RansomPlus Ransomware

Not much is known currently about the RansomPlus Ransomware, released in January 2017, although it is likely that PC security researchers will learn new information about this threat quickly. The RansomPlus Ransomware is one of countless ransomware Trojans that are released daily by con artists to carry out ransomware attacks on victims. The RansomPlus Ransomware, like other ransomware Trojans, generates revenue by threatening computer users and taking their files hostage until the victims pay a ransom. The RansomPlus Ransomware makes the victim’s files unusable by encrypting them with a strong encryption algorithm. Although it is not possible to decrypt the files that have been affected by the RansomPlus Ransomware infection, it is not unlikely that PC security researchers will release a decryption utility eventually. Meanwhile,...

Posted on January 30, 2017 in Ransomware

‘.Merry File Extension’ Ransomware

The ‘.Merry File Extension’ Ransomware is a ransomware Trojan that is a variant of the ‘Merry X-Mas’ ransomware Trojan that first appeared in Christmas season of 2016. The ‘.Merry File Extension’ Ransomware is an updated version of this ransomware Trojan and marks the files that are affected during the attack with the extension ‘.Merry.’ Like other ransomware Trojans, it demands the payment of a ransom after taking the victims’ files hostage after encrypting them with a strong encryption algorithm. The ‘.Merry File Extension’ Ransomware delivers its ransom note in an .hta file named ‘MERRY_I_LOVE_YOU_BRUCE.HTA,’ as well as including an image of the Terminator dressed like Santa Clause. The ‘.Merry File Extension’ Ransomware is distributed using...

Posted on January 27, 2017 in Ransomware

CryptConsole Ransomware

The CryptConsole Ransomware is a ransomware Trojan. The victims of the CryptConsole Ransomware are mostly Russian-speakers. However, malware researchers have reported the CryptConsole Ransomware attacks outside of Russia. Spam email messages distributing the CryptConsole Ransomware have been sent to countries other than Russia and that there are computers infected with the CryptConsole Ransomware all over the world currently. The CryptConsole Ransomware is distributed using a corrupted email attachment that may take the form of a text document and a spreadsheet. Emails used to distribute the CryptConsole Ransomware will come from a trusted email source, which will be spoofed by the con artists sending out these email attachments. This is why you must always be cautious when opening email attachments, regardless of its source. The...

Posted on January 27, 2017 in Ransomware

ZekwaCrypt Ransomware

The ZekwaCrypt Ransomware is a ransomware Trojan that has been active since May 24, 2016. The ZekwaCrypt Ransomware (also known as Win32/the ZekwaCrypt.A) is considered a severe threat to computers. The ZekwaCrypt Ransomware is used to target high-profile targets such as databases, large data containers, and corporate networks with an effective encryption ransomware Trojan. However, the ZekwaCrypt Ransomware is also effective when attacking personal computers. Initially, the ZekwaCrypt Ransomware was being distributed using corrupted spam email attachments that impersonated messages from social media platforms and accounting businesses. New versions of the ZekwaCrypt Ransomware were not seen for a while but in January 2017 numerous variants of the ZekwaCrypt Ransomware started to resurface. The ZekwaCrypt Ransomware is being...

Posted on January 27, 2017 in Ransomware

Netflix Ransomware

The Netflix Ransomware is a ransomware Trojan that uses the temptation of free access to Netflix to trick computer users into allowing it to run its encryption routine. The Netflix Ransomware, like other ransomware Trojans, is designed to encrypt victims files, making them inaccessible. After asking the victim’s files hostage, the Netflix Ransomware demands the payment of a ransom to obtain the decryption key necessary to recover the affected files. The Netflix Ransomware may be delivered to a computer by tricking computer users into downloading an application named ‘Netflix Login Generator.’ As its name implies, this program claims that it will produce a free account so that computer users can access the Netflix without having to pay. Computer users that fell for this tactic allowed it to have administrative...

