The CryptoWall Ransomware is a ransomware Trojan that carries the same strategy as a number of other encryption ransomware infections such as Cryptorbit Ransomware or CryptoLocker Ransomware . The CryptoWall Ransomware is designed to infect all versions of Windows, including Windows XP, Windows Vista, Windows 7 and Windows 8. As soon as the CryptoWall Ransomware infects a computer, the CryptoWall Ransomware uses the RSA2048 encryption to encrypt crucial files. Effectively, the CryptoWall Ransomware prevents computer users from accessing their data, which will be encrypted and out of reach. The CryptoWall Ransomware claims that it is necessary to pay $500 USD to recover the encrypted...
Posted on May 12, 2014 in Ransomware
The Kovter Ransomware is a malware threat that carries out a common Police Ransomware scam in order to steal money from unsuspecting computer users. The Kovter Ransomware is a relatively new Police Ransomware Trojan, first detected in 2013 in the wild. Like most Police Trojans, the Kovter Ransomware displays a fake message from the police intending to trick the victim into paying a 'penalty' in order to stay away from jail time. Like other Police Rasomware, the Kovter Ransomware has a Winlocker component that allows the Kovter Ransomware to block access to the infected computer. However, the main reason why the Kovter Ransomware has attracted the scrutiny of malware researchers is...
Posted on April 10, 2013 in Ransomware
The CIBS Pol Virus is a police ransomware Trojan that belongs to the Urusay family of malware. This police ransomware Trojan is classified as a Winlocker because it blocks access to the victim's computer by displaying a full-screen message that claims to be an alert from the police. CIBS Pol Virus is a well known scam that is in no way connected to the police force. Instead, the CIBS Pol Virus is used by criminals to scam inexperienced computer users so that they will hand over their money out of fear of prosecution, jail time and severe fines. If your access to your computer is blocked by the CIBS Pol Virus, ESG security researchers strongly advise against following the steps...
Posted on February 21, 2013 in Ransomware
MyStart is a browser hijacker that uses the MyStart by Incredibar toolbar and a browser hijacking component that forces its victims to visit the MyStart.Incredibar.com website. This website is a low-quality search engine that displays more advertisements than legitimate results. Even worse, several of MyStart's search results may lead computer users to websites containing malicious content. Although MyStart actually provides a supposed tool to remove this component from the victim's web browser, ESG security researchers recommend disregarding this component and instead removing MyStart with the help of a reputable anti-malware utility.
MyStart can refer to both the low-quality...
Posted on July 31, 2012 in Adware
ESG security researchers have received reports of a ransomware infection, known as the FBI Moneypak ransomware, that targets computer users in the United States. The FBI Moneypak ransomware infection will claim that the victim's computer was involved in viewing child pornography and then demands payment of a 100 dollar 'fine' to be sent via MoneyPack. Of course, that a criminal charge as serious as child pornography would be punished with a mere 100 dollar fine is laughable. There is a reason for this, the FBI Moneypak ransomware is not really from the FBI. Rather, this message is actually part of a common malware scam.
The FBI Moneypak ransomware scam will use a Winlocker, that is,...
Posted on June 25, 2012 in Ransomware
The so-called Ukash Virus is a ransomware Trojan that receives its name because Ukash Virus requires that its victims use Ukash (a legitimate money transfer service) to transfer the ransom funds. This dangerous Trojan infection is composed of a Winlocker component that basically blocks access to the infected computer system, disabling access to the infected computer system's desktop, Task Manager, command line, Registry Editor and other services and applications. There are countless variants of the Ukash Virus, designed to target various different countries in Europe and North America. ESG malware analysts strongly advise against paying the ransom that this malware infection tries to...
