Disk Antivirus Professional is one of the many fake anti-virus programs that belong to the WinWebSec family of rogue security applications. These kinds of fake anti-virus programs are designed to display false positives on the victim’s computer and to cause a number of symptoms deliberately in order to trick a computer user into thinking that their computer has become infected with dangerous malware. The point of this scam is to convince computer users to download and install Disk Antivirus Professional and then to pay for a ‘full version’ of Disk Antivirus Professional. This fake security program can also compromise your computer by directing computer users to an online video which content is designed to direct computer users to websites that possesses a malicious content and may install malware on your computer without your…
The Polizia Di Stato Virus is the Italian variant of the so-called Ukash Virus, a family of ransomware Trojans that use highly localized ransom messages in order to scam inexperienced computer users all over the world. The basic Polizia Di Stato Virus scam does not differ from mainstream Ukash Virus variants. Basically, the Polizia Di Stato Virus takes over the victim’s computer. It blocks access to the infected computer’s components (including essential components such as the Start Menu, the Task Manager and the Windows Desktop) and then displays a full screen message demanding that the victim pay a ransom if they desire to regain control of the infected computer. The Polizia Di Stato Virus follows a common convention in these kinds of malware attacks by impersonating Italy’s Federal police in its message. However, it is…
The FBI Ultimate Game Card virus is one of the many variants of the infamous Ukash family of ransomware Trojans. The main way in which the FBI Ultimate Game Card virus and its family members such as Gema ‘Access to your computer was denied’ Virus, the Celas Trojan and the SIAE Virus (to mention only a few) attacks a computer is by blocking access to all components on the infected computer and displaying a large, fake message from the FBI demanding the payment of a hefty fine. Basically, the FBI Ultimate Game Card virus receives this name because the FBI Ultimate Game Card virus asks for payment using a common money payment service in the United States…
ESG malware researchers warn against the fake search engine Isearch.claro-search.com. This website, using an interface that blatantly rips of the main page of Google Search, is closely associated with dangerous browser hijackers. Isearch.claro-search.com is part of a scam that involves forcing computers users to visit this website against their will. These browser redirects are associated with a dangerous rootkit infection which will commonly enter the victim’s computer via an attack website or through an infected file download. If your computer is forcing you to visit Isearch.claro-search.com repeatedly, this is a clear indication that your computer has become infected with a malware threat that is both dangerous and difficult to remove.
Isearch.claro-search.com redirects are symptoms of a malware infection. Some symptoms of this infection include the…
MyStart is a browser hijacker that uses the MyStart by Incredibar toolbar and a browser hijacking component that forces its victims to visit the MyStart.Incredibar.com website. This website is a low-quality search engine that displays more advertisements than legitimate results. Even worse, several of MyStart’s search results may lead computer users to websites containing malicious content. Although MyStart actually provides a supposed tool to remove this component from the victim’s web browser, ESG security researchers recommend disregarding this component and instead removing MyStart with the help of a reputable anti-malware utility.
MyStart can refer to both the low-quality search engine and the actual browser toolbar associated with this threat. The MyStart website uses a design and template that…
Searchui.com is a misleading online search engine that pretends to be an authentic and secure search system. Searchui.com is supported by browser hijackers and other security threats such as adware and rootkits. Browser hijackers that are linked to Searchui.com embed a browser add-on on the victimized Internet browser and result in annoying redirects to deceitful websites full of fake ads produced by cybercrooks to increase traffic and make money from the pay-per-click technique. Browser hijackers related to Searchui.com also modify search results in Google and other major search engines and reroute affected PC users to Searchui.com and other dubious advertising websites. Browser hijackers associated with Searchui.com also grab the victimized PC user’s sensitive details in an effort to transfer it to remote cybercrooks. After hijacking the vulnerable web browser, browser hijackers…
Trojan:Win32/Glod.A is a Trojan, which control what keys an attacked computer user hits and transmits this information to a remote cybercriminal. Trojan:Win32/Glod.A can obtain remote unauthorized access to the victimized computer user’s user names and passwords. Trojan:Win32/Glod.A may be installed on the corrupted PC by masquerading as a genuine software product, or by other security threats. Trojan:Win32/Glod.A may steal the victim’s personal information, incorporating his/her usernames and passwords. Once installed on the compromised PC, Trojan:Win32/Glod.A makes system alterations by downloading malicious files and modifying the Windows Registry. Trojan:Win32/Glod.A may use social engineering to induce the target PC user to install it on the vulnerable computer system. Trojan:Win32/Glod.A can masquerade as a screen saver file ‘image.scr’, or it may also be downloaded by other…
Trojan:Win32/Mojap.A is a Trojan that transfers information about a targeted PC to a specific distant server. Trojan:Win32/Mojap.A may be installed and executed by other malware infections. Once installed on the infected computer system, Trojan:Win32/Mojap.A makes system alterations by downloading malicious files. When executed, Trojan:Win32/Mojap.A creates the copies of the legitimate system files ‘cmd.exe’ and ‘advapi32.dll’ with the goal of allowing payloads for other malware threats that could be distributed or installed together with Trojan:Win32/Mojap.A. Trojan:Win32/Mojap.A gathers the specific information about the compromised PC and transmits it to a distant server. The server may transmit information back to Trojan:Win32/Mojap.A on the affected PC, where it saves the information into the temporary Internet files folder….
