Fake anti-virus programs are still among the most common types of online scams. Criminals continue to create fake anti-virus programs like System Care Antivirus in order to fool unsuspecting computer users into buying useless security software. These fake anti-virus programs are renamed and repackaged every few weeks, a pattern that has repeated itself consistently since their first appearance nearly a decade ago. Despite its name, System Care Antivirus is not actually an anti-virus program. In fact, it is the complete opposite; System Care Antivirus is a kind of malware infection commonly known as a rogue security program. System Care Antivirus is designed to cause problems on a...

The CIBS Pol Virus is a police ransomware Trojan that belongs to the Urusay family of malware. This police ransomware Trojan is classified as a Winlocker because it blocks access to the victim's computer by displaying a full-screen message that claims to be an alert from the police. CIBS Pol Virus is a well known scam that is in no way connected to the police force. Instead, the CIBS Pol Virus is used by criminals to scam inexperienced computer users so that they will hand over their money out of fear of prosecution, jail time and severe fines. If your access to your computer is blocked by the CIBS Pol Virus, ESG security researchers strongly advise against following the steps...

MyStart is a browser hijacker that uses the MyStart by Incredibar toolbar and a browser hijacking component that forces its victims to visit the MyStart.Incredibar.com website. This website is a low-quality search engine that displays more advertisements than legitimate results. Even worse, several of MyStart's search results may lead computer users to websites containing malicious content. Although MyStart actually provides a supposed tool to remove this component from the victim's web browser, ESG security researchers recommend disregarding this component and instead removing MyStart with the help of a reputable anti-malware utility. MyStart can refer to both the low-quality...

Windows Active Guard is a malware program that belongs to the FakeVimes family of fake security software. Windows Active Guard carries out a common online scam that involves pretending to be a real security program in order to convince inexperienced computer users that they must pay for an expensive 'upgrade'. Since there are no real anti-malware capabilities on Windows Active Guard and it is, in reality, a malware infection itself, ESG malware researchers strongly recommend ignoring all of Windows Active Guard's warnings and removing this bogus security program with a reliable anti-malware application. Windows Active Guard's Family of Rogue Security Programs FakeVimes malware...

ESG security researchers have received reports of a ransomware infection, known as the FBI Moneypak ransomware, that targets computer users in the United States. The FBI Moneypak ransomware infection will claim that the victim's computer was involved in viewing child pornography and then demands payment of a 100 dollar 'fine' to be sent via MoneyPack. Of course, that a criminal charge as serious as child pornography would be punished with a mere 100 dollar fine is laughable. There is a reason for this, the FBI Moneypak ransomware is not really from the FBI. Rather, this message is actually part of a common malware scam. The FBI Moneypak ransomware scam will use a Winlocker, that is, a...

The so-called Ukash Virus is a ransomware Trojan that receives its name because Ukash Virus requires that its victims use Ukash (a legitimate money transfer service) to transfer the ransom funds. This dangerous Trojan infection is composed of a Winlocker component that basically blocks access to the infected computer system, disabling access to the infected computer system's desktop, Task Manager, command line, Registry Editor and other services and applications. There are countless variants of the Ukash Virus, designed to target various different countries in Europe and North America. ESG malware analysts strongly advise against paying the ransom that this malware infection tries to...

Live Security Platinum is one of the many fake security programs in the WinWebSec family of malware. Although ESG security researchers have been following the WinWebSec family of malware for several years, Live Security Platinum is a relatively new variant first detected in 2012. Because of this, it is pivotal to ensure that your security software is fully updated. Like most fake security programs, Live Security Platinum is designed to induce PC users to purchase a worthless 'full version' of Live Security Platinum. To do this, Live Security Platinum will try to scare the computer user with a variety of fake error messages, pop-up alerts from the Taskbar and a convincing fake scan of...

DNS Changer is a Trojan that is designed to force a computer system to use rogue DNS servers. Also, DNS Changer is being referred to as the Internet Doomsday Virus, Ghost Click Malware, DNS Changer Rootkit, DNS Changer Malware, DNS Changer Trojan, DNS Changer Virus, FBI DNS Changer or DNSChanger. A DNS Changer infection will typically have two steps, in order to reroute the infected computer’s traffic to these malicious DNS servers: A DNS Changer malware infection will change the infected computer system’s settings, in order to replace the DNS servers to rogue DNS servers belonging to hackers or online criminals. The DNS Changer malware infection will then try to...

Know the Bible Toolbar is a potentially bad toolbar that may be installed into a Web browser and permit computer users to search online with MyWebSearch, a PUP (potentially unwanted program) that may replace and divert all of the PC user's search results and DNS errors, and substitute the default start page and search provider with Mywebsearch.com or other similar website. MyWebSearch may automatically become the default search service which may take over all search terms and phrases and trace the PC user's Web browsing routine to deliver and display targeted ads. The search features and other non-search-related features of KnowTheBible Toolbar may be customized by the PC user. Throughout the download process, the PC user may be offered the option to reset the Web browser's default start page to Home.mywebsearch.com or other similar website. If the computer user agrees with this...

