iMusic Start

The iMusic Start software is a suite of browser extensions that you can find at ienjoyapps.com/utilities/imusic/. The iMusic Start suite of extensions may be promoted on software deployment platforms under the names of Search by iMusic and iMusic Search PLUS as well. Programmers associated with ienjoyapps.com developed the iMusic Start package. iMusic Start is offered to users who like to listen to music and discover new artists. iMusic Start may suit the needs of audiophiles considering that iMusic Start offers music recommendations on a daily basis and provides news from artists you may like. You do not need to pay for iMusic Start as it is free-to-use and free-to-download. Computer users that want to install iMusic Start should take into consideration that it supports Google Chrome only. Also, iMusic Start wants elevated privileges...

Posted on January 24, 2017 in Possibly Unwanted Program

JS/ProxyChanger.CW

JS/ProxyChanger.CW is a detection name used by cyber security specialists to specify a Trojan written in JavaScript and used to alter the proxy settings on remote systems. JS/ProxyChanger.CW is a Trojan that uses an automatic configuration script to force users into using a particular proxy. The result is that the user’s network traffic is routed to a server operated by a threat actor. Consequently, the data you sent and receive can be recorded, analyzed, modified and decrypted by a third-party. The operations of the JS/ProxyChanger.CW Trojan require an automatic configuration script that is packed as ‘wpad.dat.’ The Windows OS generates ‘wpad.dat’ when you choose the ‘Detect Settings Automatically’ option in the Local Area Network (LAN) Settings panel. However, the JS/ProxyChanger.CW Trojan is...

Posted on January 23, 2017 in Trojans

Search.bookmyflightco.co

Search.bookmyflight.co is a portal associated with the BookmyFlight extension by Eightpoint Technologies Ltd. You can find the BookmyFlight extension by Eightpoint Technologies Ltd. in the Chrome Webstore. As you may guess, the BookmyFlight extension is designed to provide an extended functionality when it comes to booking flights, tracking flights, booking a hotel and making a reservation. BookmyFlight by Eightpoint Technologies Ltd. supports a version for Google Chrome and requires extensive access to your online routine. If you want to benefit from BookmyFlight you will need to approve access to: Read and change all your data on the websites you visit. Manage your apps, extensions and themes. The BookmyFlight extension is programmed to change the new tab page layout of Chrome users and redirect them to...

Posted on January 23, 2017 in Browser Hijackers

Helpline-12.xyz

The address Helpline-12.xyz refers to a phishing domain that has several clones and hosts misleading information. Web filtering services such as Google Safebrowsing, Mozilla Phishing Protection, and Websense ThreatSeeker might block connections to Helpline-12.xyz and clones of the page. However, it is not difficult to set up a new site and upload misleading information on the Internet in the span of a couple of hours. There is browser hijacking software to take into consideration as well. Helpline-12.xyz is related to such software, and compromised users may not benefit from the security measures incorporated in their browser to full extend. PC security researchers found that the content on Helpline-12.xyz is presented on several other domains including error-[RANDOM CHARACTERS].xyz firewall-error.xyz firewallerrors.xyz...

Posted on January 23, 2017 in Browser Hijackers

‘844-312-7480’ Pop-Ups

The ‘844-312-7480’ pop-ups that include terms like spyware and virus should not be trusted. The messages related to the ‘844-312-7480’ pop-ups may feature logos and images from reputable security vendors to claim credibility. However, The ‘844-312-7480’ notifications are not legitimate security warnings, and you should not call 844-312-7480 even if it is toll-free. Certified computer technicians do not manage the 844-312-7480 phone line but con artists that might present themselves as employed by Microsoft Corp. Computer users that encounter the ‘844-312-7480’ pop-ups may be lead to believe their PCs are compromised and offered the following messages: Sample 1: ‘An error detected on your computer. Please contact a certified technician at 1-844-312-7480 (Toll Free)’...

