Disk Antivirus Professional is one of the many fake anti-virus programs that belong to the WinWebSec family of rogue security applications. These kinds of fake anti-virus programs are designed to display false positives on the victim’s computer and to cause a number of symptoms deliberately in order to trick a computer user into thinking that their computer has become infected with dangerous malware. The point of this scam is to convince computer users to download and install Disk Antivirus Professional and then to pay for a ‘full version’ of Disk Antivirus Professional. This fake security program can also compromise your computer by directing computer users to an online video which content is designed to direct computer users to websites that possesses a malicious content and may install malware on your computer without your…
The Polizia Di Stato Virus is the Italian variant of the so-called Ukash Virus, a family of ransomware Trojans that use highly localized ransom messages in order to scam inexperienced computer users all over the world. The basic Polizia Di Stato Virus scam does not differ from mainstream Ukash Virus variants. Basically, the Polizia Di Stato Virus takes over the victim’s computer. It blocks access to the infected computer’s components (including essential components such as the Start Menu, the Task Manager and the Windows Desktop) and then displays a full screen message demanding that the victim pay a ransom if they desire to regain control of the infected computer. The Polizia Di Stato Virus follows a common convention in these kinds of malware attacks by impersonating Italy’s Federal police in its message. However, it is…
The FBI Ultimate Game Card virus is one of the many variants of the infamous Ukash family of ransomware Trojans. The main way in which the FBI Ultimate Game Card virus and its family members such as Gema ‘Access to your computer was denied’ Virus, the Celas Trojan and the SIAE Virus (to mention only a few) attacks a computer is by blocking access to all components on the infected computer and displaying a large, fake message from the FBI demanding the payment of a hefty fine. Basically, the FBI Ultimate Game Card virus receives this name because the FBI Ultimate Game Card virus asks for payment using a common money payment service in the United States…
ESG malware researchers warn against the fake search engine Isearch.claro-search.com. This website, using an interface that blatantly rips of the main page of Google Search, is closely associated with dangerous browser hijackers. Isearch.claro-search.com is part of a scam that involves forcing computers users to visit this website against their will. These browser redirects are associated with a dangerous rootkit infection which will commonly enter the victim’s computer via an attack website or through an infected file download. If your computer is forcing you to visit Isearch.claro-search.com repeatedly, this is a clear indication that your computer has become infected with a malware threat that is both dangerous and difficult to remove.
Isearch.claro-search.com redirects are symptoms of a malware infection. Some symptoms of this infection include the…
MyStart is a browser hijacker that uses the MyStart by Incredibar toolbar and a browser hijacking component that forces its victims to visit the MyStart.Incredibar.com website. This website is a low-quality search engine that displays more advertisements than legitimate results. Even worse, several of MyStart’s search results may lead computer users to websites containing malicious content. Although MyStart actually provides a supposed tool to remove this component from the victim’s web browser, ESG security researchers recommend disregarding this component and instead removing MyStart with the help of a reputable anti-malware utility.
MyStart can refer to both the low-quality search engine and the actual browser toolbar associated with this threat. The MyStart website uses a design and template that…
TSPY_ZBOT.BBH is a Trojan with spyware functionalities that aims at stealing information, such as user names and passwords, used when logging into particular banking or finance-related websites. TSPY_ZBOT.BBH may be unknowingly downloaded by a computer user while visiting the infected websites. TSPY_ZBOT.BBH embeds itself into the processes ‘dwm.exe’, ‘rdpclip.exe’, ‘ctfmon.exe’, ‘wscntfy.exe’, ‘taskeng.exe’ and ‘taskhost.exe ‘ as part of its memory residency routine. TSPY_ZBOT.BBH adds the registry entries so that it can be executed automatically whenever the computer user starts the PC. TSPY_ZBOT.SMD also makes other system changes by adding the registry keys. TSPY_ZBOT.BBH also downloads the malevolent files. TSPY_ZBOT.BBH connects to the specific domains to download its configuration file. TSPY_ZBOT.BBH transfers the grabbed information via HTTP POST to the particular web address….
