Fake anti-virus programs are still among the most common types of online scams. Criminals continue to create fake anti-virus programs like System Care Antivirus in order to fool unsuspecting computer users into buying useless security software. These fake anti-virus programs are renamed and repackaged every few weeks, a pattern that has repeated itself consistently since their first appearance nearly a decade ago. Despite its name, System Care Antivirus is not actually an anti-virus program. In fact, it is the complete opposite; System Care Antivirus is a kind of malware infection commonly known as a rogue security program. System Care Antivirus is designed to cause problems on a...
Posted on April 9, 2013 in Rogue Anti-Virus Program
The CIBS Pol Virus is a police ransomware Trojan that belongs to the Urusay family of malware. This police ransomware Trojan is classified as a Winlocker because it blocks access to the victim's computer by displaying a full-screen message that claims to be an alert from the police. CIBS Pol Virus is a well known scam that is in no way connected to the police force. Instead, the CIBS Pol Virus is used by criminals to scam inexperienced computer users so that they will hand over their money out of fear of prosecution, jail time and severe fines. If your access to your computer is blocked by the CIBS Pol Virus, ESG security researchers strongly advise against following the steps...
Posted on February 21, 2013 in Ransomware
MyStart is a browser hijacker that uses the MyStart by Incredibar toolbar and a browser hijacking component that forces its victims to visit the MyStart.Incredibar.com website. This website is a low-quality search engine that displays more advertisements than legitimate results. Even worse, several of MyStart's search results may lead computer users to websites containing malicious content. Although MyStart actually provides a supposed tool to remove this component from the victim's web browser, ESG security researchers recommend disregarding this component and instead removing MyStart with the help of a reputable anti-malware utility.
MyStart can refer to both the low-quality...
Posted on July 31, 2012 in Adware
Windows Active Guard is a malware program that belongs to the FakeVimes family of fake security software. Windows Active Guard carries out a common online scam that involves pretending to be a real security program in order to convince inexperienced computer users that they must pay for an expensive 'upgrade'. Since there are no real anti-malware capabilities on Windows Active Guard and it is, in reality, a malware infection itself, ESG malware researchers strongly recommend ignoring all of Windows Active Guard's warnings and removing this bogus security program with a reliable anti-malware application.
Windows Active Guard's Family of Rogue Security Programs
Posted on July 23, 2012 in Rogue Anti-Spyware Program
ESG security researchers have received reports of a ransomware infection, known as the FBI Moneypak ransomware, that targets computer users in the United States. The FBI Moneypak ransomware infection will claim that the victim's computer was involved in viewing child pornography and then demands payment of a 100 dollar 'fine' to be sent via MoneyPack. Of course, that a criminal charge as serious as child pornography would be punished with a mere 100 dollar fine is laughable. There is a reason for this, the FBI Moneypak ransomware is not really from the FBI. Rather, this message is actually part of a common malware scam.
The FBI Moneypak ransomware scam will use a Winlocker, that is, a...
Posted on June 25, 2012 in Ransomware
The so-called Ukash Virus is a ransomware Trojan that receives its name because Ukash Virus requires that its victims use Ukash (a legitimate money transfer service) to transfer the ransom funds. This dangerous Trojan infection is composed of a Winlocker component that basically blocks access to the infected computer system, disabling access to the infected computer system's desktop, Task Manager, command line, Registry Editor and other services and applications. There are countless variants of the Ukash Virus, designed to target various different countries in Europe and North America. ESG malware analysts strongly advise against paying the ransom that this malware infection tries to...
Posted on June 15, 2012 in Malware
Live Security Platinum is one of the many fake security programs in the WinWebSec family of malware. Although ESG security researchers have been following the WinWebSec family of malware for several years, Live Security Platinum is a relatively new variant first detected in 2012. Because of this, it is pivotal to ensure that your security software is fully updated. Like most fake security programs, Live Security Platinum is designed to induce PC users to purchase a worthless 'full version' of Live Security Platinum. To do this, Live Security Platinum will try to scare the computer user with a variety of fake error messages, pop-up alerts from the Taskbar and a convincing fake scan of...
Posted on June 1, 2012 in Rogue Anti-Spyware Program
DNS Changer is a Trojan that is designed to force a computer system to use rogue DNS servers. Also, DNS Changer is being referred to as the Internet Doomsday Virus, Ghost Click Malware, DNS Changer Rootkit, DNS Changer Malware, DNS Changer Trojan, DNS Changer Virus, FBI DNS Changer or DNSChanger. A DNS Changer infection will typically have two steps, in order to reroute the infected computer’s traffic to these malicious DNS servers:
A DNS Changer malware infection will change the infected computer system’s settings, in order to replace the DNS servers to rogue DNS servers belonging to hackers or online criminals.
The DNS Changer malware infection will then try to...
Posted on November 25, 2011 in Trojans
Handsnake is a Carberp-based Trojan that encompasses VNC functionalities. Handsnake enables attcakers to obtain remote unauthorized access and control of a compromised PC. Once loaded, Handsnake starts communicating with the CnC server. By using Handsnake, the cybercrooks can use the remote desktop function of the VNC component to gain remote unauthorized access and control of the targeted PC.
