‘wisperado@india.com’ Ransomware

The ‘wisperado@india.com’ Ransomware is an encryption ransomware Trojan that is part of a large family of ransomware known a Dharma. The ‘wisperado@india.com’ Ransomware was first observed towards the second half of February 2017 and is designed to attack high-profile targets such as corporate networks and Web servers. Although the ‘wisperado@india.com’ Ransomware may be distributed in a variety of ways, the nature of the ‘wisperado@india.com’ Ransomware’s targets indicates that the two likely ways in which the ‘wisperado@india.com’ Ransomware may be distributed include targeted phishing email messages and hacking into a compromised computer directly. The first attacks reported involving the ‘wisperado@india.com’ Ransomware were of affected servers. The...

Posted on February 27, 2017 in Ransomware

‘800-941-043’ Pop-Ups

The ‘800-941-043’ pop-up windows in your browser that may originate from wincrashedalertinfo.xyz are not to be trusted. The ‘800-941-043’ notifications are shown on untrusted pages, which work as phishing domains. You may notice that the ‘800-941-043’ alerts are presented on a background that resembles the security alerts associated with the Google Safe Browsing. However, the 800-941-043 phone line is not operated by the staff at the Google Corp. Computer users that load content on wincrashedalertinfo.xyz and cloned pages may be unable to switch tabs, open bookmarks and minimize their browser. The problem is caused by a JavaScript hosted on the page you loaded. Web designers associated with fake computer support companies use JavaScript to prevent the browser from working properly and use it as a...

Posted on February 27, 2017 in Adware

SuperCouponPro

The SuperCouponPro Toolbar software is a re-branded version of the GetCouponsFast Toolbar , which may be released by Mindspark Interactive Network, Inc. with freeware bundles. SuperCouponPro Toolbar may be promoted via advertisements shown to users infected with adware. Both pages for SuperCouponPro Toolbar and GetCouponsFast Toolbar feature the same design and can be found at supercouponpro.com/index.jhtml and getcouponsfast.com/index.jhtml. SuperCouponPro is offered to users for free as long they are not using the app commercially. Ad-supported software dominates the product line of Mindspark, and the SuperCouponPro Toolbar is no exception. Computer users that are looking to save money by using SuperCouponPro should read the End User License Agreement and Privacy Policy on eula.mindspark.com/eula/ very carefully. The...

Posted on February 27, 2017 in Possibly Unwanted Program

‘Error # 3658ad79cc3021a’ Pop-Up

The ‘Error # 3658ad79cc3021a’ warnings on your screen that appear to be generated by Support.microsoft.com are not to be trusted. The ‘Error # 3658ad79cc3021a’ warnings are not displayed by Support.microsoft.com but on untrusted sites like topkavsupport.com that host phishing content. Computer security researchers reveal that the ‘Error # 3658ad79cc3021a’ alerts are shown on a background that is a modified screenshot of the legitimate support page for Windows OS users at Support.microsoft.com. The ‘Error # 3658ad79cc3021a’ alerts are an example for tech support scam that is using logos and images of trusted portals to claim credibility and redirect users to uncertified computer support services. The 1-844-324-2398 toll-free phone line advertised on the ‘Error #...

Posted on February 24, 2017 in Adware

‘Error # S47452D’ Pop-Up

The ‘Error # S47452D’ pop-up messages are a classic example of misleading technical support messages. The ‘Error # S47452D’ notifications can be seen on pages such as computerdebuggingsystemweb[.]online and many others. The pages that host notifications similar to the ‘Error # S47452D’ pop-up might include a bad JavaScipt code to prevent your browser from operating properly. When your Internet browser opens a untrusted page related to the ‘Error # S47452D’ messages it reads the code of the page to present the content on your screen. Programmers employed by fake computer support companies enable sites like computerdebuggingsystemweb[.]online to show the ‘Error # S47452D’ notifications on a loop and obstruct users from switching tabs, opening bookmarks and minimizing the browser...

