BKDR_PLUGX.AQT is a backdoor Trojan that attacks genuine programs that include Microsoft, Lenovo, and McAfee. BKDR_PLUGX.AQT uses genuine programs to load its damaging .DLL components on the infected computer. BKDR_PLUGX.AQT uses any executable file and recognized programs. BKDR_PLUGX.AQT also uses a particular vulnerability detected in an executable when .DLLs are loaded, particularly on how executable files load the first .DLL file in a specific folder. BKDR_PLUGX.AQT uses numerous legal files to load its harmful components on the compromised PC. BKDR_PLUGX.AQT uses ‘Mc.exe’, which is an authentic McAfee file. BKDR_PLUGX.AQT loads ‘McUtil.dll’, which then loads ‘McUtil.dll.url’. Both files are found as BKDR_PLUGX.AQT. BKDR_PLUGX.AQT connects to the bogus anti-malware website ‘vip.{BLOCKED}ate.com’. BKDR_PLUGX.AQT pairs a specific .DLL file with an executable file. BKDR_PLUGX.AQT loads…

Onlinefwd.com is a low quality search engine that claims to deliver the same services as legitimate, trustworthy search engines like Google, Bing and Yahoo. However, Onlinefwd.com has been blacklisted by many security programs because of its association with browser hijackers and known online scams. Although Onlinefwd.com itself does not contain malicious content, malware is used to redirect computer users to Onlinefwd.com and search results on this low quality search engine can lead computer users to websites that do contain malicious content. The fact that Onlinefwd.com uses a low quality layout with clicked stock photo pictures, cluttered design and obvious grammar and spelling mistakes should hint computer users about the low quality of Onlinefwd.com. If your Web browser is visiting Onlinefwd.com repeatedly on its own, then it is likely that your computer has become infected with…

PUP.Adware.Magnipic is a potentially unwanted program (PUP)/adware that shows disturbing pop-up advertisements on the infected computer. PUP.Adware.Magnipic may install an unwanted toolbar on the hijacked web browser. PUP.Adware.Magnipic is related to a program that some computer users may find beneficial. PUP.Adware.Magnipic changes Internet related settings on the targeted Internet browser. Attacked PC users should remove PUP.Adware.Magnipic from the victimized computer with a decent security tool….

Chameleon, otherwise known as Chameleon botnet, is a botnet that grabs money through pay-per-click (PPC) advertising. Chameleon can supposedly make more than $6 million a month through fraudulent clicks on web ads. Almost all of the websites affected by Chameleon are located in the US. All the bot web browsers notify themselves as being Internet Explorer 9.0 running on Windows 7. The malicious traffic is difficult to detect because Chameleon uses numerous different ad-exchange cookies. That’s why this malware infection is called Chameleon. Chameleon infects display ad advertisers and not just text link advertisers. Individual bots within the Chameleon botnet run on host PCs with Microsoft Windows as the OS. Bots access the Internet through a flash-enabled Trident-based web browser that executes JavaScript. Chameleon crashes and constantly restarts targeted computers….

Trojan.APT.LetsGo is a Trojan that is involved in a malware attack, which affects companies. The malware campaign that is used by cybercrooks to infects vulnerable PCs with Trojan.APT.LetsGo uses the name of the company it aims at in the CnC web address name. Trojan.APT.LetsGo constantly uses either names of companies or a project that a specific company is working on in its CnC web address name in order not to look suspicious. Trojan.APT.LetsGo proliferates via infectious emails that involve harmful web addresses. The .zip file carries ‘Updated_office_contact_v1.exe’, which, while being run, creates ‘ctfmon.exe’ and ‘Lanl_Office_Contact_oct.pdf’ in the ‘%UserProfile%\Local Settings\Temp’ directory. It then opens a decoy PDF document for example, ‘Lanl_Office_Contact_oct.pdf’ from the Temp directory and then executes ‘ tfmon.exe’. ‘Lanl_office_contact_oct.pdf’ belongs to ‘Los Alamos…

Win32/Redyms is a family of browser hijacking Trojans that are associated with extremely dangerous malware, including versions of the TDL4 Rootkit and the Black Hole Exploit Kit. Malware in the Win32/Redyms family were first detected in January of 2013, although ESG security researchers note that it is highly likely that Win32/Redyms is derived from previous browser hijackers that have been active for years. Win32/Redyms poses a severe threat to a targeted computer and that any Trojan in this family should be deleted quickly with the help of a reliable anti-malware program. Fortunately, Win32/Redyms’ avenues or attack are well known, and most security programs are well equipped to handle this threat. However, due to the fact that…

ESG security researchers have noted that new variants of police ransomware Trojans are starting to use the Hadopi law and its logo to scare inexperienced computer users into paying elevated ransoms. Hadopi Ransomware tends to include several different Police Ransomware Trojans targeting computers in France. Hadopi Ransomware Trojans impersonate the French police and send threatening messages to computer users in order to carry out a well known online scam. Hadopi is a legitimate initiative that is used to protect the rights of copyright holders and fight against software and media piracy in France. However, Hadopi Ransomware is in no way associated with this law or with French law enforcement. Rather, Hadopi Ransomware Trojans are variants of a well known scam that has been active for several years and…

Trojan.Flotclod is a Trojan that controls network traffic and diverts transactions for specific online banking websites. When run, Trojan.Flotclod creates harmful files. Trojan.Flotclod connects to the remote URL in order to announce about the successful hijack and infection of the vulnerable PC. Trojan.Flotclod allows attackers to gain unauthorized remote access and control of the infected computer system….

Is your access to your operating system blocked by a full-screen threatening message? Does that message accuse you of taking part in criminal activities and insist that you have 72 hours to pay a fine if you want to avoid prosecution and more severe fines of thousands of Euros? If you are experiencing those problems, it is likely that your computer has become infected with the ‘You have 72 hours to pay the fine’ Ransomware Trojan. There are various variants of the ‘You have 72 hours to pay the fine’ Ransomware Trojan, many of which may claim that you have 24 or 48 hours to pay the supposed fine instead. The main aspect of the ‘You have 72 hours to pay the fine’ Ransomware that all computer users should understand is that this is part of a scam and that the threatening message associated with this malware threat is not part of a real law enforcement operation.

The ‘You have 72 hours…