Crypt.Locker Ransomware

The Crypt.Locker Ransomware is an encryption Trojan that behaves similarly to the Jigsaw Ransomware . The distributors of the Crypt.Locker Ransomware utilize spam emails to deliver threat droppers to users. In most cases, the users are welcomed to open a payment notification from an online store and a bank to confirm a purchase made recently. The designers of the spam messages are known to use copyrighted images and logos to convince users to open a macro-enabled document. Threats like the Crypt.Locker Ransomware and Satan666 Ransomware are known to land on computers after a macro was executed, which introduced the crypto threat into the system. Security researchers note that the Crypt.Locker Ransomware uses a reliable AES-256 cipher to lock data and may come with a fake digital certificate. The encryption engine of the...

Posted on December 8, 2016 in Ransomware

Popcorn Time Ransomware

The ‘Popcorn Time’ Ransomware was reported by security researchers that stumbled upon samples submitted on the Google’s VirusTotal. Snippets of code were shared on forums hosted on the TOR-Network and investigators determined that the ‘Popcorn Time’ Trojan is still under development at the time of writing this. The ‘Popcorn Time’ Ransomware does not appear to introduce new features regarding file encryption and works similarly to well-known threats such as the Crysis Ransomware and TeslaCrypt . Security experts note that the ‘Popcorn Time’ Ransomware can be packed easily as a file with a double extension and released with a wave of spam emails sooner rather than later. Samples of the ‘Popcorn Time’ Ransomware show that its authors may have drawn inspiration from...

Posted on December 8, 2016 in Ransomware

DiscoverLiveRadio Toolbar

The DiscoverLiveRadio Toolbar is advertised by adware and legitimate ads as a valuable addition to browsers such as Google Chrome, Internet Explorer, Opera and Mozilla Firefox. The DiscoverLiveRadio Toolbar is a product of Mindspark Interactive Network, Inc., which released the MyRadioAccess Toolbar , the Easy Radio Access Toolbar and the Your Radio Now . The DiscoverLiveRadio Toolbar is offered at Free.discoverliveradio.com for free download and usage as long as you tolerated advertisements from affiliate marketers. The DiscoverLiveRadio Toolbar may change your new tab page settings and load a customized version of Hp.myway.com, which may include ads from sponsors. Additionally, users of Internet Explorer and Mozilla Firefox may be urged by Mindspark to set Hp.myway.com/discoverliveradio/ttab02/index.html as their home page....

Posted on December 7, 2016 in Possibly Unwanted Program

Driver Updater Plus

The Driver Updater Plus is developed by Jawego Partners LLC and offered for download at Driverupdaterplus.com. The Driver Updater Plus software is promoted to solve driver problems with printers, keyboards, Webcams and other peripheral devices. According to Driverupdaterplus.com, the Driver Updater Plus supports all versions of Windows as far back as Windows XP. Computer users that cannot find the right driver for their hardware could download a trial version of the Driver Updater Plus and diagnose problems on their PCs. Additionally, the Driver Updater Plus is said to give an overview of outdated drivers and backup existing drivers. However, you might want to know that Jawego Partners LLC is known to release riskware, which we have covered in our articles on Super PC Cleanup , PC Protector Plus and PC Clean Plus . Researchers...

Posted on December 7, 2016 in Possibly Unwanted Program

Vo_ Ransomware

The Vo_ Ransomware was discovered in December 2016, five months after the SQ_ Ransomware emerged on security reports. Both threats are encryption Trojans that are delivered to potential victims via spam emails. Additionally, the Vo_ Ransomware is a slightly improved version of the SQ_ Ransomware, and both Trojans come from the same developers according to security experts. The spam emails carrying the dropper for the Vo_ Ransomware appear to feature logos from banks and online stores and urge the user make a payment referred in the invoice attached. Needless to say, users are asked to open a macro-enabled document, which is designed to install the Vo_ Ransomware Trojan in the background. When the Vo_ Ransomware is installed, it determines what type of drives can be accessed and how many files should be encrypted. The Vo_ Ransomware...

