Trojan:Win32/Peals.A!cl

Trojan:Win32/Peals.A!cl is a heuristic identification used by Windows Defender when it detects a Trojan. Trojan:Win32/Peals.A!cl is considered a severe threat because it may jot down visited websites and your keystrokes and send it, as well as additional information, such as your username, to third parties. Additionally, Trojan:Win32/Peals.A!cl may install supplementary threats and even use your machine to accomplish click fraud. Also, ill-minded computer users may use Trojan:Win32/Peals.A!cl to obtain remote access to your computer. It is obvious that no computer users will introduce Trojan:Win32/Peals.A!cl to their machines voluntarily, so it uses misleading tactics to get access to a PC, which encompasses spam email with corrupted attachments and links, pop-up advertisements, websites that display adult content, etc. Since...

Posted on November 7, 2016 in Trojans

Searchgoog,ru

The Searchgoog.ru portal is presented to users as a search service powered by a custom build of Google. The Searchgoog.ru portal is tailored to suit the needs of Russian-speaking user and users may not find it particularly user-friendly. Searchgoog.ru is reported to provide image and text-based results only. The results are produced on a newly opened tab after you hit the enter button or click the magnifying glass icon. We should note that the results on Searchgoog.ru are not filtered by Google and cannot be sorted by date, relevance and pattern. Web surfers that are comfortable with the services on Google may wish to avoid Searchgoog.ru. However, the Searchgoog.ru page is related to browser hijacking where users are redirected to Searchgoog.ru automatically. A quick peek at some public records shows that Searchgoog.ru is registered to...

Posted on November 4, 2016 in Browser Hijackers

‘Error #36581f3ae37’ Pop-Ups

Computer users that are shown the ‘Error #36581f3ae37’ pop-up windows may think that they are generated by support.microsoft.com/ru-ru/en judging by the address bar. However, you should look closely when the ‘Error #36581f3ae37’ notifications are shown. The ‘Error #36581f3ae37’ alerts do not originate from support.microsoft.com/ru-ru/en. The ‘Error #36581f3ae37’ messages are hosted on phishing pages like nvo9g71hptqxje.online and many others. Security analysts report that the ‘Error #36581f3ae37’ pop-ups feature phishing content and promote fake technical support services on the +18886098597 phone line. The ‘Error #36581f3ae37’ is associated with untrusted pages where a bad JavaScript code is utilized to make the visitor’s browser malfunction. For example,...

Posted on November 4, 2016 in Adware

DummyCrypt Ransomware

The DummyCrypt Ransomware is also known as ‘DummyEncrypter.’ The DummyCrypt Ransomware has been observed being distributed as a supposedly unlocked version of Ccleaner, a commonly used shareware program that helps computer users improve their computer’s performance. Another common way of distributing the DummyCrypt Ransomware, shared by most ransomware Trojans, is the use of corrupted files or embedded links distributed in spam email messages. The DummyCrypt Ransomware includes a screen locker and uses the AES-256 encryption to take the victims’ files hostage. The DummyCrypt Ransomware seems to be an independent ransomware threat, rather than belonging to a large family of ransomware such as Troldesh or Crysis . It is likely that the creators of the DummyCrypt Ransomware are newcomers, working...

Posted on November 4, 2016 in Ransomware

Software-dl.xyz

The Software-dl.xyz domain is not recognized as a trusted site and does not host a reputable software deployment platform. Moreover, the Software-dl.xyz site is reported to promote software updates for Java and Adobe Flash that are packed as program bundles. Computer users should reconsider the download of software advertised at Software-dl.xyz because it may result in the installation of riskware such as CouponAmazing , FireDiveDownloader and FaceThemes . Safe updates to Java and Adobe Flash are provided by Oracle Corporation and Adobe Systems Incorporated on their official sites and through protected channels using built-in update clients. Security experts do not recommend installing updates from Software-dl.xyz due to the potential danger that arises from the fact that Software-dl.xyz does not partner with Oracle Corp. and Adobe...

