROJ_DLOADER.BMC
21.28%

Dr.Web
Trojan.Adkor.55, Trojan.Adkor.63
17.02%

Trend Micro
ADW_BHO, ADW_KORAD, TROJ_GEN.FCBCBLA, ADW_KRADDARE, TROJ_DLOADER.BMC
12.77%

Antiy Labs AVL
Spyware[AdWare:not-a-virus]/Win32.MicrowinSearch
8.51%

Rising Antivirus
Suspicious
6.38%

Panda Antivirus
Suspicious file
6.38%

Agnitum Outpost
Trojan.Adkor
4.26%

4 / 68      (PUP)
update.exe (TrueUpdate Client by Indigo Rose)  (db3931c3e8da3e537054663746eb260a)

1 / 68      (PUP)
appis.dll  (863e0f955e2f4c651b84e46b7d701c2e)

4 / 68      (PUP)
update.exe (TrueUpdate Client by Indigo Rose)  (c1ae42651cc58ea0cb1d5b83172398a8)

1 / 68      (PUP)
ipop.dll  (cbf3afcf1319ca5e00ecf02025b24167)

1 / 68      (PUP)
free.exe  (5bfd122f72b6b45e86fe5a977fdc405b)

1 / 68      (PUP)
webcompass.dll  (350dd78f676854aecabe129d04194004)

1 / 68      (PUP)
wslopencapture3.exe  (03bfae2e2e7b8079896da15296f7accd)

1 / 68      (PUP)
isopencapture3.exe (by goodcomms)  (8dcf64ffdc10d490a46930fe7aafb467)

1 / 68      (PUP)
appis.dll  (f3b6189d9126acd519a9fdd403b5b5bc)

4 / 68      (PUP)
update.exe (TrueUpdate Client by Indigo Rose)  (d1b5a6539e0336b4c872521ffdf5ca93)

1 / 68      (PUP)
uninstall.exe  (6da2da7caa7a0034c206f1342cad7121)

1 / 68      (PUP)
free.exe  (d466631e283fcc2ae8e9c6a5b244cd25)

1 / 68      (PUP)
ipop.dll  (b01b6b62970a14f7ba8bd1a245a5a6da)

1 / 68      (PUP)
isdrcodec.exe (by goodcomms)  (264fe6232c25042a75a4138e654cc49e)

1 / 68      (PUP)
uninstall.exe  (6fca672547db326c2f80a33ce43e582b)

1 / 68      (PUP)
free.exe  (577dc000fcf74251966bd8824c864f2b)

5 / 68      (PUP)
wslfilejo.exe  (a39fb0a630fa969169dcb86893977dde)

5 / 68      (PUP)
ischoco.exe (by goodcomms)  (e813f4e90d7a5757c3a0f3e964e860fe)

3 / 68      (PUP)
isdrcodec.exe (by goodcomms)  (592e9a11f8a12ee6b90f7e6f34f73406)

3 / 68      (PUP)
update.exe (TrueUpdate Client by Indigo Rose)  (24059db3482f881236ed2b3b76d2b401)

2 / 68      (PUP)
uninstall.exe  (11359d40b68d5eca2b4a3e2aa1e28cee)

5 / 68      (PUP)
free.exe  (f2a9c0e9eb5a55ecae6dba61760c825c)

4 / 68      (PUP)
ischoco.exe (by goodcomms)  (7f7d83fdf62d95cf778f98f926c2cddd)

1 / 68      (PUP)
ipop_wslchoco.exe  (5e1268378e863c19669384a3b7d9acba)

3 / 68      (PUP)
update.exe (TrueUpdate Client by Indigo Rose)  (95e6b17357a80f0764ba46a65628c7e9)

4 / 68      (PUP)
wslwidepics.exe  (9b474c1c2757b99650bb3185e89aa91d)

5 / 68      (PUP)
wslopencapture4.exe  (a3a3b371ec42854218b42cb06477ab5d)

1 / 68      (PUP)
uninstall.exe  (badd1e2f4cf68cd05cb37bcc6b4249f4)

1 / 68      (PUP)
wsldrcodec.exe  (6c66b931c7328bcfbf626637f48f78ab)

5 / 68      (PUP)
wslmisofile.exe  (071a25c6cae1441e4e8f22dbae9dbb6d)

 
Latest 30 of 47 files

The certificates below are also signed by goodcomms Inc..

548D1AC20BFFDA165D2E423DBD29B0F2  (Dec 12, 2014 to Feb 11, 2016)

1BD77C0038E7E03D32607E6631F99C8C  (Dec 02, 2013 to Jan 02, 2015)

630E494EE04789E6CD2B37BB23AA30B7  (Nov 11, 2012 to Dec 12, 2013)

Remove goodcomms Inc. Malware - Powered by Reason Core Security
* Note, the details and description above are based on the code signing digital signature issued to goodcomms Inc. by Thawte, Inc. on November 18, 2011 with the serial number '195a4cba4a685695c96ed6e8c5a0ea1d'.