Posted on February 24, 2017 in Adware

Fast PDF Converter

The Fast PDF Converter software that you can find at fastpdfconverter.com/start.html is promoted as an Internet-based PDF converter. Fast PDF Converter is said to enable users to process and convert files from 30+ formats to a PDF file. The reverse process is possible, and PDF files can be converted to DOC, DOCX, PPTX and TXT according to fastpdfconverter.com/start.html. The Fast PDF Converter software is packed as a browser extension which is available to Google Chrome, Internet Explorer and Mozilla Firefox users. PC users that want to convert PDF files online can give the Fast PDF Converter a try. When you install the Fast PDF Converter, there are a few things to consider which include the modifications to your browser and what type of information it needs to accesses. Google Chrome users are required to allow Fast PDF Converter...

Posted on February 24, 2017 in Potentially Unwanted Programs

Pickles Ransomware

The Pickles Ransomware is an encryption ransomware Trojan that was uncovered almost at the same time as the PyL33T Ransomware. There are numerous similarities between these two threats. They are both programmed using Python, which is not that common when it comes to ransomware Trojans. The main difference between them is that the Pickles Ransomware seems to target individual computer users and home computers, while PyL33T was created to target corporate networks, Web servers, and other high profile targets apparently. Although there is no definite proof that the same team of cyber crooks created both, there is circumstantial evidence to suggest a connection. The Pickles Ransomware has many of the advantages that are provided by using the Python programming language, such as easy updates and the ability to expand with relatively...

Posted on February 24, 2017 in Ransomware

Unlock26 Ransomware

The Unlock26 Ransomware is an encryption ransomware Trojan that is used to harm computer users, forcing them to pay large amounts of money to recover their files after they are taken hostage by this threat. The Unlock26 Ransomware was released towards the end of February 2017 and seems to be distributed through the use of corrupted spam email attachments. These corrupted email messages attempt to trick computer users into believing that the email comes from a trusted source. The Unlock26 Ransomware receives its name from a string contained in the portal used for payment: unlock26ozqwoyfv[.]hiddenservice[.]net/?signature=[UNIQUE IDENTIFIER]. This payment portal is located on TOR, and victims need to install the TOR browser to access the payment website. This is a payment method that has gained popularity among ransomware creators due to...

Posted on February 24, 2017 in Ransomware

Poorly Coded Mac Ransomware Spreading via Torrents, Doesn’t Decrypt Files after Paying Ransom

With ransomware making a profound impact on the computer security world for over a decade now, the aggressive malware isn’t showing any signs of discriminating against certain types of computers or devices with a recent outbreak on MacOS computers. New ransomware, specifically targeting Mac OS X computers, has emerged where its primary method of spreading is through Torrents. Torrent sites are known to be avenues of the Internet that illegally distribute software. Found in many Torrent services, such as BitTorrent, there is a high risk of obtaining bundled software with the illegally distributed software that users may find. Within those files obtained from BitTorrent distribution sites there can be malware lurking, and in a rash of Torrents, Mac OS X malware has been propagated in the form of ransomware. The ransomware...

Posted on February 23, 2017 in Computer Security

Mute Tabs Button

The Mute Tabs Button software that you can find at mutetabsbutton.info is offered as a browser extension for Google Chrome, and you may be able to find a version for Mozilla Firefox and Internet Explorer. The Mute Tabs Button extension was mentioned on reports from users about browser hijacking, which attracted the attention of computer security investigators. An analysis of Mute Tabs Button revealed that the extension does not provide a valid digital signature, developer information, build number, contact information, terms of use and privacy agreement whatsoever. PC users may be welcomed to install the Mute Tabs Button extension on the Chrome Webstore considering it has a page on: chrome.google.com/webstore/detail/mute-tabs-button/acdankhgibfaoiplmpboecfhdpdpcbem Also, users may install the Mute Tabs Button software along with...