TSPY_ZBOT.SMD is a Trojan with spyware functionalities that aims at stealing sensitive online banking information, such as user names and passwords. TSPY_ZBOT.SMD sets an attacked computer user’s account information in danger and uses the stolen data without the victimized PC user’s authorization. TSPY_ZBOT.SMD aims at gtting information from a list of banks or financial institutions. TSPY_ZBOT.SMD checks for the existence of the processes ‘outpost.exe’ and ‘zlclient.exe’, which are linked to Outpost Personal Firewall and ZoneLabs Firewall Client. TSPY_ZBOT.SMD terminates if either of the processes exist to make sure that it loads uninterrupted. TSPY_ZBOT.SMD also includes rootkit functionalities, which enables it to hide its processes and files from the computer user. TSPY_ZBOT.BBH may be downloaded from the remote websites. TSPY_ZBOT.SMD adds the copies of itself into the compromised…
Trojan:JS/BlacoleRef.CZ is a JavaScript Trojan that is added into hacked websites. A hijacked website may permit a cybercriminal to successfully embed a client-side script, which then runs when an Internet user visits the hijacked website. Trojan:JS/BlacoleRef.CZ is generated to load a hidden IFrame that loads behind the attacked computer user’s web browser, rerouting it to an exploit server known as ‘Blackhole’. The payload of Trojan:JS/BlacoleRef.CZ may be different, based on what the reference host delivers at the time of compromise. The combination of obfuscated JavaScript within a hidden IFrame, which references a malevolent host, and the malevolent host itself, which is responsible for dynamically generated content, which aims at exploiting numerous vulnerabilities on the target computer user’s PC, are monitored and could be changed by a cybercriminal at any time. The reference…
Trojan:JS/BlacoleRef.DD is a JavaScript Trojan that spreads via hijacked websites. A hijacked website may permit a cybercriminal to successfully add a client-side script, which then is run when a web user visits the hacked website. Trojan:JS/BlacoleRef.DD is produced to load an obfuscated IFrame that loads behind the victimized computer user’s Internet browser, diverting it to an exploit server known as ‘Blackhole’. The payload of Trojan:JS/BlacoleRef.DD may be different, based on what the reference host delivers at the time of compromise. The combination of obfuscated JavaScript within a hidden IFrame referencing a malevolent host, and the malevolent host itself, which is responsible for dynamically generated content, which aims at exploiting numerous vulnerabilities on the victim’s PC, are controlled and could be changed by a cybercriminal at any time. The reference host is…
Worm:VBS/Jenxcus.A is a worm that proliferates through removal drives. Worm:VBS/Jenxcus.A permits remote cybercriminals to obtain backdoor access and control of the corrupted PC. While being installed, Worm:VBS/Jenxcus.A makes system modifications by adding malevolent files. To make sure that Worm:VBS/Jenxcus.A is launched whenever the target computer user starts Windows, Worm:VBS/Jenxcus.A creates the registry entries. If Worm:VBS/Jenxcus.A finds a removable drive in the compromised PC, it replicates itself into every folder in that drive. Worm:VBS/Jenxcus.A also creates a shortcut link file, which takes to its copy in the removable drive. Worm:VBS/Jenxcus.A grabs the information, which involves the computer name, user name of the person currently logged on, operating system version and other about the affected PC. Worm:VBS/Jenxcus.A connects to specific servers to get commands from…
Malware on Apple Mac computers has never really surmounted to anything as massive as the epidemic Windows-based PCs face on almost a daily basis. Although, that does not mean Mac systems are not vulnerable to malware as the latest string gets discovered at an annual Oslo Freedom Conference and now reportedly being examined [...]
‘Your Computer Blocked, Data Encrypted’ Virus is ransomware that blocks a targeted PC and shows a misleading pop-up image/alert ‘WARNING! Your computer has been blocked and all your data were encrypted’ on the desktop of an infected computer. ‘Your Computer Blocked, Data Encrypted’ Virus is delivered by a ‘Police’ Trojan, which locks the vulnerable computer and asks the victim to pay a fine to restore access to the PC. ‘Your Computer Blocked, Data Encrypted’ Virus uses the frightening pop-up notification allegedly coming from the FBI Cybercrime Division and International Cyber Security Protection Alliance (ICSPA) in an effort to fool attacked computer users into thinking they have committed cybercrime. The fake pop-up warning message used by ‘Your Computer Blocked, Data Encrypted’ Virus claims that the PC has been locked because the computer user has been downloading and distributing…
Trojan.Lapka is a Trojan that opens a back door on the affected PC. Once executed, Trojan.Lapka replicates itself as the malevolent file. Trojan.Lapka creates the malevolent files. Trojan.Lapka then creates the registry entries to register itself as a system service. Trojan.Lapka then creates the registry entries to register itself as a legacy driver service. Trojan.Lapka also modifies the registry entries….