Posted on December 7, 2016 in Ransomware

Phoenix Ransomware

When the Phoenix Ransomware was first mentioned amongst security researchers, the Trojan was still in development. Researchers found the threat while digging in reports submitted to the Google’s VirusTotal platform and going on the Dark Web. Samples recovered from reports provided threat investigators with the executable to analyze, and they reveal interesting facts. The Phoenix Ransomware appears to be in development at the time of writing this. However, the Phoenix Ransomware is compact in size and can be deployed with spam emails as a file with a double extension, which may pass as a simple invoice easily. The researcher Utku Sen published an educational crypto-threat on the Github platform, which was used by threat actors to develop threats like the KimcilWare Ransomware and the HappyLocker Ransomware . The same source...

Posted on December 7, 2016 in Ransomware

GoldenEye Ransomware

The GoldenEye Ransomware is an encryption Trojan that is pushed as an improved version of the Petya Ransomware, which surfaced in March 2016. The GoldenEye Ransomware was brought to the attention of security researchers in December 2016. Spam emails aimed at human resource departments were found to carry a corrupted spreadsheet that featured a macro. As you well know by now, the macro is widely abused by threat actors to deliver threats like the Al-Namrood Ransomware and the Osiris Ransomware . PC users that work with CVs on a daily basis appear to be among the primary targets of the GoldenEye Ransomware since they are likely to open a document from an unknown sender. The macro script used to deliver the GoldenEye Ransomware is designed to write base64 encoded strings into an executable file that is stored in the Temp directory....

Posted on December 7, 2016 in Ransomware

‘Add Extension’ Pop-Up

An ‘Add Extension’ pop-up may indicate that a website is trying to install an extension to the Chrome Web browser automatically, a method that may result in adware infections or a variety of other problems. Extensions loaded through the ‘Add Extension’ pop-ups may not be associated with the Google Chrome Web Store. The ‘Add Extension’ pop-up, rather, may be generated by suspicious Java scripts loaded on Web pages with dubious content. Computer users have reported that, when visiting these types of pages, they find an ‘Add Extension’ button that does not disappear, even when using pop-up blockers such as those that are included in Web browsers like Mozilla Firefox or Google Chrome. Some pop-up blockers by third parties have been effective in hiding the ‘Add Extension’ pop-up or...

Posted on December 6, 2016 in Adware

Sage Ransomware

The Sage Ransomware is a typical ransomware Trojan that is used to encrypt the victims’ files and then demand ransom in exchange for the decryption key. PC security analysts suspect that the Sage Ransomware is related to the TeslaCrypt family of ransomware after studying the Sage Ransomware’s code. If the Sage Ransomware has been installed on your computer, PC security researchers advise computer users to avoid paying the ransom, since this seldom results in the recovery of the affected files. The Sage Ransomware encrypts the victim’s data by using a strong encryption algorithm. After encrypting the victim’s files, the Sage Ransomware shows a ransom note to the victim in the form of a pop-up message. The text of the Sage Ransomware’s ransom note reads as follows: ‘ATTENTION! the Sage...

Posted on December 6, 2016 in Ransomware

Satan666 Ransomware

The Satan666 Ransomware is a ransomware Trojan. The Satan666 Ransomware identifies files it encrypts by using the ‘.locked’ extension, which has been observed before in numerous other variants in the same ransomware family as the Satan666 Ransomware. Like other encryption ransomware Trojans, the Satan666 Ransomware is designed to take over the victim’s computer, encrypting the victim’s files to make them inaccessible. After the victim has been locked out of their files, the Satan666 Ransomware displays a ransom note demanding payment of a large ransom in exchange for the decryption utility. Ransomware Trojans like the Satan666 Ransomware use a highly effective attack that is especially devastating because the victim’s files will remain encrypted and inaccessible even if the Satan666 Ransomware is removed...

