PetrWrap Ransomware

The PetrWrap Ransomware is a ransomware Trojan that seems to be derived from Petya, a well-known ransomware Trojan. The PetrWrap Ransomware seems to be a heavily modified version of this threat, and it is not likely that the same people as Petya created the PetrWrap Ransomware. The PetrWrap Ransomware is being used in targeted attacks against small businesses and other organizations. The PetrWrap Ransomware is being used to attack corporate networks, high-profile targets for these attackers. Con artists are using the Windows PsExec utility to hack into the victims’ servers and computers and then install the PetrWrap Ransomware. It is unlikely that the PetrWrap Ransomware is an official version of Petya. Instead, it is likely that a third-party has taken the code of Petya and then adapted it to carry out their own attack....

Posted on March 15, 2017 in Ransomware

Faststartpage.com

The Faststartpage.com site is presented to Web surfers as a welcoming search service that can help them discover whatever they are looking for. Faststartpage.com features a text box, a ‘search’ button and a logo that is reminiscent of the Google logo with its usage of the same color composition and similar font. Moreover, the search provided at Faststartpage.com is not patented under an independent brand. Web surfers that load Faststartpage.com are given access to a customized Google search under the logo of Faststartpage.com. You should not expect the functionality present at Google.com because the custom search provided via Faststartpage.com is very limited. You are redirected to a customized version of cse.google.com where you are presented with two options to sort results ‘Sort by Relevance’ and ‘Sort...

Posted on March 15, 2017 in Browser Hijackers

Dangerous Ransomware

The Dangerous Ransomware is a ransomware Trojan that encrypts the victims’ files as part of its attack. The Dangerous Ransomware uses a similar approach as countless encryption ransomware Trojans, which involves encrypting the victim’s files to take them hostage so that it can demand the payment of a ransom in exchange for the decryption key. These threats have increased in number and popularity since 2015 and pose a significant threat to the computer users’ data. The Dangerous Ransomware was first observed in Russia on March 9, 2017. The Dangerous Ransomware is being distributed through the use of corrupted spam email attachments, which abuse macros to execute compromised code on victims’ computer. This is a distribution tactic that is quite common, and that has been linked to various encryption ransomware...

Posted on March 14, 2017 in Ransomware

RozaLocker Ransomware

The RozaLocker Ransomware is a Trojan that targets computer users in Asia primarily. The RozaLocker Ransomware is designed to target computers using Windows, and its first victims were located in Russia. These initial infections seem to have been contracted after computer users installed a free ‘game’ credited to Alexander Render (Саши Рендера). This corrupted game, delivered in an executable file named ‘Setup.exe’ contains no information about the game itself. The RozaLocker Ransomware is carried out by ‘trainer.exe’ that is installed by the setup file. In many cases, a UAC (User Account Control) alert will pop up, which can help some computer users prevent the installation of the RozaLocker Ransomware on their computers. This is typical of less sophisticated threats that cannot bypass UAC. The...

Posted on March 14, 2017 in Ransomware

Movie Goat Default Search

The Movie Goat Default Search extension that you may find at moviegoat.com is promoted as a tool that gives you direct access to the latest news from Hollywood, Bollywood, and cinemas around the world. You may be surprised to hear that the moviegoat.com site is promoted as an alternative to popular platforms like YouTube, Vimeo and Dailymotion. However, the site was registered on December 4th, 2016 and does not appear to be supported nearly as much as its competitors. Moreover, the Movie Goat Default Search is deemed as a Potentially Unwanted program (PUP) that may change your default search provider to Feed.moviegoat.com and load Search.moviegoat.com as your new tab page and start page. Users may install the Movie Goat Default Search extension through freeware bundles primarily since the main site moviegoat.com does not appear to...

Posted on March 14, 2017 in Possibly Unwanted Program

Advance System Care

The Advance System Care at advancepctools.biz should not be mistaken for Advanced SystemCare by IObit Software even if that was the intention of the company behind the Advance System Care. The Advance System Care product is associated with advancepctools.biz that is not a top-level domain (TLD) and claims to offer system optimization features to the Windows OS users. The Advance System Care has a support line on +855-433-5747, which appears to be operated by support-geeks.com that is a free domain (as of March 14th, 2017) and does not host content. Apparently, support-geeks.com resembles Support.geeksquad.com, which offers technical support services to Best Buy customers. The Advance System Care is said to help users clean, optimize, and speed up their PCs in the span of two clicks on ‘Scan’ and ‘Fix...

Posted on March 14, 2017 in Possibly Unwanted Program

‘Install the extension for the safety of your data’ Pop-Ups

The ‘Install the extension for the safety of your data’ pop-up windows are part of the ‘Add Extension’ Pop-Up Scam that is used by untrusted sites to spread unsafe extensions to Google Chrome users. The ‘Install the extension for the safety of your data’ notifications are hosted on low-level domains that feature bizarre names and their names may represent a sequence of random characters. Web surfers may experience the ‘Install the extension for the safety of your data’ while browsing questionable video sharing platforms, adult rated sites, insecure software deployment platforms and phishing pages. Clicking on ads and hyperlinked text may open a new tab and load a page that hosts the ‘Install the extension for the safety of your data’ notification, which is brought to focus...

Posted on March 14, 2017 in Adware

Winvmx Client

The Winvmx Client is a Potentially Unwanted Program (PUP). The most common way in which the Winvmx Client and similar software are installed is by bundling them with other software. The Winvmx Client may be installed when computer users download one of these programs or other PUPs for free unless the computer users opt out explicitly. The Winvmx Client runs in the background and connects to various Web pages, ‘watching’ videos and loading advertisements in a hidden browser window. This content is not displayed on the infected computer. However, it will affect the computer’s performance definitely since bandwidth, and other resources are being used to access this content automatically. The most likely reasons for the Winvmx Client’s behavior is to generate advertisements revenue by inflating these websites’...

