Qzoneinteractive

Publisher Information

Qzoneinteractive is a software publisher located in Gwangjin-gu, Seoul in Korea*. A majority of the programs developed by the company can be classified as adware or other potentially unwanted programs. Thre are 3 additional code signing certificates issued to this publisher.
Remove Qzoneinteractive Malware - Powered by Reason Core Security
Authority:
Thawte, Inc.

Valid from:
11/30/2013 9:00:00 AM

Valid to:
12/31/2014 8:59:59 AM

Subject:
CN=Qzoneinteractive, O=Qzoneinteractive, L=Gwangjin-gu, S=Seoul, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
0ed8386a77dd8c93f3ca811c375ea680

Scanner detections:
Detections  (88% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.Qzoneinteractive, PUP.Qzoneinteractive, PUP.Qzoneinteractive (M)
78.13%

ESET NOD32
Win32/Adware.Kraddare.FJ (variant), Win32/AdWare.Kraddare.JP (variant)
59.38%

Comodo Security
ApplicUnwnt
56.25%

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
53.13%

Baidu Antivirus
Adware.Win32.Kraddare
50.00%

AVG
Generic
46.88%

Trend Micro House Call
TROJ_GEN.F47V0206, TROJ_GEN.F47V0212, Suspicious_GEN.F47V0718, TROJ_GEN.F47V0708, Suspicious_GEN.F47V0123
43.75%

VIPRE Antivirus
Trojan.Win32.Generic
25.00%

McAfee
Artemis!AED0669D20B5, Artemis!F50C6E1CD124, Artemis!9909B6E71BA1, Artemis!5737A9039647, Artemis!753A2F0F5900
25.00%

MicroWorld eScan
Gen:Variant.Adware.Symmi.36013, Gen:Variant.Strictor.75892, Gen:Variant.Graftor.172431
18.75%

9 / 68      (PUP)
OnOffPop.exe (OnOffPop Module)  (ff5b7965482208459d4f8bdbc6d90e86)

5 / 68      (PUP)
O2Sch.exe (O2Sch Module)  (c87345d0b01e3c22f6033692571c9d41)

5 / 68      (PUP)
O2Sch.exe (O2Sch Module)  (a2d4d85f35db45bc2a5a219868a6e681)

17 / 68    (PUP)
O2Update.exe (O2Update Module)  (106e2167b8c6d89111e408dd025f3a28)

16 / 68    (PUP)
O2Guard.exe (O2Guard Module)  (e6dc4d04bbd4939937d306a2e0b66c50)

3 / 68      (PUP)
O2Sch.exe (O2Sch Module)  (44bff7f392b1384b4b97731b5f5f2a44)

17 / 68    (PUP)
O2Update.exe (O2Update Module)  (753a2f0f59007f30cc791f36cdf51601)

16 / 68    (PUP)
O2Guard.exe (O2Guard Module)  (5737a90396473d0b6de5d422b27c16ae)

9 / 68      (PUP)
OnOffPop.exe (OnOffPop Module)  (9909b6e71ba1dcd14d9d852f01f1d98a)

4 / 68      (PUP)
O2Update.exe (O2Update Module)  (6954c3b39468b451579cf4b6b5156875)

5 / 68      (PUP)
O2Guard.exe (O2Guard Module)  (f50c6e1cd1247cc575849adc8b90d845)

4 / 68      (PUP)
OnOffPop.exe (OnOffPop Module)  (67f331e885796d0b9bee3a3a46d123e6)

2 / 68      (PUP)
O2Sch.exe (O2Sch Module)  (4b2e15985a8068154c2cfaa57c5643fe)

6 / 68      (PUP)
RemoveTAM.exe (RemoveTAM Module)  (de687046c622a94ca57e696e772770f6)

13 / 68    (PUP)
TheAM.exe (TheAM)  (aed0669d20b50da34939495d3da24fce)

1 / 68      (PUP)
criteonow.toast.exe  (c899b7d9d79fc2c5576e5f7b43e4782c)

4 / 68      (PUP)
O2Sch.exe (O2Sch Module)  (834a3d732b7c502021923fbc3dd0ffdd)

4 / 68      (inconclusive)
O2Update.exe (O2Update Module)  (2aa3b805139a825f9b16ddb22ec875ad)

4 / 68      (inconclusive)
O2Guard.exe (O2Guard Module)  (36367e5d7806952a02e74968fc9a32c6)

4 / 68      (PUP)
OnOffPop.exe (OnOffPop Module)  (45da981dcaac5daa9552919520f7ab8f)

4 / 68      (PUP)
O2Sch.exe (O2Sch Module)  (4d13aae45a247ad8d53c3520bc639095)

4 / 68      (inconclusive)
O2Update.exe (O2Update Module)  (dfbd7a25c2fc59ac749f27f56319e686)

4 / 68      (inconclusive)
O2Guard.exe (O2Guard Module)  (5e3c9bc56f20ae99ab1e3803d48f7f2e)

12 / 68    (PUP)
onoffpop.dll  (37c710b0b609cb142a499b0531f321e9)

4 / 68      (PUP)
OnOffPop.exe (OnOffPop Module)  (9172f1d5078cdf52e1cd089794307c19)

2 / 68      (PUP)
amsch.exe (amsch Module)  (c1eba9c31ac3ac399fbe39aa4bb1027a)

3 / 68      (PUP)
tamguard.exe (Guard Tam)  (55ae6ffa80641df6ab30b40d20728fd6)

3 / 68      (PUP)
tamupdate.exe (Check Tam)  (31879e9ecc5351710b783b0f50c491cc)

2 / 68      (PUP)
O2Update.exe (O2Update Module)  (f0208ffe0990a65e17927b4c9ef67540)

2 / 68      (PUP)
O2Guard.exe (O2Guard Module)  (49d88f1167eed56643e4ef05fca57e37)

 
Latest 30 of 32 files

The certificates below are also signed by Qzoneinteractive.

07F8FA305F2BC9DE492EE1D748E01DDE  (Dec 15, 2014 to Feb 14, 2016)

7F237568BB838B3E163705A7365EEC19  (Nov 03, 2012 to Dec 04, 2013)

51790DE8CFF3FB8E48D3E671F9021D0B  (Nov 14, 2011 to Nov 14, 2012)

Remove Qzoneinteractive Malware - Powered by Reason Core Security
* Note, the details and description above are based on the code signing digital signature issued to Qzoneinteractive by Thawte, Inc. on November 30, 2013 with the serial number '0ed8386a77dd8c93f3ca811c375ea680'.