‘Happydayz@india.com’ Ransomware

The ‘Happydayz@india.com’ Ransomware is a variant in the Globe v3 family of encryption ransomware Trojans. The ‘Happydayz@india.com’ Ransomware carries out a typical encryption ransomware attack by encrypting the victim’s files and then demanding that the victim pays a large ransom to recover the affected files. The files encrypted by the ‘Happydayz@india.com’ Ransomware attack can be identified easily because the ‘Happydayz@india.com’ Ransomware will mark them by adding the extension ‘.happydayzz’ to the end of each file’s name. The ‘Happydayz@india.com’ Ransomware will drop its ransom note in the form of an HTA file named ‘How To Recover Encrypted Files.hta,’ which displays a program window with the ‘Happydayz@india.com’...

Posted on February 21, 2017 in Ransomware

VHDLocker Ransomware

The VHDLocker Ransomware is a ransomware Trojan that is designed to infiltrate the victim’s computer and encrypt the victim’s files. The VHDLocker Ransomware does this to demand the payment of a ransom from the victim. After encrypting the victim’s files, the VHDLocker Ransomware demands payment of 0.5 BitCoin to restore the affected files. Although ransomware Trojans like the VHDLocker Ransomware can be removed with the help of a reliable security program, the files encrypted by the VHDLocker Ransomware will remain encrypted until the victim gains access to the decryption key or a suitable decryption program. Unfortunately, recovering the files encrypted by threats like the VHDLocker Ransomware may be impossible, and computer users will have to rely on file backups and disk images to recover their content....

Posted on February 21, 2017 in Ransomware

XYZware Ransomware

The XYZware Ransomware is a ransomware Trojan that is part of a large family of encryption ransomware Trojans known as Hidden Tear. These ransomware Trojans are based on an open source ransomware engine by the same name that has spawned countless encryption ransomware variants due to its widespread availability. The XYZware Ransomware carries out a typical encryption ransomware attack that involves encrypting its victims’ files using a strong encryption algorithm and then demanding the payment of a ransom in exchange for the decryption key or program. It is necessary to take precautionary measures against the XYZware Ransomware and similar ransomware Trojans to limit the damage they can do to your files. There are many variants of the XYZware Ransomware, all belonging to the Hidden Tear family of encryption ransomware...

Posted on February 21, 2017 in Ransomware

Search.chipopo.info

The Search.chipopo.info is a search portal that is not a safe place to start your online session and be used for searches. The Search.chipopo.info site is related to untrusted redirect-gateways like Feed.snowbitt.com. PC users reported that their browser is hijacked and loads Search.chipopo.info as the start page and new tab page by default. Cyber security investigators that received reports for problems with Search.chipopo.info looked into the matter and revealed that Search.chipopo.info features a custom-built Google search engine. The custom version of Google on Search.chipopo.info may load content from phishing pages and reroute users through sites that host tools like the Neutrino Exploit Kit and the CrimeBoss Exploit Kit . If you experience redirects via Search.chipopo.info, it is possible to be infected with the Chipopo...

Posted on February 21, 2017 in Browser Hijackers

Searchbuw.ru

The Searchbuw.ru portal that is registered to the 46.4.235.72 IP address is recognized as untrusted, and Web surfers are not recommended to browse content and pages related to Searchbuw.ru. The portal is associated with a browser hijacking software that may be distributed to users via free software bundles. The program related to Searchbuw.ru may use batch files to alter the configuration of Internet clients like Internet Explorer, Mozilla Firefox, Opera and Google Chrome. The Searchbuw.ru browser hijacker may alter the parameters of the shortcuts for your Internet client and make it load one of the following files instead of the legitimate executable: chrome.bat.exe firefox.bat.exe iexplore.bat.exe opera.bat.exe Researchers have uncovered that the Searchbuw.ru browser hijacker may host its files in the Roaming folder...

