QuickWeatherAlert Toolbar

The QuickWeatherAlert Toolbar software is developed by Mindspark Interactive Network, Inc. and can be downloaded at Free.quickweatheralert.com. Web surfers that are using Google Chrome, Internet Explorer and Mozilla Firefox for their online activity can install the QuickWeatherAlert Toolbar for free. Mindspark does not charge users who install the QuickWeatherAlert Toolbar. The QuickWeatherAlert software is promoted to help users get local weather forecast including the forecast for parts of the country you are interested in. Data regarding weather is pulled by the QuickWeatherAlert Toolbar from several sources and arranged in news feed. The QuickWeatherAlert Toolbar is designed to introduce several changes to your browser, which include altering your new tab page. You may be urged to allow QuickWeatherAlert set a new homepage for...

Posted on December 9, 2016 in Possibly Unwanted Program

‘.VforVendetta File Extension’ Ransomware

The ‘.VforVendetta File Extension’ Ransomware is packed as a Trojan that you may come in contact when you enable a macro in documents downloaded from spam emails. The ‘.VforVendetta File Extension’ Ransomware is a version of the SamSam Ransomware , which we covered in an article in April 2016. The variant ‘.VforVendetta File Extension’ Ransomware may have been inspired from the movie ‘V for Vendetta’ from 2005, which introduced the Guy Fawkes mask worldwide and later became the symbol of the hacktivist group Anonymous. As its name suggests, the ‘.VforVendetta File Extension’ Ransomware is named after the marker placed on encrypted objects. For example, ‘Lockheed Martin F-22 Raptor.pptx’ is transcoded to ‘Lockheed Martin F-22 Raptor.pptx..VforVendetta’....

Posted on December 9, 2016 in Ransomware

‘_morf56@meta.ua_ File Extension’ Ransomware

The ‘_morf56@meta.ua_ File Extension’ Ransomware is an encryption Trojan that is named after the marker it uses to notify the users about the data encryption. The files affected by the ‘_morf56@meta.ua_ File Extension’ Ransomware feature the ‘_morf56@meta.ua_’ suffix appended after the default file extension. For example, ‘Essexite rock.docx’ will be encrypted to ‘Essexite rock.docx_morf56@meta.ua_’ and you may need to do another report on a silica-undersaturated mafic plutonic rock. The ‘_morf56@meta.ua_ File Extension’ Ransomware is a Trojan that is spread among Windows users via a spam campaign that carries macro-enabled documents. As you may know, the macro functionality in digital documents is abused by threat actors to deliver threats. Security researchers...

Posted on December 9, 2016 in Ransomware

Supermagnet@india.com Ransomware

The ‘Supermagnet@india.com’ Ransomware is a Trojan that is a variant of the Dharma Ransomware . The ‘Supermagnet@india.com’ Ransomware is named after the email left for negotiations between operators and users affected by the Trojan. Reports from users show that the distribution campaign for the ‘Supermagnet@india.com’ Ransomware is centered on using dummy spreadsheets that have an embedded macro. The content of the dummy spreadsheets that serves as a decoy and as a message to enable macro is placed on the top of the document. Users who are lead to open the spreadsheet may enable the macro functionality in their office clients and run the macro. Windows interprets the macro as a command to download and run an executable with elevated privileges. Researchers note that the...

Posted on December 8, 2016 in Ransomware

Crypt.Locker Ransomware

The Crypt.Locker Ransomware is an encryption Trojan that behaves similarly to the Jigsaw Ransomware . The distributors of the Crypt.Locker Ransomware utilize spam emails to deliver threat droppers to users. In most cases, the users are welcomed to open a payment notification from an online store and a bank to confirm a purchase made recently. The designers of the spam messages are known to use copyrighted images and logos to convince users to open a macro-enabled document. Threats like the Crypt.Locker Ransomware and Satan666 Ransomware are known to land on computers after a macro was executed, which introduced the crypto threat into the system. Security researchers note that the Crypt.Locker Ransomware uses a reliable AES-256 cipher to lock data and may come with a fake digital certificate. The encryption engine of the...

