home

Polyanskaya Irina

Publisher Information

Polyanskaya Irina is a brand of publishers/developers run by WebPick Internet Holdings Ltd. located in Ramat Ha'Chayal Tel Aviv, Israel. The company is a primary distributor of unwanted software. Polyanskaya Irina is a developer of WebPick Internet Holdings and publishes a number of adware web browser plugins designed to monitor web browser behavior and inject advertisements (banner, popups, text-links, etc.) in the browser by using the WebPick InstalleRex monetization delivery platform. These programs from Polyanskaya Irina are typiclaly installed on a variety of names and misspellings and are very difficult to remove. According to WebPick, they use developers to sign their adware in order to "throw off competitors".
Authority:
COMODO CA Limited

Valid from:
8/24/2014 8:00:00 PM

Valid to:
8/25/2015 7:59:59 PM

Subject:
CN=Polyanskaya Irina, O=Polyanskaya Irina, STREET="Suhata Reka, Bl. 225A, Ap. 42", L=Sofia, S=Sofia, PostalCode=1517, C=BG

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00a4c6f876119e08b1c5ff63372d64b83f

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Task.WebPick, PUP.Bundler.WebPick, PUP.WebPick, PUP.BHO.WebPick, PUP.Installer.WebPick, PUP.WebPick.PolyanskayaIrina, PUP.WebPick.PolyanskayaIrina (M), PUP.WebPick.PolyanskayaIrina.Bundler (M), PUP.WebPick.Polyansk.Bundler (M), PUP.WebPick.Polyansk (M), PUP.WebPick (M)
100.00%

avast!
Win32:Malware-gen, Win32:Adware-gen [Adw], Evo-gen [Susp]
33.33%

Avira AntiVirus
TR/Graftor.82512, TR/Dldr.Waski.939600, Adware/Vonteera.156240, TR/Dldr.Waski.1952848, TR/Agent.1952856, ADWARE/Vonteera.156240
30.77%

ESET NOD32
Generik.KUWGGPO (variant), Win32/Adware.Vonteera (variant), Generik.HGKYGC (variant), Generik.CZWEWTG (variant), Generik.MGQVXEP potentially unwanted (variant)
30.77%

Trend Micro House Call
Suspicious_GEN.F47V0105, Suspicious_GEN.F47V0123, Suspicious_GEN.F47V0121, Suspicious_GEN.F47V0211, Suspicious_GEN.F47V0213, Suspicious_GEN.F47V0306
28.21%

VIPRE Antivirus
Threat.4150696, Trojan.Win32.Generic, Trojan.Win32.Packer.EnigmaProtector1.1X-1.3X, Adware.Crossid, Win32.Malware!Drop, Threat.4790705
23.08%

F-Secure
Gen:Variant.Graftor.169175, Trojan.GenericKD.2505820
20.51%

Emsisoft Anti-Malware
Gen:Variant.Graftor.169175, Trojan.GenericKD.2505820
20.51%

Comodo Security
UnclassifiedMalware, ApplicUnwnt
17.95%

Fortinet FortiGate
Riskware/PUP, Riskware/Vonteera, W32/Dapta.H!tr
17.95%

1 / 68      (Adware)
winsta.exe  (6a9b253e1183ce37bd3a3d93ad0e6e58)

1 / 68      (Adware)
winsta.exe  (2ca9478488ad609b7761ed95a5c5a93d)

1 / 68      (Adware)
setup.exe  (f4bc160fffc216c18acc922974c9647f)

1 / 68      (Adware)
e87ae8.exe  (21ddacc127e189da8ff14b842b31f06a)

1 / 68      (Adware)
b3b70b42.exe  (00f44428c68dbe36af42ca5ee6980441)

1 / 68      (Adware)
d53c8b.exe  (8ab4de2ba7c1e47aa446f22bd8ef6bd7)

1 / 68      (Adware)
setup.exe (DocToPDFConverter by VolatoTech)  (ec28ad4f4b9c45ddec76526311378eef)

3 / 68      (Adware)
setup.exe (DocToPDFConverter by VolatoTech)  (dd7d85a788a44b1069427b3c01c35c5c)

1 / 68      (Adware)
setup.exe (DocToPDFConverter by VolatoTech)  (d33dc352b51d73cf43ecefc6b9e9cd5e)

1 / 68      (Adware)
convertor.exe  (2ca9478488ad609b7761ed95a5c5a93d)

13 / 68    (Adware)
af9e57.exe  (4cc536e4395ca42ebc726713a60c90fa)

14 / 68    (Adware)
pdfconvertor_17_03-45fff34b.exe  (3f5c65e645804083f97a9d013c0df7a9)

19 / 68    (Adware)
5.exe  (adc43274ec487e895d6c52b7f254c11f)

9 / 68      (Adware)
pdfconvironsrc03feb2015.exe  (89e1dd36e0a3c8dca36a56c268f41f53)

8 / 68      (Adware)
worldstar.exe  (1646fa8f84ffe1e7b5eb36b715477a9f)

9 / 68      (Adware)
956a4bc.exe  (353ccacab99372a6434cb5e128b5ab2e)