Posted on June 15, 2012 in Malware
Live Security Platinum is one of the many fake security programs in the WinWebSec family of malware. Although ESG security researchers have been following the family of malware for several years, Live Security Platinum is a relatively new variant first detected in 2012. Because of this, it is pivotal to ensure that your security software is fully updated. Like most fake security programs, Live Security Platinum is designed to induce PC users to purchase a worthless 'full version' of Live Security Platinum. To do this, Live Security Platinum will try to scare the computer user with a variety of fake error messages, pop-up alerts from the Taskbar and a convincing fake scan of the...
Posted on June 1, 2012 in Rogue Anti-Spyware Program
DNS Changer is a Trojan that is designed to force a computer system to use rogue DNS servers. Also, DNS Changer is being referred to as the Internet Doomsday Virus, Ghost Click Malware, DNS Changer Rootkit, DNS Changer Malware, DNS Changer Trojan, DNS Changer Virus, FBI DNS Changer or DNSChanger. A DNS Changer infection will typically have two steps, in order to reroute the infected computer’s traffic to these malicious DNS servers:
A DNS Changer malware infection will change the infected computer system’s settings, in order to replace the DNS servers to rogue DNS servers belonging to hackers or online criminals.
The DNS Changer malware infection will then try to...
Posted on November 25, 2011 in Trojans
Uroboros is a rootkit that may be in action since 2011. Uroboros is very similar to a worm-based component of the Snake campaign that pestered various countries around the world in 2008. Uroboros buries itself in the most remote part of the Windows operating system in order to assemble files and send them to remote servers. Whereas a computer is connected to the Internet and to other computers through a network, Uroboros may reproduce itself and send the collected files to an Internet-connected system for transferral. The good news is that Uroboros may not be intended to attack individual computers with normal security resources. Uroboros is a very sophisticated rootkit program that seems to be designed to attack closely guarded institutions.
Posted on October 31, 2014 in Rootkits
Malware researchers have exposed a zero-day exploit based on a vulnerability that may be present on all versions of the Windows operating system, the CVE-2014-4114 vulnerability. Although the mentioned vulnerability has been patched, a threat named Sandworm has been able to infect numerous computers belonging to Energy and Telecommunications companies, NATO, European Union, etc. The most common delivery method used by Sandworm perpetrators is by including the threat in corrupted links on phishing attacks that, if clicked, will install Sandworm on the aimed computer. After Sandworm installation, the hackers will take control of the affected machine and may install other threats and collect any kind of information they are looking for. To avoid been infected by Sandworm, computer users should update their programs, especially the security-related ones, install any Microsoft released...
Posted on October 31, 2014 in Malware
Crowti, also detected as Win32/Crowti, TSPY_ZBOT.SMCC, Cryptowall, Cryptodefense and various other names is a ransomware or lock-screen Trojan. After infecting the targeted computer, Crowti may encrypt your files and lead you to a Web page containing directions on how to access these files. Then, Crowti will ask you to pay a ransom using Bitcoins. Computer users shouldn't pay the asked ransom since no one can assure that this payment will give back the control of your files. Crowti may enter your machine when you click on a link included on a spam e-mail or be installed by other threats such as TrojanDownloader:Win32/Upatre or TrojanDownloader:Win32/Onkods. If your computer was infected by Crowti and you have paid the asked ransom, you always can communicate with your credit card source and dispute the charge. However, the most urgent measure that should be taken is to remove Crowti...
Posted on October 31, 2014 in Ransomware
Malware researchers have uncovered a very smart cyber-hacking technique that consists in the use of e-mail drafts as the Command and Control communication channel between hackers and the targeted computer. The hackers initiate the attack creating an unidentified Gmail account through which they may infect the aimed computer with a Trojan named Icoscript. After Icoscript installation, they will have the machine's control. From there on, the hackers will be able to perform innumerable actions, all against the computer user. Their commands will be concealed in modest Gmail drafts that may remain undetected until the computer users, noticing the unusual behavior presented by their machines, execute a deep scan on their computers and detect the presence of the Icoscript Trojan infection. It is crucial to exterminate Icoscript upon its detection. Removal of such Trojan infections demands a...