Posted on January 27, 2017 in Ransomware

Ext.privacyassistant.net

Ext.privacyassistant.net is one of the several pages associated with the SearchAssist Incognito browser extension. The pages privacyassistant.net and searchassist.net relate to the re-branded version of Search Assist that is now presented to you as SearchAssist Incognito. The SearchAssit Incognito software is linked to a few other domains including privacyassistant.net, searchassist.com , searchassist.me , and searchassist.net. These portals are associated with cases of browser hijacking and riskware. The coders behind Ext.privacyassistant.net and its clones promote their SearchAssist Incognito browser extension as a tool to take control of your privacy on the Internet. Users that land on Ext.privacyassistant.net may be promised that they will not be tracked on privacyassistant.net and searchassist.net. Also, Web surfers that...

Posted on January 27, 2017 in Browser Hijackers

Gmail Improving Security by Banning JavaScript Attachments

Gmail was recently the brunt of a phishing attack that ultimately scoured countless accounts for their login credentials arming hackers with the ability to pilfer Google accounts. What is suspected to be an effort to thwart such attacks, Gmail is beefing up security by preventing JavaScript attachments. Reportedly, according to a recent announcement out of Google, JavaScript or .js files will no longer be allowed to be transferred over Gmail email. Adding to the list of .exe, .bat, and .msc files, .js files will trigger a warning notification when users attempt to attach and send them through the Gmail service. The message will clearly read that it has been blocked because its contents present a potential security issue. Before divulging the complete scope of what makes up a malicious file, you must know that not all JavaScript...

Posted on January 26, 2017 in Computer Security

Searchusatoday.com

Searchusatoday.com and Globalfindclick.com are associated with a browser add-on named ‘1M Search,’ which is classified as a browser hijacker. Both portals are presented to Web surfers as search service under the brand ‘1M Search.’ Computer users reported problems with Searchusatoday.com and Globalfindclick.com and said that they might be directed to the ‘1M Search’ service automatically. PC security analyst said that Searchusatoday.com and Globalfindclick.com were registered recently and had no positive reputation built on community networks and social media. The ‘1M Search’ browser add-on related to Searchusatoday.com may be pushed to users via a practice that is known as software bundling. It is a practice where software developers join efforts in popularizing their products by...

Posted on January 26, 2017 in Browser Hijackers

‘.potato File Extension’ Ransomware

The ‘.potato File Extension’ Ransomware is a ransomware Trojan that also is known as the ‘Potato Ransomware’ because it marks the files that it affects with the extension ‘.potato.’ The ‘.potato File Extension’ Ransomware works by encrypting the victim’s files, making them inaccessible. The files that have been encrypted by the ‘.potato File Extension’ Ransomware will no longer be accessible. The victim is then asked to pay a substantial ransom to recover the files that were affected during the attack. Threats like the ‘.potato File Extension’ Ransomware may be distributed using spam email messages, although malware analysts have received reports that the ‘.potato File Extension’ Ransomware infections may be linked to a RAT (Remote Access Trojan)...

Posted on January 26, 2017 in Ransomware

LataRebo Locker Ransomware

The ‘LataRebo Locker’ Ransomware is a ransomware Trojan that is used to lock computer users out of their machines. The ‘LataRebo Locker’ Ransomware is classified as a screen locker. This is because of the method used by the ‘LataRebo Locker’ Ransomware to lock computer users out of their system, which involves displaying a large window that prevents computer users from accessing their files or Desktop. The ‘LataRebo Locker’ Ransomware’s screen locker also blocks access to the Windows Task Manager, shortcut keys, and other functions that could be used to bypass these issues on an affected computer. Con artists use screen lockers like the ‘LataRebo Locker’ Ransomware to extort computer users so that they’ll pay money to regain control over their machines. Screen...