FlowSurf is a PUP (potentially unwanted program)/adware that may surreptitiously access a PC, or it may be installed on a computer as an optional application bundled with free programs. FlowSurf may interrupt with a computer user's surfing routine by showing disturbing advertisements encompassing a variety of discount coupon offers and deals or sponsored links for online shopping, among search results in any major search provider. FlowSurf may repeatedly redirect a PC user to untrustworthy websites that may be created for promotional intentions. FlowSurf may be produced with the aim to benefit from raised Internet traffic and clicks on advertisements. If a PC user clicks on the FlowSurf's advertisements, he may unknowingly install other adware or potentially unwanted programs on a computer system.

Savings Season is considered to be an adware threat that may inject annoying ads with its affiliate advertising providers in an effort to serve a variety of advertisement types incorporating inline text links, banner and pop-ups. These advertisements may strive to market the installation of additional untrustworthy content incorporating Web browser toolbars, optimization applications and other tools, all so the author can benefit from this. Savings Season may interact with the PC by showing ads, involving without limitation by inserting into websites or showing over parts of such websites ads, banners or discount coupons that would not otherwise show up, converting words on websites the computer user views into hyperlinks that are associated with ads, communicating with the Savings Season servers to check for new offers, the placement of offers, the date and time the PC user installs...

Downloader.Ajuxery is a Trojan that downloads other malware infections onto the affected PC. When Downloader.Ajuxery is launched, it creates a registry entry. Downloader.Ajuxery can connect to the distant locations. Downloader.Ajuxery then drops the potentially harmful file from one of the distant locations. Downloader.Ajuxery enables cybercriminals to gain remote unauthorized access and control of the contaminated computer system. Downloader.Ajuxery then creates the file to delete itself from the attacked computer system.

Infostealer.Neabolsa is a Trojan that steals information from the corrupted PC. When Infostealer.Neabolsa is executed, it creates the potentially malicious files on the victimized computer system. Infostealer.Neabolsa may create a service with the specific properties. Infostealer.Neabolsa may create a registry subkey to register the service. Infostealer.Neabolsa then may add the registry entries. Infostealer.Neabolsa may also modify the registry entries. Infostealer.Neabolsa may collect information from the affected PC and transfer it to the remote locations.

AtuZi is adware that may be installed on a computer as a plug-in, add-on or browser extension on all the Web browsers installed on a PC. Adware.Atuzi may generate and embed non-stop advertisements on websites or hyperlink random words. When a PC user clicks somewhere on the website, adware may open pop-up windows and display advertisements with the text 'Ads by AtuZi'. Adware.Atuzi may gather the computer user's surfing information and use it for showing more associated advertisements pertaining to the PC user's Web searches and visited websites. Adware.Atuzi may access specific information on all websites the computer user visits. Adware.Atuzi may substitute search provider results in any popular search service and continuously redirect computer users to untrustworthy websites that may designed for commercial purposes. Adware.Atuzi may be produced to benefit from raised traffic of an...

APlusGamer Toolbar, otherwise known as APlusGamer Internet Explorer Toolbar, is a PUP (potentially unwanted program) created by Mindspark Interactive Network. Throughout installation, APlusGamer Toolbar may create a startup registration point in Windows in order to be automatically launched when the PC user starts the computer system. After installation, APlusGamer Toolbar may add a Windows Service which is created to launch continuously in the background. Manually stopping the service may cause APlusGamer Toolbar to stop functioning properly. APlusGamer Toolbar may add a background controller service that is set to automatically load. Delaying the start of this service is possible through the service manager. APlusGamer Toolbar may embed a toolbar into Microsoft Internet Explorer. APlusGamer Toolbar may be generated to create and display non-stop ads and, thus, aim to benefit from...

Open Software Updater is a PUP (potentially unwanted program)/adware that may result in a variety of computer problems on a PC. Open Software Updater may be used for gathering the computer user's Internet surfing information such as the PC user's search requests, websites visited and time spent on those websites. Open Software Updater may then transmit these details to third-parties and use it for advertising and promotional or other unknown intentions. After installation, Open Software Updater may display targeted advertisements, in-text links and notifications with the goal to generate advertising income from clicks on advertisements. If the computer user clicks on these advertisements, he may get unwillingly rerouted to untrustworthy websites in an effort to raise their sales or page rank. Open Software Updater may propagate and access the computer as an optional program bundled...