Posted on January 23, 2017 in Adware

‘855-524-2270’ Pop-Ups

The ‘855-524-2270’ alerts in your browser may manifest when the browser is frozen and does not seem to accept commands like switching the tabs and entering a new address. Many users may notice that the ‘855-524-2270’ alerts are shown while the address of the page includes storage.googleapis.com. You may think that the ‘855-524-2270’ notifications are coming from a service associated with Google. However, that is not the case as fake technical support agencies abuse the free cloud storage service provided by Google to cause problems for users. The ‘855-524-2270’ notifications on your screen are hosted on pages that are uploaded to the Google Drive and rigged with bad coding to cause aberrant behavior in your browser. The ‘855-524-2270’ pop-ups are phishing messages that are...

Posted on January 23, 2017 in Adware

Jew Crypt Ransomware

The ‘Jew Crypt’ Ransomware is a ransomware Trojan that was first observed on January 23, 2017. The ‘Jew Crypt’ Ransomware receives its name from a ransom notification window that it displays. Clearly, the ‘Jew Crypt’ Ransomware was not created by a sophisticated group of threat creators. The ‘Jew Crypt’ Ransomware uses a faulty encryption engine and the email address ransom@mail2tor.com is used to contact the ‘Jew Crypt’ Ransomware’s creators. The ‘Jew Crypt’ Ransomware is so limited currently that it is possible that it simply will not work in most cases. It seems that the ‘Jew Crypt’ Ransomware may be an unsuccessful attempt to combine the code of several other ransomware Trojans. Despite the ‘Jew Crypt’ Ransomware not working...

Posted on January 23, 2017 in Ransomware

Jhon Woddy Ransomware

The ‘Jhon Woddy’ Ransomware is a ransomware Trojan that is used to lock computer users out of their computers. This is a known tactic that has been around for several years. Computer users may be forced to pay a large ransom to recover access to the infected computer. Fortunately, in the case of the ‘Jhon Woddy’ Ransomware, it is possible to restore access to the infected computer without having to pay the large amounts of money that the people responsible for the ‘Jhon Woddy’ Ransomware demand. The ‘Jhon Woddy’ Ransomware was first observed in January 2017, and it was released only a few days after the DNRansomware, another ransomware Trojan that seems to be its direct clone. PC security analysts advise computer users to take precautions against the ‘Jhon Woddy’...

Posted on January 23, 2017 in Ransomware

DNRansomware

The DNRansomware is a ransomware Trojan that is used to demand payments from computer users by taking their data hostage. PC security researchers, fortunately, have uncovered the decryption method that can allow computer users to recover from the DNRansomware attacks. The most common way of distributing the DNRansomware is through corrupted spam email attachments. Because of this, precaution when handling this data can be one of the main ways of preventing the DNRansomware infections. The DNRansomware displays a lock screen that alerts the victim of the infection. The DNRansomware bills itself as an ‘extremely powerful new RIJNDAEL encryption’ and demands a ransom of 0.5 BitCoin (approximately $460 USD at the current exchange rate). PC security analysts strongly advise ignoring the DNRansomware’s instructions. It...

Posted on January 23, 2017 in Ransomware

CloudSword Ransomware

The CloudSword Ransomware is a ransomware Trojan that seems to target both English and Chinese computer users, due to the languages used in the CloudSword Ransomware’s ransom note. The CloudSword Ransomware first appeared in January 2017. After infecting a computer, the CloudSword Ransomware displays a ransom note titled ‘Warning警告.html,’ which accuses the victim of copyright infractions and states that the files were encrypted as punishment. The CloudSword Ransomware demands the payment of a ransom in exchange for the decryption key, a typical tactic used by most encryption ransomware Trojans. Unfortunately, the files encrypted by the CloudSword Ransomware cannot be recovered without the decryption key, making it necessary for computer users to take precautionary steps to limit the damage that may be caused by these...