Posted on October 31, 2014 in Remote Administration Tools
Although Global Updater may be used to update some of your programs, malware researchers have classified Global Updater as a Possibly Unwanted Program. What makes Global Update deserve this classification is some unnecessary problems that Global Updater may cause to your computer. Global Updater is linked to an adware program that, after installed, may deluge a computer's screen with intrusive pop-up advertisements and banners and cause unwanted browser diversions to questionable websites. If while visiting a purposeful website computer users start noticing numerous pop-up advertisements that are been displayed by Global Updater, it is highly probable that is not the website they are visiting that is delivering these advertisements. However, this may be a clear sign that their computers are housing Global Updater-related adware, which may have entered their machines bundled with free...
Posted on October 31, 2014 in Potentially Unwanted Programs
While installing free programs from unknown sources in their default mode, computer users may allow the installation of adware-related or Possibly Unwanted Programs. Email Tracker is one of these unwelcomed programs. Email Tracker is related to an adware program that, if installed, may cause various problems to the affected computer. When downloaded and installed, Email Tracker may execute various processes that may slow down the machine's performance. Email Tracker may shade the Web page you are visiting with numerous random pop-up advertisements. Email Tracker ads may compromise your Web browser and lead it to irritating browser directions to unsafe websites in order to increase the website's traffic and advertisement clicks. To have back your safe browsing, it is advised to remove Email Tracker from your computer.
Posted on October 31, 2014 in Adware
Celebrity Alert is a Possibly Unwanted Program that may be very appealing to computer users that like to follow celebrities lives. However, Celebrity Alert is related to un adware program that may be installed on Internet Explorer, Google Chrome, and Mozilla Firefox Web browsers using devious tactics. Celebrity Alert adware may spread and enter your computer through packaged free software. When installed an running on the affected computer, Celebrity Alert adware may display countless pop-up advertisements, messages and banners that sometimes may be related to the computer user's browsing routine. This could happen because Celebrity Alert may collect the computer user's Internet surfing habits. It is not recommended to retain Celebrity Alert-related adware on your computer.
Posted on October 31, 2014 in Adware
Health Alert Ads is a Possibly Unwanted Program that at first glance, may seem to be a helpful application. Health Alert Ads is advertised as an application that will display any health-related notices, including new diseases. Health Alert Ads is linked to an adware program that may track the computer users' browsing habits and send their browsing preferences to its sponsors. The information may be used for more precise advertisements. Health Alert Ads-related adware may make undesired alterations on your computer that may lead to browser redirections to disreputable websites. After being installed, Health Alert Ads adware may show numerous pop-up advertisements on your computer that may encompass compromised links. Health Alert Ads adware may add an unwanted browser extension, add-on or plug-in on any Web browsers that the computer users have installed on their machines.
Posted on October 31, 2014 in Adware
2rsxqtuf3t.com is a website that may be connected with adware, browser hijackers and even threats. 2rsxqtuf3t.com may be used voluntary when installed by the computer user or involuntary when 2rsxqtuf3t.com enters the targeted computer included on the installation process of free programs. 2rsxqtuf3t.com may pose as a real search engine but, in reality2rsxqtuf3t.com is an advertisements platform. 2rsxqtuf3t.com may divert your Web browser to doubtful websites. 2rsxqtuf3t.com may take over Mozilla Firefox, Google Chrome and Microsoft Internet Explorer at the same time. By using Browser Helper Objects, 2rsxqtuf3t.com-related adware may change Web browser settings that include the homepage, online searches, etc. 2rsxqtuf3t.com may collect, track and trace preferences and browser information. 2rsxqtuf3t.com may give this information to third parties that may use it to generate and display...
