home

lovivideosetupru.exe

Product Installer

ITVA

The application lovivideosetupru.exe, “!TVA Software Installer” by ITVA has been detected as adware by 20 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. During install, it bundles potentially unwanted software on a user's computer at the same time without adequate consent. The file has been seen being downloaded from download.lovivideo.ru and multiple other hosts.
Publisher:
!TVA LLC  (signed by ITVA)

Product:
Product Installer

Description:
!TVA Software Installer

Version:
1.2.1.0

MD5:
d681ccdff2c401cd35c307562c02f7d1

SHA-1:
fe78166ef10c69c6d9d78a5d4287ba28dab1543f

SHA-256:
bb6913f894822d7ff75ad100b8ba7a13299aa16e2bdc36fa54d642470bb956ad

Scanner detections:
20 / 68

Status:
Adware

Explanation:
May bundle additional potentially unwanted software such as adware during setup.

Analysis date:
11/26/2024 3:42:57 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Generic.1270134
578

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
TR/Avti.10554496
8.3.1.6

Arcabit
Adware.Generic.D136176
1.0.0.425

Bitdefender
Adware.Generic.1270134
1.0.20.940

Bkav FE
W32.HfsAdware
1.3.0.6979

Emsisoft Anti-Malware
Adware.Generic.1270134
8.15.07.07.07

ESET NOD32
Win32/Itva.E potentially unwanted
9.11897

Fortinet FortiGate
Riskware/Itva
7/7/2015

F-Secure
Adware.Generic.1270134
11.2015-07-07_3

G Data
Adware.Generic.1270134
15.7.25

IKARUS anti.virus
PUA.Itva
t3scan.1.9.5.0

K7 AntiVirus
Adware
13.205.16474

Malwarebytes
PUP.Optional.BundleInstaller.A
v2015.07.07.07

McAfee
Artemis!D681CCDFF2C4
5600.6712

MicroWorld eScan
Adware.Generic.1270134
16.0.0.564

NANO AntiVirus
Riskware.Win32.Downware.dsdvwr
0.30.24.2320

Reason Heuristics
PUP.ITVA.Installer (M)
15.7.7.7

Trend Micro
TROJ_GEN.R047C0EFM15
10.465.07

VIPRE Antivirus
Trojan.Win32.Generic
41772

File size:
10.1 MB (10,554,496 bytes)

Product version:
1.2.1.0

Copyright:
Copyright © 2004-2015 !TVA LLC.

Trademarks:
!TVA, InstallTraffic.

Original file name:
Installer.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\lovivideosetupru.exe

Digital Signature
Signed by:
ITVA

Authority:
COMODO CA Limited

Valid from:
9/26/2014 3:00:00 AM

Valid to:
9/27/2015 2:59:59 AM

Subject:
CN=ITVA, O=ITVA, STREET="27/2 Liter A Pom 6-N, prospekt Parkhomenko", L=Saint-Petersburg, S=RU, PostalCode=194356, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
303B020D4BEC85F9AC725DFC5A02D1E8

File PE Metadata
Compilation timestamp:
5/21/2015 12:28:47 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
196608:U76ti1qbOH4/Ozk0LMLufkDEf4URNSgllNOJOSx5GPRdGnX:4oskGk0LMKPAUXSgllsBu4X

Entry address:
0x5D9E0

Entry point:
60, BE, 00, 40, 44, 00, 8D, BE, 00, D0, FB, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 71, B3, 05, 00, 57, 83, C3, 04, 53, 68, D9, 99, 01, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 00, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A...
 
[+]

Code size:
108 KB (110,592 bytes)

The file lovivideosetupru.exe has been seen being distributed by the following 2 URLs.

http://download.lovivideo.ru/LoviVideoSetupRU.exe

http://download.lovivideo.ru/lovivideo_setup.exe

Remove lovivideosetupru.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.