Posted on December 8, 2016 in Ransomware

Popcorn Time Ransomware

The ‘Popcorn Time’ Ransomware was reported by security researchers that stumbled upon samples submitted on the Google’s VirusTotal. Snippets of code were shared on forums hosted on the TOR-Network and investigators determined that the ‘Popcorn Time’ Trojan is still under development at the time of writing this. The ‘Popcorn Time’ Ransomware does not appear to introduce new features regarding file encryption and works similarly to well-known threats such as the Crysis Ransomware and TeslaCrypt . Security experts note that the ‘Popcorn Time’ Ransomware can be packed easily as a file with a double extension and released with a wave of spam emails sooner rather than later. Samples of the ‘Popcorn Time’ Ransomware show that its authors may have drawn inspiration from...

Posted on December 8, 2016 in Ransomware

DiscoverLiveRadio Toolbar

The DiscoverLiveRadio Toolbar is advertised by adware and legitimate ads as a valuable addition to browsers such as Google Chrome, Internet Explorer, Opera and Mozilla Firefox. The DiscoverLiveRadio Toolbar is a product of Mindspark Interactive Network, Inc., which released the MyRadioAccess Toolbar , the Easy Radio Access Toolbar and the Your Radio Now . The DiscoverLiveRadio Toolbar is offered at Free.discoverliveradio.com for free download and usage as long as you tolerated advertisements from affiliate marketers. The DiscoverLiveRadio Toolbar may change your new tab page settings and load a customized version of Hp.myway.com, which may include ads from sponsors. Additionally, users of Internet Explorer and Mozilla Firefox may be urged by Mindspark to set Hp.myway.com/discoverliveradio/ttab02/index.html as their home page....

Posted on December 7, 2016 in Possibly Unwanted Program

Driver Updater Plus

The Driver Updater Plus is developed by Jawego Partners LLC and offered for download at Driverupdaterplus.com. The Driver Updater Plus software is promoted to solve driver problems with printers, keyboards, Webcams and other peripheral devices. According to Driverupdaterplus.com, the Driver Updater Plus supports all versions of Windows as far back as Windows XP. Computer users that cannot find the right driver for their hardware could download a trial version of the Driver Updater Plus and diagnose problems on their PCs. Additionally, the Driver Updater Plus is said to give an overview of outdated drivers and backup existing drivers. However, you might want to know that Jawego Partners LLC is known to release riskware, which we have covered in our articles on Super PC Cleanup , PC Protector Plus and PC Clean Plus . Researchers...

Posted on December 7, 2016 in Possibly Unwanted Program

Vo_ Ransomware

The Vo_ Ransomware was discovered in December 2016, five months after the SQ_ Ransomware emerged on security reports. Both threats are encryption Trojans that are delivered to potential victims via spam emails. Additionally, the Vo_ Ransomware is a slightly improved version of the SQ_ Ransomware, and both Trojans come from the same developers according to security experts. The spam emails carrying the dropper for the Vo_ Ransomware appear to feature logos from banks and online stores and urge the user make a payment referred in the invoice attached. Needless to say, users are asked to open a macro-enabled document, which is designed to install the Vo_ Ransomware Trojan in the background. When the Vo_ Ransomware is installed, it determines what type of drives can be accessed and how many files should be encrypted. The Vo_ Ransomware...

Posted on December 7, 2016 in Ransomware

Phoenix Ransomware

When the Phoenix Ransomware was first mentioned amongst security researchers, the Trojan was still in development. Researchers found the threat while digging in reports submitted to the Google’s VirusTotal platform and going on the Dark Web. Samples recovered from reports provided threat investigators with the executable to analyze, and they reveal interesting facts. The Phoenix Ransomware appears to be in development at the time of writing this. However, the Phoenix Ransomware is compact in size and can be deployed with spam emails as a file with a double extension, which may pass as a simple invoice easily. The researcher Utku Sen published an educational crypto-threat on the Github platform, which was used by threat actors to develop threats like the KimcilWare Ransomware and the HappyLocker Ransomware . The same source...

