Itzhak Shternberg

Publisher Information

Itzhak Shternberg is a brand of publishers/developers run by WebPick Internet Holdings Ltd. located in Ramat Ha'Chayal Tel Aviv, Israel. The company is a primary distributor of unwanted software. Itzhak Shternberg is a developer of WebPick Internet Holdings and publishes a number of adware web browser plugins designed to monitor web browser behavior and inject advertisements (banner, popups, text-links, etc.) in the browser by using the WebPick InstalleRex monetization delivery platform. These programs from Itzhak Shternberg are typiclaly installed on a variety of names and misspellings and are very difficult to remove. According to WebPick, they use developers to sign their adware in order to "throw off competitors". There is one additional code signing certificate issued to this publisher.
Remove Itzhak Shternberg Malware - Powered by Reason Core Security
Authority:
COMODO CA Limited

Valid from:
6/8/2012 2:00:00 AM

Valid to:
6/9/2013 1:59:59 AM

Subject:
CN=Itzhak Shternberg, O=Itzhak Shternberg, STREET=Belkind 2, L=Tel Aviv, S=Israel, PostalCode=62154, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
009dfdc7dd83734ffb61f158a9759a6f69

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.WebPick.ItzhakShternberg.Installer (M)
100.00%

Dr.Web
Trojan.Webpick.7217, Adware.Downware.448
90.00%

VIPRE Antivirus
Threat.4150696, Trojan.Win32.Generic, Installerex/WebPick
90.00%

ESET NOD32
Win32/InstalleRex.C potentially unwanted application, Win32/InstallMate potentially unwanted application
90.00%

Bkav FE
W32.FamVT.AntiFWK.Trojan, HW32.CDB
90.00%

nProtect
Backdoor/W32.Clack.301512, Backdoor/W32.Clack.301504
90.00%

Zillya! Antivirus
Dropper.Dorifel.Win32.4364, Downloader.Adload.Win32.16891, Backdoor.Clack.Win32.181, Trojan.Genome.Win32.241815
90.00%

NANO AntiVirus
Riskware.Win32.Downware.cvbqyt, Riskware.Win32.Downware.ctkpjt, Riskware.Win32.Downware.cvbqyv
90.00%

Total Defense
Win32/Tnega.aDQSBaD
90.00%

Agnitum Outpost
Riskware.InstallMate, PUA.InstalleRex
90.00%

44 / 68    (Adware)
saveas.exe (Setup by Premium)  (90cd78c1caf9ed666e3dd06bb30b7ff9)

44 / 68    (Adware)
saveas.exe (Setup by Premium)  (c2a60186e816b8c391b6e2bcd065a0db)

44 / 68    (Adware)
saveas.exe (Setup by Premium)  (4435a7c837ad2a7788769020c50c2ca8)

44 / 68    (Adware)
saveas.exe (Setup by Premium)  (d30ce1778e66da516917987b01bd41c0)

44 / 68    (Adware)
saveas.exe (Setup by Premium)  (3981c184480c7cb30e1d632c9d32d285)

37 / 68    (Adware)
downloadsetup.exe (Setup by Premium)  (f506f66bdea48521d370a848b275495b)

44 / 68    (Adware)
saveas.exe (Setup by Premium)  (ab236c933be1d8278b3b629377d40c9e)

44 / 68    (Adware)
saveas.exe (Setup by Premium)  (be8fcd6931550853e62afc3d046e497c)

37 / 68    (Adware)
downloadsetup.exe (Setup by Premium)  (90fcfeb60966af1ef240c0a215962846)

44 / 68    (Adware)
saveas.exe (Setup by Premium)  (ce9e2edaf502a5dd8adfe9fa407935b8)

44 / 68    (Adware)
saveas.exe (Setup by Premium)  (1d0b968f501a36d830d4c45ce6971c92)

29 / 68    (Adware)
pdfdowlonad.exe (Setup by Premium)  (481bd10527c7dfbbbae50a3928e72b4c)

30 / 68    (Adware)
clicktosave.exe (Setup by Premium)  (37daed5c70b9b48ed42d6fd066f6a54c)

1 / 68      (Adware)
clicktosave.exe (Setup by Premium)  (377d968870accb13251bddb6da40fe65)

1 / 68      (Adware)
clicktosave.exe (Setup by Premium)  (611fbc48c2432e64dd9a284956bb8490)

1 / 68      (Adware)
clicktosave.exe (Setup by Premium)  (5b1dc46e08a7e60197d7d703e921e769)

44 / 68    (Adware)
saveas.exe (Setup by Premium)  (44ae42b2d7c104ffe5d8533b428761f5)

44 / 68    (Adware)
saveas.exe (Setup by Premium)  (1cecdb96376b9fa609e6be2181e03d35)

37 / 68    (Adware)
downloadsetup.exe (Setup by Premium)  (3627313deb681a7c767cacbc3f36814a)

44 / 68    (Adware)
saveas.exe (Setup by Premium)  (69b95273f6a1a6ff29cc144185ab5d7b)

44 / 68    (Adware)
saveas.exe (Setup by Premium)  (9b6fe31ef4b49672b4cf8ea49a7dfeb8)

44 / 68    (Adware)
saveas.exe (Setup by Premium)  (245f1cd5107b3680902f5307fb128c36)

44 / 68    (Adware)
saveas.exe (Setup by Premium)  (387fe27aa4d978a862457b6188117697)

44 / 68    (Adware)
saveas.exe (Setup by Premium)  (ab31a0d027e9be8ea58ddf7e7a26d51b)

44 / 68    (Adware)
saveas.exe (Setup by Premium)  (a6b2dd7c7dabd04829ecbcd2ba355d12)

29 / 68    (Adware)
pdfdownload.exe (Setup by Premium)  (b8c58d28bd218169875328633f06e67e)

29 / 68    (Adware)
pdfdownload.exe (Setup by Premium)  (3c673e2e3dbe526fbc6dd9a8c9ad5e53)

29 / 68    (Adware)
pdfdownload.exe (Setup by Premium)  (06d6f88c16b188d1e0ad223b6c8121a9)

29 / 68    (Adware)
pdfdowlonad.exe (Setup by Premium)  (84110440caa46b89f41bd755f25f182d)

29 / 68    (Adware)
pdfdowlonad.exe (Setup by Premium)  (872cddba9183254a73610e5cee6f56ea)

 
Latest 30 of 448 files

Downloads URLs for files signed by Itzhak Shternberg.

29 / 68    (Adware)
http://storagenl.info/.../  (pdfdowlonad.exe)

29 / 68    (Adware)
http://storagenl.info/.../  (pdfdowlonad.exe)

37 / 68    (Adware)
http://storagenl.info/.../  (downloadsetup.exe)

44 / 68    (Adware)

29 / 68    (Adware)
http://storagenl.info/.../  (pdfdowlonad.exe)

29 / 68    (Adware)
http://storagenl.info/.../  (pdfdowlonad.exe)

1 / 68      (Adware)
http://storagenl.info/.../  (pdfdowlonad(1).exe)

The following certificate is also signed by Itzhak Shternberg.

54990006BE4A0F29ECCD7EE2F93DC0FC  (Jul 18, 2013 to Jul 19, 2014)

The following publishers (by Authenticode signature organization name) are related.

Remove Itzhak Shternberg Malware - Powered by Reason Core Security
* Note, the details and description above are based on the code signing digital signature issued to Itzhak Shternberg by COMODO CA Limited on June 08, 2012 with the serial number '009dfdc7dd83734ffb61f158a9759a6f69'.