9 / 68      (Adware)
5.exe  (dbbc11874de44cb0f28ad3a1a184f4dd)

7 / 68      (Adware)
setup.exe  (53d2b341b90eb25b3dc61d3d3c6dcd20)

9 / 68      (Adware)
0b00a971c1.exe  (6ac7b2e7ccb60aaf3103262edb0559ac)

9 / 68      (Adware)
d21611870.exe  (3786bb04d9ba156eae9745e7c5389e24)

13 / 68    (Adware)
updater.exe  (6a9b253e1183ce37bd3a3d93ad0e6e58)

4 / 68      (Adware)
pdfconv.exe  (4d24b8163256d5cacf4272ad5fe559b3)

4 / 68      (Adware)
073c67.exe  (bde5a35d35e94edb977624d910c1b32b)

4 / 68      (Adware)
4a6dc5d68.exe  (9ec75d564de7e0e03d7c50f9a0707c58)

5 / 68      (Adware)
convertor.exe  (c0dfffd82121f9c07adb73f76b94ebcc)

4 / 68      (Adware)
fsdee.exe  (9cc8fc5493e4b188415dae831d91e8c4)

7 / 68      (Adware)
6472e38d.exe  (3c897e007ac0efff362dec126ee6fdb3)

1 / 68      (Adware)
pdfconv_64.dll  (5e58511d29161b72b7d62f9526f2d066)

16 / 68    (Adware)
rinti.exe  (4d24b921f35ce5af0354f1add054a6e2)

1 / 68      (Adware)
pdfconv_32.dll  (a3d37971da8b868774035992d6e56226)

 
Latest 30 of 39 files

Downloads URLs for files signed by Polyanskaya Irina.

9 / 68      (Adware)
https://s3.amazonaws.com/.../tetris.exe  (353ccacab99372a6434cb5e128b5ab2e)

19 / 68    (Adware)
https://s3.amazonaws.com/.../softehci.exe  (adc43274ec487e895d6c52b7f254c11f)

9 / 68      (Adware)
https://s3.amazonaws.com/racin/.../toolbox.exe  (353ccacab99372a6434cb5e128b5ab2e)

1 / 68      (Adware)
http://www.ftus.info/.../b3b70b42.exe  (00f44428c68dbe36af42ca5ee6980441)

7 / 68      (Adware)
http://www.ftbuss.info/.../ff40205d.exe  (3c897e007ac0efff362dec126ee6fdb3)

1 / 68      (Adware)
http://www.ftbuss.info/.../585813091b.exe  (8ab4de2ba7c1e47aa446f22bd8ef6bd7)

4 / 68      (Adware)
http://www.ftbuss.info/.../4a6dc5d68.exe  (9ec75d564de7e0e03d7c50f9a0707c58)

13 / 68    (Adware)
http://www.ussool.info/.../30bb75.exe  (4cc536e4395ca42ebc726713a60c90fa)

19 / 68    (Adware)
https://s3.amazonaws.com/.../graphics.exe  (adc43274ec487e895d6c52b7f254c11f)

9 / 68      (Adware)
http://www.ftus.info/.../1d2f483dc.exe  (3786bb04d9ba156eae9745e7c5389e24)

13 / 68    (Adware)
http://www.ussool.info/.../a427eee4.exe  (4cc536e4395ca42ebc726713a60c90fa)

4 / 68      (Adware)
http://www.ftus.info/.../7224da.exe  (bde5a35d35e94edb977624d910c1b32b)

19 / 68    (Adware)
https://s3.amazonaws.com/.../tools.exe  (adc43274ec487e895d6c52b7f254c11f)

19 / 68    (Adware)
https://s3.amazonaws.com/.../sudo.exe  (adc43274ec487e895d6c52b7f254c11f)

19 / 68    (Adware)
https://s3.amazonaws.com/.../options.exe  (adc43274ec487e895d6c52b7f254c11f)

9 / 68      (Adware)
http://www.ftbuss.info/.../540d115.exe  (3786bb04d9ba156eae9745e7c5389e24)

13 / 68    (Adware)
http://www.ussool.info/.../340dd8.exe  (4cc536e4395ca42ebc726713a60c90fa)

9 / 68      (Adware)
https://s3.amazonaws.com/listeru/.../Boirger.exe  (dbbc11874de44cb0f28ad3a1a184f4dd)

9 / 68      (Adware)
https://s3.amazonaws.com/.../Epson.exe  (353ccacab99372a6434cb5e128b5ab2e)

19 / 68    (Adware)
https://s3.amazonaws.com/.../GeekBuddy.exe  (adc43274ec487e895d6c52b7f254c11f)

4 / 68      (Adware)
https://s3.amazonaws.com/.../pdfconv.exe  (4d24b8163256d5cacf4272ad5fe559b3)

The following websites host and distribute files published by Polyanskaya Irina.

www.ftus.info

www.ftbuss.info

www.ussool.info

s3.amazonaws.com

* Note, the details and description above are based on the code signing digital signature issued to Polyanskaya Irina by COMODO CA Limited on August 24, 2014 with the serial number '00a4c6f876119e08b1c5ff63372d64b83f'.
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.