Posted on December 7, 2016 in Ransomware

GoldenEye Ransomware

The GoldenEye Ransomware is an encryption Trojan that is pushed as an improved version of the Petya Ransomware, which surfaced in March 2016. The GoldenEye Ransomware was brought to the attention of security researchers in December 2016. Spam emails aimed at human resource departments were found to carry a corrupted spreadsheet that featured a macro. As you well know by now, the macro is widely abused by threat actors to deliver threats like the Al-Namrood Ransomware and the Osiris Ransomware . PC users that work with CVs on a daily basis appear to be among the primary targets of the GoldenEye Ransomware since they are likely to open a document from an unknown sender. The macro script used to deliver the GoldenEye Ransomware is designed to write base64 encoded strings into an executable file that is stored in the Temp directory....

Posted on December 7, 2016 in Ransomware

‘Add Extension’ Pop-Up

An ‘Add Extension’ pop-up may indicate that a website is trying to install an extension to the Chrome Web browser automatically, a method that may result in adware infections or a variety of other problems. Extensions loaded through the ‘Add Extension’ pop-ups may not be associated with the Google Chrome Web Store. The ‘Add Extension’ pop-up, rather, may be generated by suspicious Java scripts loaded on Web pages with dubious content. Computer users have reported that, when visiting these types of pages, they find an ‘Add Extension’ button that does not disappear, even when using pop-up blockers such as those that are included in Web browsers like Mozilla Firefox or Google Chrome. Some pop-up blockers by third parties have been effective in hiding the ‘Add Extension’ pop-up or...

Posted on December 6, 2016 in Adware

Sage Ransomware

The Sage Ransomware is a typical ransomware Trojan that is used to encrypt the victims’ files and then demand ransom in exchange for the decryption key. PC security analysts suspect that the Sage Ransomware is related to the TeslaCrypt family of ransomware after studying the Sage Ransomware’s code. If the Sage Ransomware has been installed on your computer, PC security researchers advise computer users to avoid paying the ransom, since this seldom results in the recovery of the affected files. The Sage Ransomware encrypts the victim’s data by using a strong encryption algorithm. After encrypting the victim’s files, the Sage Ransomware shows a ransom note to the victim in the form of a pop-up message. The text of the Sage Ransomware’s ransom note reads as follows: ‘ATTENTION! the Sage...

Posted on December 6, 2016 in Ransomware

Satan666 Ransomware

The Satan666 Ransomware is a ransomware Trojan. The Satan666 Ransomware identifies files it encrypts by using the ‘.locked’ extension, which has been observed before in numerous other variants in the same ransomware family as the Satan666 Ransomware. Like other encryption ransomware Trojans, the Satan666 Ransomware is designed to take over the victim’s computer, encrypting the victim’s files to make them inaccessible. After the victim has been locked out of their files, the Satan666 Ransomware displays a ransom note demanding payment of a large ransom in exchange for the decryption utility. Ransomware Trojans like the Satan666 Ransomware use a highly effective attack that is especially devastating because the victim’s files will remain encrypted and inaccessible even if the Satan666 Ransomware is removed...

Posted on December 6, 2016 in Ransomware

Osiris Ransomware

The Osiris Ransomware belongs to a batch of variants of the Locky Ransomware family that have been released in the final months of 2016. The Osiris Ransomware identifies the files it encrypts through the use of the extension ‘.Osiris,’ which come from the ancient Egyptian religion. This follows a pattern used in threats such as the ‘.thor’ Ransomware , which also uses a mythological god in order to identify its threat. The Osiris Ransomware encrypts the victim’s files to make them inaccessible and then demands the payment of a ransom. During its attack, the Osiris Ransomware will replace the files’ names with random characters followed by the extension mentioned above. The Osiris Ransomware delivers a ransom note in the form of an HTML file, as well as changes the victim’s desktop wallpaper...

Posted on December 6, 2016 in Ransomware