home

Mediaclick

Publisher Information

Mediaclick is a software publisher located in Gangnam-gu, Seoul in Korea*. The company is a primary distributor of unwanted software. Thre are 2 additional code signing certificates issued to this publisher.
Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
1/31/2008 2:39:21 PM

Valid to:
1/30/2009 2:39:21 PM

Subject:
CN=Mediaclick, OU=Software Development Department, O=Mediaclick, L=Gangnam-gu, S=Seoul, C=KR

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
10dcb8e8e4ccba8287ca3e7d2cab6b80

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Startup.Mediaclick, PUP.Mediaclick, PUP.Mediaclick.Installer (M), PUP.Mediaclick (M), PUP.Mediacli (M), PUP.Mediacli.Installer (M), PUP (M)
100.00%

AVG
MClick, Suspicion: unknown virus, MalSign.MClick
33.33%

Qihoo 360 Security
Win32/Trojan.073, HEUR/Malware.QVM06.Gen, Win32/Trojan.Generic.6fd
20.83%

McAfee
Artemis!38CDBFB157BF, Artemis!681DAF6CB68D, Artemis!52B1629BDA9B, Artemis!5589A7621042
16.67%

NANO AntiVirus
Trojan.Win32.EasyPoint.ctyqtm, Trojan.Win32.EasyPoint.ctyqyi, Trojan.Win32.Ramnit.ctcknk
16.67%

Trend Micro House Call
ADW_KRADDARE, TROJ_GEN.F47V0124
16.67%

avast!
Win32:Downloader-EDK [PUP]
12.50%

Comodo Security
Heur.Suspicious, ApplicUnwnt
12.50%

VIPRE Antivirus
Trojan.Win32.Generic
12.50%

Trend Micro
ADW_KRADDARE
12.50%

1 / 68      (Adware)
poweroffsvr.exe  (ef5a0713487bb0b80928f7fdcbcdf2ff)

1 / 68      (Adware)
poweroffsvinst.exe  (fa2b7db4fa71efad26518ec8e53635a9)

1 / 68      (Adware)
uninstall.exe  (26e28d57ab8602777cde243bec663a0c)

1 / 68      (Adware)
uninstall.exe  (52f12afdc180c76962616d3789f6df18)

1 / 68      (Adware)
poweroffmanager.exe  (70c14a631cd8b0753074e22d0eea3058)

1 / 68      (Adware)
setup.exe  (f4c7d1317d0dc7557facf1062d9b54d7)

1 / 68      (Adware)
show+변환기.exe  (1967e6f482e9867c0a00492025b6cc8a)

1 / 68      (Adware)
donkeycodecupdatecheck.exe  (0a240e3aadbd464adf63f8943571356f)

1 / 68      (Adware)
JuminAlert.DLL (JuminAlert Module)  (2f778ed112ad23f518425e4a89f22ea2)

1 / 68      (Adware)
setup_donkeycodec.exe  (be24eb4c77bd6d37b169806bf784b485)

1 / 68      (Adware)
donkeyup.exe  (ccdb72379cffbdf8a8853575df737e38)

1 / 68      (Adware)
mpointband.DLL (mpointband Module)  (df509828c6f7bfac24ac450c636e3176)

1 / 68      (Adware)
openinfos.exe  (3206f588917ec787fd29262d5358b5f5)

1 / 68      (Adware)
jjgmlaunch.DLL  (01026b99205f7bd277149eb4a94fa0dc)

19 / 68    (Adware)
setup_gmstart_all.exe  (5589a7621042b65324bf01850853d03e)

2 / 68      (Adware)
setup_visualboy_silent.exe  (1d06bb4803bccae831b383df2be5e171)

3 / 68      (Adware)
setup_snes9x_silent.exe  (a3f9e8ccd066a43b35f1f2ff258e1945)

6 / 68      (Adware)
016284.exe  (52b1629bda9bef239d64dbe04d3b6ac5)

3 / 68      (Adware)
000213.exe  (c7bc978ace77cd73deeea54b44ae52da)

2 / 68      (Adware)
008519.exe  (991029044aad6ca8a0c1280ab2b4343e)

2 / 68      (Adware)
zinc.exe  (630ec247cfab5112da1c8be54dd18e12)

2 / 68      (Adware)
gmstart.exe  (0fd2d4fb40cbc8123ef567734ae2afec)

21 / 68    (Adware)
027512.exe  (681daf6cb68d7209a26dec53c4cc8215)

17 / 68    (Adware)
jjgmudchk.exe  (38cdbfb157bf33128900a3b08ca8c976)

Downloads URLs for files signed by Mediaclick.

19 / 68    (Adware)
http://www.jjanggame.co.kr/.../setup_gmstart_all.exe  (5589a7621042b65324bf01850853d03e)

The following websites host and distribute files published by Mediaclick.

www.jjanggame.co.kr

The certificates below are also signed by Mediaclick.

4995688FF6DA3C9BEAA792BB26023CA2  (Mar 03, 2010 to Mar 04, 2011)

1EA80C81CC69B9B71655BACA73403B94  (Feb 02, 2009 to Jan 30, 2010)

* Note, the details and description above are based on the code signing digital signature issued to Mediaclick by Thawte Consulting (Pty) Ltd. on January 31, 2008 with the serial number '10dcb8e8e4ccba8287ca3e7d2cab6b80'.
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.