Posted on October 30, 2014 in Browser Hijackers
GS Sustainer is an adware program that promises to optimize movies and videos you want to watch. Although this feature may make your entertaining experience more pleasant, GS Sustainer also may have other not-so-pleasant features that may not be worth is presence on your computer. GS Sustainer may exhibit coupons, pop-up advertisements and related material on the Web pages that you try to visit. These advertisements may prevent you from viewing the original Web page's content, overflowing the search result displayed there. GS Sustainer also may spend your system resources which will cause your machine to become slow and even crash. You should use good sense when resolving if you want to keep GS Sustainer installed on your computer. In case you want to uninstall it, you should use a malware removal tool.
Posted on October 30, 2014 in Adware
SaveruPro is a Possibly Unwanted Program that may be installed on a computer bundled with other freeware and shareware applications. Usually, SaveruPro may enter the affected computer very quietly, but the computer user can prevent its installation by monitoring each step of the installation process of the chosen free application. Once SaveruPro invades the targeted machine, SaveruPromay install itself on any Web browser, that include Internet Explorer, Google Chrome and Mozilla Firefox. SaveruPro may also change the default start page, search engine and a new tab on the affected computer. At first sight, it may seem that SaveruPro is a useful tool; however, SaveruPro may keep track of the user's browsing habits on several websites. SaveruPro may also redirect the computer user to suspicious or malicious websites that distribute threats.
Posted on October 30, 2014 in Adware
Boxings.org is domain associated with an adware application that displays non-stop warning messages claiming that your computer is in danger, due to threat infections. The message says: 'WARNING! System may not have malware protection!!!' Then, they provide a phone number that the computer user should call to get the threats removed. By calling the number, computer users will talk to an allegedly expert that will try to convince them to purchase their 'malware cleaner software.' This supposed malware cleaner software is not cheap and, if purchased, will not do any good to your computer. Instead, it may allow the persons behind Boxings.org to have access and control of your computer and perform any kinds of harmful actions they want. Boxings.org may have been downloaded unknowingly by the computer user when paying a visit to infected websites, opening infected e-mail attachments or...
Posted on October 30, 2014 in Browser Hijackers
Is your screen being flooded with advertisements displayed by Couponex and you want to know where it comes from? Couponex is a Possibly Unwanted program that may be installed by the computer user unknowingly while downloading free programs from the Internet. Couponex also may be installed by computer users that are looking for promo-codes, coupons and good deals when online shopping. No matter what way Couponex entered your machine, Couponex is linked to an adware program that may, very soon, become a problem due to the numerous and disrupting advertisements it displays on the affected computer. If you are considering to remove Couponex to stop its unwelcomed advertisements, it may demand the help of a malware remover.
Posted on October 30, 2014 in Adware
ShoppingDealFactory is an ad-supported Web browser plug-in for Internet Explorer, Mozilla Firefox and Google Chrome. When installed, ShoppingDealFactory may display pop-up, pop-under, banner, search, interstitial and in-text link advertisements. ShoppingDealFactory may be spread through the installation of freeware or included on spam e-mail attachments and corrupted websites. ShoppingDealFactory-related adware may contain certain features that may change your Web browser's default or custom settings including your search provider and home page. ShoppingDealFactory may supervise your activities, record your search terms and preferences and send the data to its sponsors' servers. If ShoppingDealFactory is bothering you with its intrusive advertisements, it is recommended to remove ShoppingDealFactory with a malware removal device.
Posted on October 30, 2014 in Potentially Unwanted Programs
Sednit, also detected as Sofacy, is a threat that has been used by hookers as part of Pawn Storm attacks (a well-used cyber-infiltration method that targets government, media and military-related organization). Sednit was developed to trespass its targets security and protection in order to register any useful information. Sednit may invade a computer when the computer user clicks on a spam e-mail attachment that will trigger the installation of Sednit. Another invasion method used by Sednit is a phishing attack that involves Outlook Web Access users. Usually, ordinary computer users will not be attacked by Sednit since they do not belong to the targeted group selected by Pawn Storm attacks and, consequently, Sednit. However, we never know what the future has in storage for computer users.
Posted on October 29, 2014 in Malware