Posted on January 23, 2017 in Ransomware

BrowserMe

BrowserMe is a name that is given to a Trojan that is used to make computers load advertisements and click on them. The BrowserMe Trojan is named after ‘BrowserMe.exe,’ which is one of the several EXE files it uses to run. The BrowserMe Trojan is seen promoted on pop-up windows as a program dubbed ‘Chrome_Font.exe’ that needs to be installed if you intent to load pages on the Internet properly. The BrowserMe Trojan is very similar to Trojan.Clicker MSIL.Agent and Adware.RekloPay in behavior. The BrowserMe Trojan depends on the presence of Google Chrome on the infected machine. PC security researchers reveal that the BrowserMe Trojan is designed to interact with Google Chrome, run a shadow instance of the browser and open advertisements. The BrowserMe Trojan clicks on ads and claims revenue for its...

Posted on January 20, 2017 in Trojans

iPrivate Multi Search

The iPrivate Multi Search software is promoted at ienjoyapps.com/utilities/iprivate/ as a program that would enable to search the Web without being tracked. Moreover, users are suggested that the iPrivate Multi Search does not collect information on their search queries and the links they click on. The iPrivate Multi Search software is a suite of extensions for Google Chrome that includes iPrivate Search Plus, iPrivate Now, iPrivate MultiSearch and iPrivate Search. The words used at ienjoyapps.com/utilities/iprivate/ to describe iPrivate Multi Search are: ‘With iPrivate you can search the web without tracking your search history or any personally identifiable information Turn your search private with iPrivate With iPrivate chrome extensions now you can search the web without tracking your search history or any personally...

Posted on January 20, 2017 in Possibly Unwanted Program

‘webmafia@asia.com’ Ransomware

The ‘webmafia@asia.com’ Ransomware is a ransomware Trojan that is used to force computer users to pay money to recover their files. The ‘webmafia@asia.com’ Ransomware takes the victims’ files hostage by encrypting them using a strong encryption algorithm. Although it may be nearly impossible to recover the files that have been encrypted by the ‘webmafia@asia.com’ Ransomware, computer users can minimize the damage from a the ‘webmafia@asia.com’ Ransomware attack by ensuring that precautionary steps have been taken. Fortunately, ransomware Trojans like the ‘webmafia@asia.com’ Ransomware are relatively easy to thwart with only a few precautions. However, if computer users fail to be prepared, the effects of the ‘webmafia@asia.com’ Ransomware infection can be...

Posted on January 20, 2017 in Ransomware

Win Tuneup Pro

Win Tuneup Pro is advertised as a Registry optimizer that can suit the needs of professionals and regular users alike. Computer users that are interested in scanning their Registry for problems can download Win Tuneup Pro from Wintuneuppro.com for free. PC users are not required to pay a fee before they download and install the Win Tuneup Pro software. Win Tuneup Pro comes with a trial period that grants users with limited access to its functionality. For example, you can benefit from the scan engine of Win Tuneup Pro and receive results daily. The results page generated by Win Tuneup Pro may offer extended information on the problems detected on your system and offer a solution. The trial version of Win Tuneup Pro might display numerous problems related to your OS and suggest that your OS is in critical condition. The warnings shown...

Posted on January 20, 2017 in Possibly Unwanted Program

Trojan.EvilBunny

Trojan.EvilBunny is a detection used by security vendors when discussing a backdoor Trojan. The Trojan.EvilBunny threat is placed in the category of backdoor Trojans because of its functionality. Trojan.EvilBunny is introduced to computers by hacking them manually and using phishing emails. Once Trojan.EvilBunny is installed, it would make modifications to the OS that would grant a third-party access to the machine. Trojan.EvilBunny is programmed to create an access point by running a file named ‘netmgr.exe’ that is placed in the MSapps folder under the Windows directory on the primary system drive. The program is added to the list of programs that Windows OS loads during bootup by adding the following key to the Registry: ‘HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”netmgr” =...

Posted on January 20, 2017 in Trojans