Posted on April 16, 2014 in Trojans
'Newnext.me nengine.dll' is a misleading pop-up error message that may occur when a PC is affected by adware and PUPs (potentially unwanted programs). The DLL file named 'nengine.dll' belongs to adware found as NewNextDotMe, Trojan_NextLive.adw, PUP.Optional.NextLive.A and Adware.NextLive.1. This adware may come packaged with Mobogenie and other PUPs. If a PC clicks the tricky 'Newnext.me nengine.dll' Pop-Up Error Message, he may unknowingly enable to install more PC infections on the computer. After installation on the computer, adware pertaining to the 'Newnext.me nengine.dll' Pop-Up Error Message may download potentially infected files and modify the Windows Registry. 'Newnext.me nengine.dll' Pop-Up Error Message-related adware may propagate and enter the PC as an additional application packaged with freeware that PC users can download from unreliable download websites.
Posted on April 16, 2014 in Fake Error Messages
TrojanDownloader:Win32/Wobotork.A is a Trojan that stealthily drops and installs other malicious applications on a targeted PC without a victimized computer user's authorization. TrojanDownloader:Win32/Wobotork.A can drop and install other malware infections or malware components to a compromised PC. After installation, TrojanDownloader:Win32/Wobotork.A replicates itself into a specific location. TrojanDownloader:Win32/Wobotork.A makes system modifications by creating the potentially harmful files on a contaminated computer. TrojanDownloader:Win32/Wobotork.A may contact a remote host in order to receive configuration or other data, report a new infection to its creator, upload data taken from the infected computer system, receive commands from a remote cybercrook and drop and execute files, involving updates or other malware threats.
Posted on April 16, 2014 in Trojans
TrojanSpy:Win32/Gamker.B is a Trojan that gathers private details from a victim for a cybercriminal. Once installed, TrojanSpy:Win32/Gamker.B makes system modifications by replicating itself into a specific location. TrojanSpy:Win32/Gamker.B creates the potentially harmful files on the computer system. TrojanSpy:Win32/Gamker.B may contact a remote host in order to report a new infection to its creator, drop and execute files, incorporating updates or other malware infections, receive configuration or other data, receive commands from a remote cybercrook and upload data taken from the infected computer.
Posted on April 16, 2014 in Trojans
Vaudix is an unwanted browser extension categorized as a potentially unwanted program developed by a company named CSG Ltd. Vaudix may claim to improve the PC user's online browsing activity by allowing media file compression, online video encoding and other helpful features. Vaudix may install itself on a PC without a computer user's permission or as an extra application packaged with free applications that computer users download or install from untrustworthy download websites. After installation on the Web browsers such as Internet Explorer, Google Chrome and Mozilla Firefox, Vaudix may generate intrusive banner, pop-up, pop-under and interstitial ads. Vaudix may track the computer user's Internet surfing by recording IP address, Internet service provider allocated to computer user's device, the web address of the websites the PC user has visited, anti-virus software that the PC...
PUP.FireDiveDownloader is a PUP (potentially unwanted program) that may create disturbing discount coupon ads when PC users are visiting online shopping websites. The authors of the PUP.FireDiveDownloader browser add-on may claim that PUP.FireDiveDownloader can save time and money while shopping online by automatically displaying lowest prices, discount coupons, and the sale deals of the selected products. However, in truth, PUP.FireDiveDownloader plug-in is categorized as adware and it is not recommended using this browser extension. PUP.FireDiveDownloader may be advertised and spread to computers as an optional program with bundled freeware. Upon installation, PUP.FireDiveDownloader may keep track of the computer user's Internet surfing activities by recording online browsing details. PUP.FireDiveDownloader may slow down popular Web browsers such as Internet Explorer, Google Chrome,...
DOS/Rovnix.gg is a virus which attacks Windows PCs. Upon installation, DOS/Rovnix.gg can make system changes by dropping potentially infected files and registry entries, which can result in computer crash. DOS/Rovnix.gg can embed its own malevolent codes into a PC. DOS/Rovnix.gg can drop and install other malware infections on the contaminated computer. DOS/Rovnix.gg can be difficult to detect and remove from the infected computer system. DOS/Rovnix.gg can launch on the compromised PC every time the computer user starts-up Windows. DOS/Rovnix.gg can consume high system resources and lead to high CPU usage. DOS/Rovnix.gg can reduce the whole computer performance. DOS/Rovnix.gg can collect the target PC user's personal information and transfer it to cybercrooks.
Posted on April 16, 2014 in Viruses
Trojan.ADH.SMH is a Trojan that can stealthily enter a targeted PC when a computer user downloads and installs free applications from suspicious download websites. Trojan.ADH.SMH can also circulate via spam emails carrying malicious attachments, infected torrents and websites. Trojan.ADH.SMH slows down the affected computer's performance and can even harm the PC. Trojan.ADH.SMH can crash the Web browser and unwillingly divert victimized PC users to unreliable websites. Trojan.ADH.SMH can also drop and install other malware threats on the computer without the PC user's approval. Trojan.ADH.SMH can also monitor the PC user's browsing habits. Trojan.ADH.SMH may steal the victim's online history, cookies, search requests, credit card accounts, passwords and other personal information.