Posted on February 20, 2017 in Browser Hijackers

AdSentinel

Computer security researchers alert of the AdSentinel (a.k.a. RealTimeLeads) adware that may use a Privoxy proxy server to introduce advertisements to unaffiliated pages and generate pay-per-click revenue for its creators. The AdSentinel adware may land on machines that run the latest version of Windows and run as AdSentinel.exe, which is visible in the Task Manager. AdSentinel (a.k.a. RealTimeLeads) adware is a program that reroutes all of the user’s Internet traffic via a customized Privoxy proxy server. Additionally, AdSentinel adds a JavaScript code to the header and footer of pages you load to display promotional materials. The AdSentinel adware may add keys to the following classes in the registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\...

Posted on February 20, 2017 in Adware

GetCouponsFast Toolbar

The GetCouponsFast Toolbar, also seen as GetCouponsFast New Tab, is a program that is marketed as a helpful tool that can help you find coupons for food fast. The GetCouponsFast program can be found at Getcouponsfast.com and requires integration with browsers like Internet Explorer, Google Chrome and Mozilla Firefox. Computer users that are interested in using the GetCouponsFast Toolbar should make sure to read the terms of use at Eula.mindspark.com/tos/ because you might want to be aware of what to expect from products of Mindspark Interactive Network, Inc. PC security researchers reveal that the GetCouponsFast Toolbar is released as a re-branded and modified version of the CouponXplorer Toolbar and has much in common with the ListingsPortal Toolbar and the FindMeFreebies Toolbar . GetCouponsFast may arrive on the computer in...

Posted on February 20, 2017 in Possibly Unwanted Program

‘024-7718-0138’ Pop-Ups

Web surfers that experience the ‘024-7718-0138’ pop-up windows in browsers like Google Chrome, Internet Explore, Edge, Opera, and Mozilla Firefox should ignore them. The ‘024-7718-0138’ pop-up windows may be presented on a background that is a screenshot of Support.Microsoft.com and suggests that your PC is blocked due to ‘suspicious activity on the device.’ Web surfers may be redirected to pages that host the ‘024-7718-0138’ messages created by browser hijackers to display bad advertisements. We have seen the ‘024-7718-0138’ messages on ha08ds17456[.]club. The site is registered to the IP address: 104.28.29.184 and further investigation revealed that it has clones loaded on the same IP, which includes: 45can[.]com 6094567[.]top habercioyunlarin[.]xyz The IP...

Posted on February 20, 2017 in Adware

Kasiski Ransomware

The Kasiski Ransomware is an encryption ransomware Trojan that was first observed on February 17, 2017. The Kasiski Ransomware has many of the characteristics of most ransomware Trojans but has a specific aspect that is not as common. The Kasiski Ransomware has been designed to target computers running 64-bit operating systems specifically and, oddly, the Kasiski Ransomware cannot encrypt files on 32-bit versions of the Windows operating system. The Kasiski Ransomware is targeted towards Spanish speakers, both in Latin America and Spain. The Kasiski Ransomware may be distributed by including it as a file attachment in corrupted spam email messages that pretend to come from trusted sources such as social media companies, PayPal or banks. The Kasiski Ransomware will first be delivered to the victim in the form of a compromised file...

Posted on February 20, 2017 in Ransomware

Winkeyexpired.xyz

The Winkeyexpired.xyz site should not be trusted and may be used for promoting fake technical support services. The layout of Winkeyexpired.xyz consists of a screenshot of the legitimate security alert displayed by the Google Safebrowsing when a user is about to enter a compromised site. The designers behind the Winkeyexpired.xyz site took a screenshot of the legitimate warning and used that as a background to provide credit to the message shown on Winkeyexpired.xyz. Computer users should pay attention to the URL and will notice the suspicious name and the lack of HTTPS encoding. Additionally, browsers that incorporate services like the Google Safebrowsing and the Mozilla Phishing Protection will not use a dialog box to show you a warning but will give you the option to proceed, leave the site and report a false positive. The fake...