Posted on November 4, 2016 in Browser Hijackers

WinRarer Ransomware

First observed in November of 2016, the WinRarer Ransomware is a ransomware Trojan. Although it claims to be a file encrypter, the WinRarer Ransomware uses an uncommon method to take the victim’s files hostage. The WinRarer Ransomware does not function in the same way as most of the ransomware Trojans active today. The most similar ransomware Trojan observed before the appearance of the WinRarer Ransomware was known as the Bart Ransomware . Rather than encrypting different files individually, the WinRarer Ransomware moves the targeted files to an archive file, which is itself password protected. The WinRarer Ransomware targets the following file types in its attack: .123 | .3dm | .3ds | .3g2 | .3gp | .602 | .aes | .ARC | .asc | .asf | .asm | .asp | .avi | .bak | .bat | .bmp | .brd | .cgm | .cmd | .cpp | .crt | .csr | .CSV |...

Posted on November 4, 2016 in Ransomware

Copypast.ru

Copypast.ru is a site dedicated to funny images, videos and motivating text. The Copypast.ru site is available in the Russian language only. Users that do not know Russian may not find the content at Copypast.ru interesting enough to scroll down the page. Apart from the limited audience that can appreciate the uplifting images and videos at Copypast.ru the site is linked to cases of browser hijacking. The Copypast.ru site is listed in complaints from users who report their browser loaded Copypast.ru automatically. Computer users may install freeware that is supported by advertisements hosted at Copypast.ru. Additionally, there is a search service at Copypast.ru, which can be accessed via the address Copypast.ru/p/main.html. While the images and ads on Copypast.ru may be safe, the search service may present corrupted links. We have...

Posted on November 3, 2016 in Browser Hijackers

Anghabar.ru

The Anghabar.ru domain is related to cases where the user’s browser was hijacked and redirected to Anghabar.ru. The Anghabar.ru domain is not deemed as untrusted and does not appear to host insecure content. However, a quick look at the 136.243.174.236 IP address of Anghabar.ru reveals that there are several dubious pages registered at the same address. It is possible that third parties might use Anghabar.ru and associated sites for shady marketing purposes and the deployment of riskware. We do not encourage the download of software that may be promoted at Anghabar.ru. Also, you should not enter information on the search field provided at Anghabar.ru because your input may be recorded by advertisers related to the domain. The Anghabar.ru site is presented to the user as a search portal with links to yandex.ru, mail.ru and...

Posted on November 3, 2016 in Browser Hijackers

Perfecthosting.co

The Perfecthosting.co site may be misused by third parties that promote technical support services on the 844-507-3556 phone line. Computer users that are presented with a pop-up by Perfecthosting.co and cannot close the new window should not call 844-507-3556. Microsoft does operate the 844-507-3556 phone line, and you should not expect to receive legitimate service. Web filters like Sucuri, Websense, and Google Safebrowsing already block connections to Perfecthosting.co. The hosting company for Perfecthosting.co brought the site down soon after they received a complaint. Regardless of the status of the site, the content at Perfecthosting.co is flagged as phishing and featured an exploit of HTML5, which made the visitor’s PC freeze. Researchers reveal that the page at Perfecthosting.co was designed to reproduce a bug in the...

Posted on November 3, 2016 in Browser Hijackers

LowLevel04 Ransomware

The LowLevel04 Ransomware is a ransomware Trojan that is being distributed through Remote Desktop and Terminal services involving poor password protection. The LowLevel04 Ransomware uses an attack typical of ransomware Trojans, encrypting the victim’s data and then demanding the payment of 4 BitCoins (approximately $2400 USD at the current exchange rate) to unlock the affected files. The first variant of the LowLevel04 Ransomware was observed infecting computers that had poor security measures and were connected to a terminal or remote desktop service. PC security analysts believe that the LowLevel04 Ransomware is part of a RaaS (Ransomware as a Service) threat family active currently. Numerous variants of the LowLevel04 Ransomware have been observed in the last year changing the email contact address or small superficial details...