Posted on April 16, 2014 in Trojans
VBS/Dinihou.G.2, otherwise known as safa7_22.vbs Virus, is a virus which can evade detection and uninstallation of security tools. VBS/Dinihou.G.2 can proliferate and access a computer system through bundled free applications that computer users can download from untrustworthy downloads websites. VBS/Dinihou.G.2 can also be distributed as an infected file attached to junk email messages. After VBS/Dinihou.G.2 installs itself on the computer surreptitiously, it creates files and folders and makes modifications to the Windows Registry, restricting itself from being found and uninstalled by a variety of anti-virus software. VBS/Dinihou.G.2 can destroy files in crucial sections of the PC, filling the computer with a variety of security bugs, which can be used by attackers to enter the computer system. VBS/Dinihou.G.2 slows down the PC's speed with malevolent processes which highly consume...
Posted on April 16, 2014 in Viruses
RRsavings is known to be adware that may claim to be able to save money on many products while PC users are shopping online. After installation on a PC, RRsavings may created and display annoying pop-up messages and advertisements on a computer system. RRsavings may target all popular Web browsers including Google Chrome, Mozilla Firefox and Internet Explorer installed on the PC and deliver unwanted pop-up advertisements and notifications on every website the PC user visits. The pop-up advertisements of RRsavings may be related to the computer user's recent online searches or the visited website's content. RRsavings may modify search results in any well-known search provider with sponsored links that may encompass various pop-up ads carrying deals and offers shown with the purpose to generate advertising revenue from clicks. Search results modified and given by RRsavings in any...
Posted on April 16, 2014 in Adware
Tracking.teebick.com is a suspicious search service website, which may be connected with security infections such as adware and browser hijackers. Adware and browser hijackers may take over the Web browser and change the default start page and search engine with Tracking.teebick.com, or open it in a new tab page embedding its own search box, by not permitting PC users to revert it to the default settings unless associated security threats are completely uninstalled. Computer threats related to Tracking.teebick.com may propagate and enter the PC through packaged freeware that computer users can download from unreliable download websites. Adware and browser hijackers associated with Tracking.teebick.com may also display numerous unwanted pop-up advertisements and banners in search results on any genuine search engine. Tracking.teebick.com-related browser hijackers and adware may also...
Posted on April 16, 2014 in Browser Hijackers
Trojan:Win32/Kilim.J is a Trojan that may carry out a variety of malignant activities on a corrupted PC. Upon installation, Trojan:Win32/Chenf.A replicates itself to a specific location. Trojan:Win32/Chenf.A makes system modification by creating the potentially harmful files on a computer system. Trojan:Win32/Chenf.A might contact a distant host. Trojan:Win32/Chenf.A does this to report a new infection to its creator, drop and execute files, incorporating updates or other malware infections, receive configuration or other data, receive commands from a remote cybercrook and upload data taken from the computer system.
Posted on April 15, 2014 in Trojans
Trojan:Win32/Kilim.J is a Trojan that may carry out a variety of harmful activities on a compromised PC. After installation, Trojan:Win32/Kilim.J makes system modifications by creating the potentially infected files on a computer system. Trojan:Win32/Kilim.J may contact the distant hosts in order to affirm Internet connectivity, receive configuration or other data, report a new infection to its creator, receive commands from a remote cybercriminal, drop and execute files, incorporating updates or other malware threats, and upload data taken from the contaminated computer system.
Posted on April 15, 2014 in Trojans
Adware.Maltrec.TS!g is adware that may add graphical skins into Internet Explorer, Microsoft Outlook, and Outlook Express toolbars. Adware.Maltrec.TS!g may also insert its own toolbar and search button. These custom toolbars may have keyword-targeted ads integrated into them. Adware.Maltrec.TS!g may be produced to create and show disturbing ads in major Web browsers. Adware.Maltrec.TS!g may strive to benefit from ad clicks. Adware.Maltrec.TS!g may also repeatedly redirect computer users to untrustworthy websites that may be designed to generate advertising income from increased traffic of the sponsored website.
Posted on April 15, 2014 in Adware
MalSign.Generic.A8A is a PUP (potentially unwanted program) that may integrate itself on the Web browsers involving Internet Explorer, Google Chrome, and Mozilla Firefox when PC users download or install free applications from untrustworthy download website. The creators of MalSign.Generic.A8A may use tricky methods such as bundling in an effort to install a MalSign.Generic.A8A plug-in or add-on on the PC without the computer user's approval. MalSign.Generic.A8A may circulate and enter the PC through bundled free applications. Upon installation, MalSign.Generic.A8A may create and show disturbing advertisements encompassing discount coupons, sales and deals when PC users visit shopping-related websites. MalSign.Generic.A8A may keep track of the computer user's Internet surfing habits by recording websites the PC user visits and activities on those websites. MalSign.Generic.A8A may...