EasyLife Gadget is known to Web browser hijacker with adware capabilities that may substitute the default start page, search service or a new tab page with Search.easylifeapp.com. EasyLife Gadget may also make modifications to the content of websites visited by PC users in an effort to embed disturbing advertisements. EasyLife Gadget may gather information about the computer user's surfing routine and websites he has visited, which may be shared with third-parties and used for showing targeted ads and promotional and advertising material. The plug-in and other services of EasyLife Gadget may gather and store information pertaining to the websites computer users visit and their activities on those websites (Web browser type, time and date, click stream information, subject of ads clicked or scrolled over). Information collected by EasyLife Gadget may also incorporate sensitive details...

MyStart Toolbar, packaged with MyStart Apps is a potentially unwanted toolbar produced by Visicom Media (VMN). MyStart Apps may be installed into well-known Web browsers such as Google Chrome, Mozilla Firefox and Internet Explorer. MyStart Apps is an ad-supported application that is produced to probably show ads within the application itself and replace the Web browser's default start page and search service or a new tab window with a sponsored website. MyStart Apps may forcibly divert PC users to suspicious websites in an effort to raise traffic of these websites. MyStart Apps may strive to benefit from clicks on ads. MyStart Apps may gather surfing information of the computer user and later transfer and use it for targeted marketing intentions. MyStart Apps may be delivered and access the PC as an extra tool packaged with free software.

Secury-surf.com is a questionable web search engine, which has no capability of providing computer users with search results associated with their online search queries they could believe despite that it may claim that it is powered by Yahoo or any other major search service. Secury-surf.com may be associated with browser hijackers and adware that may modify search results in any well-known search provider as well as Secury-surf.com. Browser hijackers and adware related to Secury-surf.com may forcibly divert PC users to Secury-surf.com and other unwanted websites that may be commercial and show intrusive pop-up ads and banners produced to potentially benefit from clicks on advertisements and raised website traffic. Browser hijackers and adware pertaining to Secury-surf.com may also display annoying pop-up ads and messages that may be linked to the computer user's surfing activity....

Web.mappingdo.net is an adware and browser hijacker related website, which may simulate a genuine update website; however, in truth, it may not work and may be produced with the goal to dupe computer users into downloading various computer threats. Web.mappingdo.net-associated PC infections may alter search results in any major search provider or any other website and continuously divert PC users to Web.mappingdo.net and other similar websites that may be commercial. After installation on the PC, security infections linked to Web.mappingdo.net may embed an unwanted toolbar on the Web browser. Adware and browser hijackers related to Web.mappingdo.net may also strive to deliver and show random pop-up advertisements and messages such as 'Your software may be out of date' encouraging computer users to download software updates, or the ones connected with the PC user's browsing routine on...

Search-india.net is a questionable adware and browser hijacker related website that may masquerade as a genuine and protected search service. Search-india.net encompasses icons of Facebook, Twitter, Youtube, eBay, and many other well-known websites so that computer users can directly access them. Since Search-india.net uses Google, Yahoo or Bing search, some search results computer users get from Search-india.net may be reliable. Search-india.net, through the use of adware, may display unwanted pop-up advertisements on a computer system carrying deals, offers and discount coupons for online shopping, and sponsored links within search results. Security threats such as adware and browser hijackers associated with Search-india.net may usually propagate and access the PC bundled together with other free programs that are made available for PC users for downloading on numerous suspicious...

PngToPPTConvert is an ads-supported browser plug-in that may install itself on a Web browser with the purpose to display a variety of intrusive advertisements and pop-up notifications. After installation, PngToPPTConvert may be hard to uninstall from a PC since there may not be a 'Delete' button as other usual browser plug-ins have. PngToPPTConvert may automatically be enabled when it is installed, and it may not permit computer users to deselect the 'Enable' button since it might have been 'Installed by enterprise policy'. PngToPPTConvert may create and display in-text advertisements by hyperlinking random text displayed on the website the computer user visits, but it may also show banner advertisements, pop-up advertisements and discount coupons advertisements. If clicked on advertisements, PngToPPTConvrt may forcibly reroute PC users to unreliable websites. PngToPPTConvrt may be...

SaveriBox is a JustPlug.It Web browser extension that may circulate via the WebPick InstalleRex download and install manager. In addition to be incorporated in various offer bundles of adware, the JustPlug.It cross-browser extension may run with a variety of components incorporating a Windows service, an auto-starting component and the browser toolbar/plug-in which is developed to insert advertisements in the Web browser in the form of banner ads, hyper-text links and pop-up advertisements. SaveriBox might take over current advertising on websites and embed affiliate codes in links as discount coupon offers. Throughout installation, SaveriBox may integrate itself in a folder with a random name in Program Files or ProgramData and each of the added files may also have a shared random created name. The ads that are shown by SaveriBox in the Web browser may encompass misleading...