Posted on November 3, 2016 in Ransomware

‘Nomoneynohoney@india.com’ Ransomware

The ‘Nomoneynohoney@india.com’ Ransomware is a variant of the Crysis Ransomware family. Threats in this family are quite harmful since its effects cannot be undone once they have infected the victim’s files. The ‘Nomoneynohoney@india.com’ Ransomware, like other Crysis Ransomware variants, will encrypt the victim’s files with a strong encryption algorithm. Unfortunately, the files that have been encrypted by the ‘Nomoneynohoney@india.com’ Ransomware and other Crysis variants cannot be decrypted without access to a decryption key that is held by the people responsible for the attack. The ‘Nomoneynohoney@india.com’ Ransomware, unlike many Crysis variants, seems to be designed to target servers and networks specifically. Although the ‘Nomoneynohoney@india.com’...

Posted on November 2, 2016 in Ransomware

MasterBuster Ransomware

The MasterBuster Ransomware is one of the many variants of HiddenTear that are being used to carry out attacks on computer users. HiddenTear was a ransomware project that was presented as an ‘educational ransomware’ infection. However, as should have been obvious, extortionists adapted the HiddenTear’s code quickly and are creating a wide variety of ransomware Trojan variants to carry out attacks on the public easily. The MasterBuster Ransomware is one of these variants. The MasterBuster Ransomware is being distributed in a spam email campaign that uses corrupted Microsoft Office documents that exploit vulnerabilities in the macro feature in this application. If the MasterBuster Ransomware has been installed on your computer, PC security analysts advise against paying the ransom the con artists demand. The...

Posted on November 2, 2016 in Ransomware

Dr. Fucker Ransomware

The Dr. Fucker Ransomware is a new version of the Samas or SamSam Ransomware , a known encryption ransomware Trojan. The Dr. Fucker Ransomware is slightly more effective in avoiding security software and in infiltrating networks. The Dr. Fucker Ransomware also features superficial changes such as a reworked naming scheme. Like most ransomware Trojans, the Dr. Fucker Ransomware is distributed using corrupted spam email attachments. These attachments may take the form of corrupted Microsoft Office documents that are designed to exploit vulnerabilities in the macro functionality in the Microsoft Office. Victims of the Dr. Fucker Ransomware attack will receive an error message or notification letting them know of the attack after their files have been compromised. If the Dr. Fucker Ransomware manages to compromise a network,...

Posted on November 2, 2016 in Ransomware

Versiegelt Ransomware

The Versiegelt Ransomware is a ransomware Trojan that is designed to target computer users in Germany and German-speaking countries. The Versiegelt Ransomware is a variant of the JigSaw Ransomware , a known ransomware Trojan that was responsible for various attacks earlier in 2016, using the extension ‘.fun’ to identify the files compromised during the attack. Like other common ransomware Trojans, the Versiegelt Ransomware will encrypt the victim’s files using a strong encryption algorithm. The Versiegelt Ransomware will add the extension ‘.Versiegelt’ to the affected file’s name to identify the files that have been compromised in the Versiegelt Ransomware attack. The Versiegelt Ransomware displays its ransom message in a pop-up window that appears on the victim’s computer (unlike other...

Posted on November 2, 2016 in Ransomware

ISHTAR Ransomware

The ISHTAR Ransomware is a ransomware Trojan that con artists use to force computer users to pay large amounts of money. Most encryption ransomware Trojans like the ISHTAR Ransomware, take their victims’ files hostage by encrypting them with strong encryption algorithms. They then demand that the victim pays a ransom by using some anonymous payment method. The ISHTAR Ransomware targets Russian-speaking computer users, and it is clear that this threat originates from Russia. The ISHTAR Ransomware is being distributed in spam email messages containing a message in Russian and a file named ‘Anketa sotrudnikov pretend na povushenie.’ Many email messages being used to distribute the ISHTAR Ransomware will pretend to be associated with social media platforms such as Facebook or Twitter. As always, you should avoid opening...

Posted on November 2, 2016 in Ransomware