Posted on December 6, 2016 in Ransomware

Osiris Ransomware

The Osiris Ransomware belongs to a batch of variants of the Locky Ransomware family that have been released in the final months of 2016. The Osiris Ransomware identifies the files it encrypts through the use of the extension ‘.Osiris,’ which come from the ancient Egyptian religion. This follows a pattern used in threats such as the ‘.thor’ Ransomware , which also uses a mythological god in order to identify its threat. The Osiris Ransomware encrypts the victim’s files to make them inaccessible and then demands the payment of a ransom. During its attack, the Osiris Ransomware will replace the files’ names with random characters followed by the extension mentioned above. The Osiris Ransomware delivers a ransom note in the form of an HTML file, as well as changes the victim’s desktop wallpaper...

Posted on December 6, 2016 in Ransomware

DirectionsWhiz

The DirectionsWhiz software is advertised at Directionswhiz.com as the best solution for users who are looking for directions. Ads that promote DirectionsWhiz may be found on freeware deployment platforms since the program is released for free. DirectionsWhiz is published by Mindspark Interactive Network, Inc. under the GNU Freeware Licence and you are not required to pay for its services. However, the development of DirectionsWhiz is sponsored by advertisers, and you may be welcomed to remove extensions designed to block tracking and unwanted commercials from your browser. The DirectionsWhiz application is browser-dependent and may support Google Chrome, Mozilla Firefox and Internet Explorer. DirectionsWhiz is classified as a Potentially Unwanted Program (PUP) that can change your new tab page and homepage, as well as show...

Posted on December 5, 2016 in Possibly Unwanted Program

‘Windows Defender Prevented Malicious Software’ Scam

The ‘Windows Defender Prevented Malicious Software’ message is generated by a Trojan that is associated with technical support tactics. The ‘Windows Defender Prevented Malicious Software’ should not be trusted because it promotes fake computer support services on the 877-360-0485 toll-free phone line, which is not operated by Microsoft Corp. The Trojan at hand is crafted to generate a lock screen on the desktop, which is loaded as soon as the user logs into Windows. Cyber security experts are not sure how the Trojan is delivered to users, but there is a good chance that a free program may have been bundled with badware. The ‘Windows Defender Prevented Malicious Software’ lock screen cannot be removed with the Alt+F4 keyboard command and tools like regedit.exe, Command Prompt, and taskmngr.exe may not...

Posted on December 5, 2016 in Trojans

‘Microsoft Help Desk Tech Support’ Scam

The ‘Microsoft Help Desk Tech Support’ scam is facilitated by a Trojan that behaves very similarly to the one used to generate the Microsoft Security Essentials Alert . The ‘Microsoft Help Desk Tech Support’ Trojan is programmed to display a lock screen that mimics the BSOD error report on Windows systems and suggests the user calls the 888-828-6971 helpline. The ‘Microsoft Help Desk Tech Support’ lock screen is shown as soon as the user logs into Windows thanks to an entry in the MSCONFIG panel, which is used to manage startup programs. The text on the ‘Microsoft Help Desk Tech Support’ lock screen reads: ‘A problem has been detected and windows has been shutdown to prevent damage to your computer. DRIVER_IRQL_NOT_LES_OR_EQUAL Contact your system administrator or technical...

Posted on December 5, 2016 in Trojans

NoValid Ransomware

The NoValid Ransomware is a ransomware Trojan that is used to take the victims’ files hostage. The NoValid Ransomware can be identified easily because of its ransom note, which is named RESTORE_the NoValid_FILES.HTML. The full contents of the NoValid Ransomware’s ransom message are listed below: ‘LOCKED-IN Danger! ALL YOUR FILES HAS BEEN LOCKED All your files are encrypted and can be restored after payment. For encryption, we used persistent improved algorithm AES256. For each file generated a unique decryption key and added a random number which makes decryption impossible without the use of a special configuration file which has ll the information needed to decrypt your files.’ Like most ransomware Trojans, the NoValid Ransomware makes the victim’s files inaccessible through the use of an...

Posted on December 5, 2016 in Ransomware