Search Donkey is a browser add-on/potentially unwanted program that was produced by WebAppTech Coding, LLC. Search Donkey declares to offer Internet users more browsing options for Internet Explorer, Mozilla Firefox and Google Chrome. Search Donkey infiltrates into the affected computer system together with other freeware applications without the PC user’s permission. When inside the compromised PC, Search Donkey makes modifications to the compromised Internet browser when the web user is making an online search or visiting particular websites. Search Donkey will illustrate a drop-down menu, which is called ‘Best Search’. Although Search Donkey is not a harmful program, it is still added to the list of applications that security researchers advise to uninstall from the computer system. Search Donkey can lead to annoying diversions to tricky websites where Internet users can get their…
QuotationCafe is a toolbar that web users can download from Quotationcafe.com. However, QuotationCafe has been spotted to be installed to random PCs without a computer user’s authorization. QuotationCafe always comes packed with other free software products that Internet users can download from the web. QuatationCafe is not found to be a damaging application, but it results in many annoyances for the attacked PC user. QuotationCafe replaces the default homepage and default search engine to a doubtful website. QuotationCafe will also repeatedly reroutes the victim to misleading websites while he/she is browsing the web. QuotationCafe strives to boost traffic to particular relevant websites. QuotationCafe also grabs information about the target computer user’s browsing activity and may enable third parties to use this data to show targeted pop-up advertisements on the desktop of the…
Wizard 101 is a gaming application, which is automatically dropped onto the PC when the computer user logs into Wizard101.com website to play some online game. While Wizard 101 is not as dangerous as numerous damaging applications, it is reported by security researchers and PC users to be an unwanted program. Wizard 101 is difficult to uninstall from the corrupted PC because it doesn’t show up on the list of Add/Remove Programs. If Wizard 101 has entered the PC without the computer user’s authorization asked, it means that this application can be configured to record browsing activity, result in disturbing diversions on the hijacked Internet browser and show unwanted pop-up advertisements during your Internet sessions. Once Wizard 101 enters the targeted computer system, it modifies some computer system’s settings involving the default start page, default search engine and other….
RARSTONE is a RAT, which is used in targeted attacks against Asian organizations. RARSTONE is included in a cybercriminal campaign, dubbed Naikon, that attacks communications, oil, government, media and other types of organizations from Asia. The cybercriminals send out spear-phishing emails that allegedly include documents pertaining to diplomatic discussions in the Asia-Pacific region. When the documents attached to the emails are opened, a vulnerability in Windows common control is exploited, and RARSTONE is pushed onto the victim’s computer system. In the meantime, a lure document is shown not to raise suspicion. Once it finds itself on a device, a backdoor component is downloaded from a command and control (C&C) server directly to the memory. This enables the malware infection to go undetected by numerous security applications. RARSTONE checks the Uninstall Registry Key and uses it…
TSPY_QHOST.QFB is a Trojan that is used by cybercrooks to reroute customers of South Korean Banks to phishing websites fooling them into revealing their personal and financial data. TSPY_QHOST.QFB makes modifications to the attacked PC’s HOSTS file to diverts victimized computer users to an IP address located in Japan. When on the phishing website, attacked computer users are asked several questions about PC security, after which they’re instructed to get a security certificate. Attacked PC users are asked to give their name, Korean resident registration number, phone number, account number, password, user ID, associated password, and the certificate password. These phishing websites abuse the trust that web users have in their banks to get financial and personal data from victimized web users. These websites are designed to think that computer users are entering their information in…
Itdefender.exe is a dangerous executable file and a component of a fake anti-spyware application called Internet Security Premium. Itdefender.exe specifies that the phony security program called Internet Security Premium is installed on the corrupted PCm. To eliminate Internet Security Premium from the affected computer system, attacked PC users should delete itdefender.exe from the victimized computer with a reputable anti-malware tool. Itdefender.exe decreases PC performance and leads to other privacy and security issues….