Posted on January 26, 2017 in Ransomware

FunFact Ransomware

The FunFact Ransomware is as ransomware Trojan uncovered in January 2017. PC security researchers have observed that, once the FunFact Ransomware has entered a computer, it will use the RSA and AES encryption to encrypt the victim’s files, making them unreadable. The FunFact Ransomware creates various files on the infected computer (‘clsign.dll,’ ‘trc.dll,’ ‘rar.exe,’ ‘wallet.jpg,’ ‘note.ini’), which appear in each directory where the FunFact Ransomware encrypted any of the victim’s content. The file named ‘note.ini’ has the FunFact Ransomware’s ransom note. The FunFact Ransomware’s ransom note lets the victim know of the extent of the attack, alerting them that their files were encrypted and the only way to recover them is to pay for...

Posted on January 26, 2017 in Ransomware

‘Error # 3658878cba98999’ Pop-Ups

The ‘Error # 3658878cba98999’ pop-up windows are not recognized as trustworthy security alerts. The ‘Error # 3658878cba98999’ alerts are classified as phishing messages that are produced on untrusted pages and may be loaded on the screen of users under the influence of a browser hijacker. PC users that receive the ‘Error # 3658878cba98999’ notifications may be unable to close them due to a bad JavaScript embedded in the page they loaded. It is a standard practice for fake security alerts to feature bugs in their code and make the user’s browser malfunction. Internet clients like Google Chrome, Internet Explore, Edge, Opera and Mozilla Firefox may not respond to commands while the ‘Error # 3658878cba98999’ pop-up is displayed. The ‘Error # 3658878cba98999’ phishing...

Posted on January 26, 2017 in Adware

Trojan.Bisonal

Trojan.Bisonal is a detection name that security experts use when discussing a backdoor Trojan. The first detection of Trojan.Bisonal dates back to March 31st, 2015 with a major update to the Trojan pushed on September 22nd, 2016. Trojan.Bisonal is among the high-level representatives of its class such as Backdoor:Win32/Nosrawec.C and Backdoor.IRC.Zapchast . Trojan.Bisonal can be injected to a targeted computer by using phishing emails that carry the payload. Experts add that Trojan.Bisonal may be downloaded to remote computers with the help of tools such as the G01pack Exploit Kit and malvertising. The Bisonal Trojan is associated with a long list of files that have random names and include ‘conhost.exe’ and ‘dfea.exe.’ The Bisonal Trojan is reported to load files in the Temp and Windows directories...

Posted on January 25, 2017 in Trojans

Search.chunckapp.com

The Search.chunckapp.com site is presented to Web surfers in twenty-four languages as a search service. Search.chunckapp.com resembles Google in many ways including the presence of a drawing on the main page and a layout that reminds of Google.com back in 2010. Search.chunckapp.com is not perceived as a very popular search service because its video and news search are not working at all. The top section of the results page is occupied by five paragraphs of paid advertisements, which surfers have no way of customizing to their tastes. Content on Search.chunckapp.com was detected by Web filters to feature links to harmful software, and the search service is related to cases of browser hijacking. Understandably, many users may not be willing to use Search.chunckapp.com as their default search provider and start page. You might want to...

Posted on January 25, 2017 in Rogue Anti-Spyware Program

Startpageing123.com

Startpageing123.com is an unreliable search service that has a clone hosted on Luckypageing123.com. Startpageing123.com and Luckypageing123.com are identical in everything but the name. The portals resemble the layout of Google.com in 2010, redirect users to the legitimate version of Google when keywords are entered into the search field, and users click on ‘Search.’ Web surfers that wish to explore Startpageing123.com and its clone can do so in twenty languages. Most languages supported by Startpageing123.com suggest that the service may be aimed at users in Asia. The ‘About’ section on startpageing123.com/about.html and luckypageing123.com/about.html are the same and read: ‘startpageing123 aims to provide the ultimate online search experience. Our advanced technology provides you with the best of what...

Posted on January 25, 2017 in Browser Hijackers