Trojan.Syndicasec is a Trojan that steals information and drops files on to the compromised PC. Once run, Trojan.Syndicasec creates the malevolent files. Trojan.Syndicasec then grabs the information involving host name, operating system version and MAC address from the targeted PC. Trojan.Syndicasec transmits the above information to the particular locations. Trojan.Syndicasec drops a JavaScript from one of the locations and runs it….
Driver Performer is a fake computer optimization tool, which poses as a trustworthy security program. Driver Performer declares to be able to enhance the PC’s performance; however, in reality, it does not find and uninstall any type of system errors and hard drive issues. Driver Performer also states to be capable of removing unnecessary entries on the hardware. Driver Performer is distributed and installed on the vulnerable computer system without the affected PC user’s consent and knowledge through the use of Trojans. Driver Performer may also be delivered via suspicious websites and spam email attachments. Once installed on the infected computer, Driver Performer launches bogus system scans and reports false hard drive errors and system issues. Driver Performer also shows tricky error messages stating that the PC’s hard drive is corrupted. Driver Performer’s main goal is to scare…
WebCake is an adware application that is supposed to enhance your browsing experience but, in actuality, it results in numerous issues on an attacked PC. Although WebCake declares to be a great tool that can give computer users the best offers and discount coupons, as well as an option to compare prices of particular products and services, it causes more inconveniences than benefits. WebCake enters the corrupted PC without the target computer user’s permission and, therefore, it is also categorized as a potentially unwanted program. WebCake is usually installed onto the targeted PC together with free software downloads from the web. WebCake can be embedded into Internet Explorer, Mozilla Firefox or Google Chrome. WebCake is not a malware threat, and it doesn’t harm the affected PC directly. However, WebCake creates various situations that raise the chances of getting contaminated with…
Searchrocket Hijacker is a browser hijacker and annoying program that attacks Internet Explorer, Google Chrome or Mozilla Firefox web browsers and results in numerous inconveniences for affected Internet users. Searchrocket Hijacker propagates to random PCs packed with numerous free programs from the web, such as video players and similar applications. Although computer users have an option to refuse installing Searchrocket, they usually skip it because of a rush. While being installed on the compromised PC, Searchrocket Hijacker makes changes to browser settings. Searchrocket Hijacker replaces the default homepage and search engine with Websearch.searchrocket.info. Searchrocket Hijacker is also closely associated with Smart Address Bar browser add-on and even uses Smart Address Bar search. Searchrocket Hijacker hijacks the target Internet browser and reroutes victimized web users to…
Trojan:WinNT/Sirefef.N is a Trojan with rootkit functionalities that prevents target computer users from normal web browsing by replacing search results with suspicious links and using click fraud to benefit from web users. Trojan:WinNT/Sirefef.N downloads updates and additional components and covers existing components on the targeted PC. Trojan:WinNT/Sirefef.N uses advanced surreptitious techniques in an effort to avoid detection and elimination from the attacked PC. Trojan:WinNT/Sirefef.N uses specific ports for its peer-to-peer communications….
Trojan:WinNT/Sirefef.J is a Trojan with rootkit capabilities that blocks attacked PC users from normal web browsing by modifying search results in any genuine search engine and using the pay-per-click technique to make money. Trojan:WinNT/Sirefef.J downloads updates and additional components and conceals existing components on the corrupted PC. Trojan:WinNT/Sirefef.J uses advanced stealthy techniques in an effort to bypass the detection and extermination from the affected computer. Trojan:WinNT/Sirefef.J uses particular ports for its peer-to-peer communications….
Exploit:JS/Coolex.D is a script, which is involved in an exploit pack known as the ‘Cool Exploit Kit’. Exploit:JS/Coolex.D can install other malware infections on the corrupted PC through exploiting software vulnerabilities in Java version 7, update 17 and earlier. As the Cool Exploit Kit and the Blacole Exploit Kit share malevolent website patterns and exploits, in some cases a computer user might see Exploit:JS/Blacole found on the PC alongside Exploit:JS/Coolex.D. Exploit:JS/Coolex.D is loaded if the PC user visits an infected or hacked website. The hacked Internet browser may be rerouted to another website, which carries the exploit code identified as Exploit:JS/Coolex.D, which strives to install malware infections on the targeted PC depending on what applications the PC user has installed. If the attacked computer user has Java, Adobe Flash, or Adobe Reader in the PC,…