Ihdefender.exe is a dangerous executable file of a rogue anti-spyware program called Internet Security. Ihdefender.exe specifies that the bogus security tool called Internet Security Premium is installed on the compromised PC. For removal of Internet Security Premium from the affected computer system, target PC users should delete itdefender.exe from the targeted computer system with a legal anti-malware application. Ihdefender.exe is a security risk to the infected computer; therefore, it has to be removed as soon as possible….
TrojanDownloader:Win32/Beebone.IJ is a Trojan that stealthily drops and installs other damaging applications on a corrupted PC without a computer user’s permission. TrojanDownloader:Win32/Beebone.IJ can install other malware infections or malware components on the compromised PC. While being installed, TrojanDownloader:Win32/Beebone.IJ makes system modifications by adding harmful files. TrojanDownloader:Win32/Beebone.IJ contacts a remote host to receive configuration or other data, to receive instructions from a remote cybercriminal, to report a new infection to its author, to add and run arbitrary files (covering updates or other security threats) and to upload data taken from the affected computer system….
Worm:JS/Proslikefan.gen!D is a polymorphic worm, which can modify a targeted PC’s settings, block processes related to security tools and drop harmful files. Worm:JS/Proslikefan.gen!D grabs information about the compromised PC and may distribute other security threats. Worm:JS/Proslikefan.gen!D can also prevent security applications from functioning appropriately. Worm:JS/Proslikefan.gen!D propagates through file-sharing networks and removable drives. While being installed, Worm:JS/Proslikefan.gen!D makes system alterations on the affected computer system. Worm:JS/Proslikefan.gen!D can restrict PC users from running Task Manager and Registry Editor. Worm:JS/Proslikefan.gen!D can also prevent the victimized PC user from using the Windows Security Center service and modifying the start page ob Internet Explorer. Worm:JS/Proslikefan.gen!D modifies the Windows Registry on the attacked…
Worm:VBS/Dunihi.A is a VBScript worm, which grabs information about a compromised PC and transfers it to a remote cybercriminal. A cybercriminal can then tell Worm:VBS/Dunihi.A to accomplish a variety of malicious actions on the infected computer system, covering downloading and installing other security infections. Worm:VBS/Dunihi.A proliferates through removable storage devices, such as a floppy disks or USB flash drives. Worm:VBS/Dunihi.A checks the corrupted PC for removable drives. If a removable drive is found Worm:VBS/Dunihi.A creates a copy of itself into that drive. Worm:VBS/Dunihi.A creates several link (.lnk) files that run the VBScript worm. The .lnk file names are created using the file names already on the removable drive. While being installed, Worm:VBS/Dunihi.A makes system modifications on the attacked PC by modifying the Windows Registry and adding infected files….
Download Terms, otherwise known as DownloadTerms or Download Terms 1.0, is a potentially unwanted program, which is also categorized as an adware application. Mainly, Download Terms invades an attacked computer system without a victimized PC user’s consent and awareness. When Download Terms penetrates into the hacked PC, it makes system modifications and adds own entries on all hijacked web browsers. When the affected PC user starts using Internet Explorer, Google Chrome, Mozilla Firefox or other Internet browsers, Download Terms starts showing unwanted pop-up ads and underlined words. Download Terms will also lead to irritating diversions to Trustedoffer.com and other sponsored websites. Download Terms doesn’t need the computer user to download it manually. Download Terms can easily enter the compromised PC packed with other applications. Commonly, Download Terms comes packed with…
See Similar is an adware application, which shows a ‘See Similar’ button on product images on Amazon, Youtube, Walmart and other websites that are visited by web users. The ‘See Similar’ pop-up advertisements will be shown as boxes, which include various coupons that are available or as underlined keywords, which when clicked will divert the victimized computer user to a supported website. The ‘See Similar’ pop-up carries a browser add-on that is usually embedded when the PC user installs another free applications, such download-managers, video recording/streaming or PDF creators that had packaged into their installation See Similar. When the target Internet user installs these free programs, they will also install a See Similar adware on their PCs. Some of the software products that are known to come packaged with ‘See Similar’ adware incorporate Genius Box, WebCake, Superfish,…