Posted on February 23, 2017 in Possibly Unwanted Program

PyL33T Ransomware

The PyL33T Ransomware is an encryption ransomware Trojan that is used to encrypt the victims’ files and then demand the payment of a ransom. Encryption ransomware Trojans represent a significant threat to computer users because they will compromise the victims’ files. Even after the Unlock26 Ransomware PyL33T Ransomware itself is removed, the victim’s files will remain inaccessible because of the PyL33T Ransomware’s strong encryption method. Because of this, it is essential to take preventive measures to limit the potential damage of a PyL33T Ransomware infection. PC security researchers first uncovered the PyL33T Ransomware by analyzing a threat uploaded to an online anti-virus platform. Malware authors will often use these online anti-virus scanners to test their creations to gauge whether anti-virus...

Posted on February 23, 2017 in Ransomware

TrumpLocker Ransomware

The TrumpLocker Ransomware is a ransomware Trojan that receives its name because it features an image of the United States President Donald Trump as part of its ransom note. The TrumpLocker Ransomware is simply a repackaged version of VenusLocker , a known ransomware family that has been around since August of 2016 and was last updated in December of 2016. At the moment, it is not certain whether the same team responsible for VenusLocker is responsible for the TrumpLocker Ransomware attacks or if this threat was co-opted by a third-party. The TrumpLocker Ransomware uses an executable file named TrumpLocker.exe, which encrypts the victim’s files. Although it is not certain how the TrumpLocker Ransomware is being distributed to its victims, it is highly likely that the distribution method involves the use of corrupted email...

Posted on February 23, 2017 in Ransomware

Yapages.ru

Yapages.ru is presented as a useful start page to Russian-speaking users and everyone that installs browser add-ons that partner with Yapages.ru. The site is related to various free programs. Additionally, Yapages.ru is mentioned in more than a few cases of browser hijacking. Yapages.ru does not offer information as to what company operates the site and who registered the site. Apparently, the developers behind Yapages.ru make money from the users browsing content on Yapages.ru and providing quick links to services on Yandex.ru. The site includes a custom-built Google search engine that provides results at: cse.google.ru/cse/home?cx=partner-pub-7168134035772432:3777437103 Computer security researchers do not recommend browsing Yapages.ru and connected pages. Yapages.ru is deemed as insecure and is proved to communicate with...

Posted on February 23, 2017 in Browser Hijackers

Damage Ransomware

The Damage Ransomware is a ransomware Trojan that is used to force victims to pay a large ransomware. Like other encryption ransomware Trojans, the Damage Ransomware works by encrypting its victims’ files and then demanding the payment of a ransom. Ransomware Trojans like the Damage Ransomware have become common in the last years increasingly, making it basic for computer users to take steps to protect their machines from these attacks. Encryption ransomware Trojans like the Damage Ransomware have become quite common since 2015. The Damage Ransomware was first observed on February 22, 2017. The Damage Ransomware receives its name because it adds the file extension ‘.damage’ to the end of each file that it encrypts. The Damage Ransomware was created as a standalone threat and is not part of another family of...

Posted on February 22, 2017 in Ransomware

YouAreFucked Ransomware

The YouAreFucked Ransomware is a ransomware Trojan that encrypts the victims’ files, essentially taking them hostage and preventing computer users from accessing their data. The YouAreFucked Ransomware then demands the payment of a ransom from the victims. The YouAreFucked Ransomware receives its name because of a hex code ‘YouAreFucked’ that is embedded in the file header of each encrypted file. The YouAreFucked Ransomware represents a real threat to servers and businesses since it tends to target high-profile victims like corporate networks and Web servers. PC security analysts have observed that the YouAreFucked Ransomware is being distributed using phishing email messages meant to trick computer users into downloading and opening a corrupted file. These corrupted files will use corrupted macros to download and...

Posted on February 22, 2017 in Ransomware