Posted on February 20, 2017 in Browser Hijackers

‘800-953-457’ Pop-Ups

The ‘800-953-457’ pop-ups that may feature the title ‘storage.googleapis.com’ should not be trusted. The storage.googleapis.com site refers to the Google Apps Development platform, which we have seen to be exploited by fake technical support companies. The ‘800-953-457’ pop-ups are generated by specially crafted pages hosted on the legitimate storage.googleapis.com service. Con artists are known to exploit legitimate services and use valid digital certificates of third parties and logos of trusted companies to claim credibility. Cyber security experts note that the messages delivered via corrupted pages on storage.googleapis.com may offer misleading information, lead users to phishing domains and recommend users call phone lines like 800-953-457 that are operated by fake computer support agents. We...

Posted on February 17, 2017 in Adware

‘800-098-8052’ Pop-Ups

When we are talking about the ‘800-098-8052’ pop-ups, we speak of phishing messages that are styled like legitimate security alerts. The ‘800-098-8052’ warnings may originate from the urgent-issue-no58734-system.info site and clones such as urgent-issue-no57040-system.info, urgent-issue-no57167-system.info, as well as many others that feature a slightly different number at the end. These sites are registered to the 94.156.35.184 IP address that is added to the blacklist of several Web filtering services including Google Safebrowsing, Mozilla Phishing Protection and Websense ThreatSeeker. The content on the ‘800-098-8052’ pop-ups and associated pages are tailored to look like it comes from the Microsoft Corp. Experts have seen the ‘800-098-8052’ pop-ups include screenshots of Windows 10,...

Posted on February 17, 2017 in Adware

‘844-786-8921’ Pop-Ups

The ‘844-786-8921’ pop-up windows refer to phishing messages loaded on domains that are used to promote the services of fake computer support companies. We have seen the ‘844-786-8921’ messages advertise help with computer problems on the 844-786-8921 phone line and several other lines that are advertised on similar sites. The ‘844-786-8921’ pop-ups are reported to feature a modified screenshot of Support.microsoft.com and logos of Internet browsers like Edge, Internet Explorer, Google Chrome and Mozilla Firefox. Users should not associate the ‘844-786-8921’ messages with legitimate services connected to the Microsoft Corp., Google Inc. and the Mozilla Project. Con artists may use misappropriated digital certificates and hijack SSL certificates of third parties to convince users to call...

Posted on February 17, 2017 in Adware

‘800-341-9813’ Pop-Ups

The ‘800-341-9813’ pop-up windows, also known under the name ‘Porn*Virus*Detected’ pop-ups, refer to a phishing campaign that aims to direct users to call the 800-341-9813 phone line and ask for help with their computers. The code behind the ‘800-341-9813’ pop-ups is hosted on the Google APIs platform as a public Web-app, which is accessible via h[tt]ps://storage.googleapis.com/microsoft-security-scans-on-system-performed-100x/alert.html. The Web-app hosted on storage.googleapis.com is programmed to bring a fake security message on the screen of users who open the link mentioned before. We have received reports that the app receives traffic from a browser hijacker that redirects users to storage.googleapis.com. Computer users may install a browser hijacker with a corrupted free program and riskware....

Posted on February 17, 2017 in Adware

Search.searchwfaa.com

The Search.searchwfaa.com portal is associated with the Weather Forecast Alerts extension by Eightpoint Technologies Ltd., and the program may be installed with software packages published by Polarity Technologies Ltd. Computer users may encounter the extension under the name Weather Forecast Alerts New Tab. The program at hand is designed to serve as an addition to Google Chrome, Internet Explorer and Mozilla Firefox. As the name suggests, the Weather Forecast Alerts extension is supposed to provide extra information in your browser that includes weather forecast, humidity level, atmospheric pressure, and wind direction and speed. Web surfers can add the Weather Forecast Alerts extension to their Internet client by navigating to Weatherforecastalerts.com and use software packages by Polarity Technologies Ltd. PC users are not required...

Posted on February 17, 2017 in Browser Hijackers