Ivan Kostin

Publisher Information

Ivan Kostin is a brand of publishers/developers run by WebPick Internet Holdings Ltd. located in Ramat Ha'Chayal Tel Aviv, Israel. The company is a primary distributor of unwanted software. Ivan Kostin is a developer of WebPick Internet Holdings and publishes a number of adware web browser plugins designed to monitor web browser behavior and inject advertisements (banner, popups, text-links, etc.) in the browser by using the WebPick InstalleRex monetization delivery platform. These programs from Ivan Kostin are typiclaly installed on a variety of names and misspellings and are very difficult to remove. According to WebPick, they use developers to sign their adware in order to "throw off competitors".
Remove Ivan Kostin Malware - Powered by Reason Core Security
Authority:
COMODO CA Limited

Valid from:
8/25/2013 2:00:00 AM

Valid to:
8/26/2014 1:59:59 AM

Subject:
CN=Ivan Kostin, O=Ivan Kostin, STREET=Pobedy 33/1, L=Kyiv, S=Kyiv, PostalCode=03170, C=UA

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00eb11d24ce6ddbbf752fe4dc3d683d2bf

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.WebPick.IvanKostin.Installer (M), Adware.WebPick.Installer (M)
100.00%

F-Prot
W32/InstallRex.B, W32/InstallRex.B.gen
28.00%

IKARUS anti.virus
PUP.InstallRex, PUA.TDownloader, PUA.InstallRex
28.00%

Agnitum Outpost
PUA.InstalleRex, PUA.Downloader, Trojan.AntiFW, Adware.Generic, PUA.AdLoad
28.00%

ESET NOD32
Win32/InstalleRex.M potentially unwanted application, Win32/InstalleRex.L potentially unwanted application
26.00%

VIPRE Antivirus
Threat.4150696, Threat.4753027, Trojan.Win32.Generic, Installerex/WebPick, Threat.14871
26.00%

Dr.Web
Adware.Downware.1541, Adware.Downware.1719, Trojan.WebPick.4
26.00%

avast!
Win32:InstalleRex-AI [PUP], Win32:InstallMonstr-DE [PUP], Win32:InstalleRex-DT [PUP], Win32:InstalleRex-AH [PUP]
26.00%

Kaspersky
Trojan.Win32.AntiFW, not-a-virus:Downloader.Win32.AdLoad
26.00%

Clam AntiVirus
Win.Trojan.Installerex-53, Win.Trojan.Installerex-17, Win.Trojan.Installerex-25, Win.Trojan.Installerex-108, Win.Adware.Installrex-1
26.00%

1 / 68      (Adware)

40 / 68    (Adware)
download.exe (QuickSet)  (234f01a61fa40c33854a79c1287e1d18)

38 / 68    (Adware)
download.exe (LightWare by SoftWarehouse)  (d2daeda61f81539f891079a6371f44c1)

1 / 68      (Adware)
anda adam - daca ar fi [download].mp3.exe (SummerSoft)  (68cdb47369f53a5b38b15c41d4bcad55)

1 / 68      (Adware)
anda adam - daca ar fi [download].mp3.exe (SummerSoft)  (ee141118fa0156721e2f98ebf0af06f2)

40 / 68    (Adware)
00000000 (QuickSet)  (19f4eadc7528322578541ed18b539a64)

34 / 68    (Adware)
sharebeastdownload.exe (QuickSet)  (7ec346c9ae82c06cb102512cb3679e5f)

42 / 68    (Adware)
00000000 (WinterSoft)  (5152d847afbcb515645bfb8c245a3cfd)

1 / 68      (Adware)
mp3.exe (QuickSet)  (fefa93f3b4e77733f17029cacb95aa3e)

1 / 68      (Adware)

1 / 68      (Adware)
scania-skin-olga.scs.exe (SummerSoft)  (6c83983c2631f2d6bbc8a92725c95767)

1 / 68      (Adware)
the+beatles+–+please+please+me.exe (QuickSet)  (288aa93bb04ac183075559f75b0e1bde)

43 / 68    (Adware)
00000000 (QuickSet)  (f3af1ad74622e5830151f76a6a6540ba)

1 / 68      (Adware)
va---now-hits--2013.milton.honda.rar.exe (SummerSoft)  (685d3162716c94a1fc937cb75886527e)

1 / 68      (Adware)
va---now-hits--2013.milton.honda.rar.exe (SummerSoft)  (d16017d9f7e16e17a27e2a8a4de0d1c1)

41 / 68    (Adware)
download.exe (QuickSet)  (0f77ce42ff395b9f2ad9cb545868b4aa)

1 / 68      (Adware)
happy birthday songs.exe (SummerSoft)  (485ad8342377064c8ba1be1395fc2348)

1 / 68      (Adware)
cs6ogpuw.exe (WinterSoft)  (38ab93c939c96b795e9da4878688807b)

1 / 68      (Adware)

1 / 68      (Adware)
j8nnsiqr.exe (SummerSoft)  (394209a650adc548d702bf9fdee88002)

1 / 68      (Adware)

1 / 68      (Adware)
symphonino40mozart.mp3.exe (Appit by Beware)  (f9da099ba1b36c6166d7160a1bdb7faa)

1 / 68      (Adware)
rppbahasainggris3sms2.doc.exe (MinWare by House Of Soft)  (c28a19d47a50519844cead2a235f609e)

1 / 68      (Adware)
lampiran 1d form penghitungan ak pkg.docx.exe (QuickSet)  (6cbee62b39f2c61b89cf205282c4e9e7)

1 / 68      (Adware)
buku 4 pedoman pkb dan angka kreditnya.pdf.exe (QuickSet)  (5744d672c399743b6c833462445b986d)

1 / 68      (Adware)

1 / 68      (Adware)
dj remix khoobsurat hai woh itna.mp3.exe (SummerSoft)  (33711c183465717d55d3870b6ec0e35b)

1 / 68      (Adware)

 
Latest 30 of 1,634 files

Downloads URLs for files signed by Ivan Kostin.

40 / 68    (Adware)
http://lp.zpdownload.info/.../Download.exe  (234f01a61fa40c33854a79c1287e1d18)

1 / 68      (Adware)
http://lp.ezdownloadpro.info/.../unit2.rar.exe  (de3e5b079e6c89726e2bbb5b2cd9e306)

1 / 68      (Adware)
http://lp.ezdownloadpro.info/.../null.exe  (f752b72f4783ba44d05fbb3deab00832)

The following publishers (by Authenticode signature organization name) are related.

Remove Ivan Kostin Malware - Powered by Reason Core Security
* Note, the details and description above are based on the code signing digital signature issued to Ivan Kostin by COMODO CA Limited on August 25, 2013 with the serial number '00eb11d24ce6ddbbf752fe4dc3d683d2bf'.