Posted on March 13, 2017 in Possibly Unwanted Program

MyTransitMapper

The MyTransitMapper browser extension, also seen as MyTransitMapper by MyWay, is published as a free app that runs within the browser that “provides these features and web search on your New Tab,” which is how it is advertised at Mytransitmapper.com. The MyTransitMapper extension is promoted via legitimate advertisements and commercials generated by adware such as DeskFavorites and Live Video Search . MyTransitMapper is developed and owned by Mindspark Interactive Network, Inc., which is a company that makes ad-supported programs. You should note that MyTransitMapper is an ad-supported software that is a repacked version of the DirectionsAce Toolbar released by Mindspark Interactive Network, Inc. earlier. One of the signature moves of Mindspark is to repack its extensions under new names when security scanners flag...

Posted on March 13, 2017 in Possibly Unwanted Program

Universalsearch.co

Universalsearch.co is presented as a search service that is associated with a browser extension named ‘Health New Tab,’ which does not appear to have an official page on the Open Web. Universalsearch.co and ‘Health New Tab’ appear to be trademarks of Facty Network that governs Direct.health.facty.com and offers a limited number of articles dedicated to health problems and a customized search powered by Google. Computer users that installed the ‘Health New Tab’ extension may notice that their new tab and start page load Universalsearch.co by default. Reports from users suggest that the ‘Health New Tab’ extension is installed via freeware bundles primarily and does not offer information on its capabilities. The ‘Health New Tab’ extension associated with Universalsearch.co...

Posted on March 13, 2017 in Browser Hijackers

WeatherBuddy

The WeatherBuddy program that you can find at Weatherbuddy.net is offered as a tool that you can use to keep up with weather forecast from services like Accuweather.com, Wunderground.com and Weather.com. WeatherBuddy is said to work as a widget you can add to your desktop and have a preview of the latest weather forecast from your favorite service. Computer users that run Windows 7, 8.1 and 10 may install a free version of WeatherBuddy that is ad-supported. The company WeatherBuddy LLC that created the weather widget offers a monthly subscription for WeatherBuddy that is priced at 3 USD, which are subtracted from your bank account every month. Supposedly, the subscription removes the advertisements shown by WeatherBuddy on your screen. Computer users that are interested in subscribing to the services offered via WeatherBuddy may want...

Posted on March 13, 2017 in Adware

Search.mysafesearch.net

The Search.mysafesearch.net site is associated with the MySafeSearch browser extension aimed at Google Chrome users. MySafeSearch browser extension can be found at Mysafesearch.net where users are offered to install the app for free and benefit from a quick, easy and convenient search result for their everyday needs. Search.mysafesearch.net is said to be the best source of localized results, image, videos, and news that you can access via the MySafeSearch add-on. Computer security researchers note that MySafeSearch may appear to work like My Web Shield and claim to offer a safe search, but you should not be fooled. The MySafeSearch add-on is recognized as a browser hijacker that may arrive on your system with a free program bundle and redirect you to Search.mysafesearch.net. The MySafeSearch browser hijacker might change your new tab...

Posted on March 13, 2017 in Browser Hijackers

Roshalock Ransomware

The Roshalock Ransomware is a ransomware Trojan that locks the victim’s files in an archive file that is protected with a password. These variants of ransomware infections first started to appear in 2017 and seem to be gaining popularity. Rather than encrypting the files using a strong encryption algorithm, the variants in this hoax such as the Roshalock Ransomware will move the files into archives such a RAR or 7Z files. The Roshalock Ransomware targets 2634 file extensions in its attack and is capable of affecting most of the computer users’ files. The files encrypted by the Roshalock Ransomware will be placed into a RAR file named ‘All_Your_Documents.rar’ that will be saved in its own directory by the same name. The Roshalock Ransomware delivers its ransom note in the form of a text file named ‘All Your...

Posted on March 13, 2017 in Ransomware

‘This PC Has Been Blocked’ Screen Locker

The ‘This PC Has Been Blocked’ screen locker is used to trick computer users into paying for a fake technical support service. This is a well-known tactic that is used to prey on inexperienced computer users. The ‘This PC Has Been Blocked’ screen locker will block the infected computer’s screen and then ask that the victim to call the phone number 844-703-1130. Threats like the ‘This PC Has Been Blocked’ screen locker may be distributed by bundling it with other software. The ‘This PC Has Been Blocked’ screen locker also has been distributed in the form of a fake update for Adobe Flash or Java on shady websites offering bogus updates. The ‘This PC Has Been Blocked’ screen locker infection is designed to infect computers using the Windows operating system. The ‘This...

Posted on March 10, 2017 in Trojans

Vortex Ransomware

The Vortex Ransomware infection is designed to target computer users in Poland. The Vortex Ransomware was first observed on March 9, 2017, and carries out a typical ransomware attack on infected computers. The Vortex Ransomware has been linked to two executable files on infected computers, which may be named ‘AESxWin.exe’ or ‘polish.exe.’ The most common way of distributing the Vortex Ransomware is through the use of corrupted email attachments that may be delivered using spam email messages. The Vortex Ransomware is installed on victim’s computers by tricking them into opening a corrupted text document that uses macros to execute corrupted code on the infected computer. These files may be associated with social engineering techniques used to trick computer users into opening the file attachment. Opening...

Posted on March 10, 2017 in Ransomware