The Cerber Ransomware is a ransomware infection that is used to encrypt the victims' files. The Cerber Ransomware adds the extension CERBER to every file that the Cerber Ransomware encrypts. After the Cerber Ransomware has encrypted some of the files of the victim, the Cerber Ransomware demands the payment of a ransom in exchange for the decryption key. According to Cerber Ransomware's ransom note, computer users have one week to pay the ransom amount before this amount is doubled. The Cerber Ransomware Contains an Audio Message As the Cerber Ransomware encrypts the victim's files, it creates TXT, HTML, and VBS files named 'DECRYPT MY FILES' with instructions on how to pay the Cerber Ransomware's ransom. These files are dropped on every folder that contains files that were encrypted by Cerber Ransomware. According to these ransom...

The WanaCrypt0r Ransomware is an encryption Trojan that features a worm-like attack tactic. The WanaCrypt0r Ransomware is recognized as one of the most threatening and widespread encryption Trojans up until May 12th, 2017. The WanaCrypt0r Ransomware managed to compromise more than hundreds of thousand systems across one hundred and forty countries on its first release to the real world. The brunt of the attack was taken by PC users in Russia and the National Healthcare System in Great Britain. The Trojan managed to block access to most of the computers connected to the National Healthcare System and nearly 70% of the cases that involve the WanaCrypt0r Ransomware are recorded in Russia....

The CryptoLocker Trojan is a ransomware infection that encrypts the victim's files. CryptoLocker may typically be installed by another threat such as a Trojan downloader or a worm. Once CryptoLocker is installed, CryptoLocker will search for sensitive files on the victim's computer and encrypt them. Essentially, CryptoLocker takes the infected computer hostage by preventing access to any of the computer user's files. CryptoLocker then demands payment of a ransom to decrypt the infected files. CryptoLocker is quite harmful, and ESG security analysts strongly advise computer users to use an efficient, proven and updated anti-malware program to protect their computer from these types of...

The Play-bar.net search aggregator is similar to Ultimate-search.net, and it is a questionable service that is promoted by a browser hijacker. The Play-bar.net site is operated by Blisbury LLP and features a small search bar, a weather forecast in the top right corner and a clock widget in the top left corner. Additionally, the Play-bar.net site may offer users to play Adobe Flash games on online gaming platforms likePrincess Games, GamesRockit and TikiArcade. The browser hijacker related to Play-bar.net is written with the purpose of diverting the Internet traffic of infected users to Play-bar.net and earn affiliate revenue. The Play-bar.net browser hijacker may modify your DNS settings and change your default search aggregator, homepage and a new tab to Play-bar.net. The Play-bar.net browser hijacker might edit your Windows Registry...

The Cerber3 Ransomware is a new version of a well-known ransomware Trojan. The Cerber Ransomware Trojan now uses a slightly different method during its attack. The main difference is that the files infected by the Cerber3 Ransomware can be identified through the use of .CERBER3 as the extension that identifies the files that have been encrypted in the attack. PC security analysts had observed a Cerber2 variant of this attack previously. This numbering system may indicate new versions of software, and threats are no exception. The appearance of the Cerber3 Ransomware indicates that the Cerber ransomware family is being developed and updated currently. The Cerber3 Ransomware and Possible Updates to this Threat The Cerber3 Ransomware was discovered recently, around the end of August of 2016. The Cerber3 Ransomware presents minor...

The DNS Unlocker is adware that has caught the attention of PC security researchers. Many computer users have been using programs like the DNS Unlocker to bypass region-locking components in online applications. The DNS Unlocker, in particular, has been advertised as a way for computer users to access Netflix for regions outside of their location. PC security analysts strongly recommend against this approach. There are numerous applications available that supposedly allow computer users to modify their IP or connect to certain websites that are blocked for certain regions. However, this is a common way for adware developers to distribute their low-level and mid-level threats. In several situations, it may be better to avoid using these types of components or looking for reputable options even if they are slightly more expensive than...

Tavanero.info is a bogus search engine that is associated with a PUP (Potentially Unwanted Program). Tavanero.info attempts to mimic the look and feel of the Google search engine to mislead computer users. Tavanero.info uses the Google logo colors in its layout and even includes the term 'GoogleTM Custom Search,' despite the fact that Tavanero.info has no affiliations with Google. Tavanero.info should be considered for what it is, a bogus search engine that may be used to expose computer users to potentially harmful online advertisements and content. There is no legitimate connection between Tavanero.info and Google, despite this fake search engine's claims. The Activities of Tavanero.info and Its Associated PUP Tavanero.info is linked to a type of PUP known as a browser hijacker, mainly because these components may be used to hijack...

If Tech-connect.biz start appearing as your homepage and search engine, this means that your computer is housing a browser hijacker. Then you wonder how it could have happened if wasn't you who introduced Tech-connect.biz on your machine. The answer is very simple; browser hijackers may be part of the installation of a free software you downloaded from the Web recently. This is a well-used method since the computer users may be in a hurry when installing the free program they need and instead of choosing 'Advanced' or 'Custom,' used the quickest installation method, skipping its EULA and additional details, giving the browser hijacker, adware, and PUPs, the permission to be installed unknowingly. Although not threatening, Tech-connect.biz may cause a series of inconveniences to the computer users, such as appending the argument...

The Zepto Ransomware is a variant of the Trojan Locky Ransomware. The Zepto Ransomware is designed to infect all versions of the Windows operating system, from Windows XP all the way to Windows 10. Ransomware Trojans like the Zepto Ransomware are especially threatening because, even if removed, the victim's files will still be inaccessible. Essentially, the Zepto Ransomware takes the victim's files hostage, encrypting them and demanding the payment of a ransom to decrypt them. Since the files encrypted by the Zepto Ransomware are impossible to recover without access to the decryption key, PC security analysts advise that computer users take immediate preventive measures to avoid becoming victims of this and similar ransomware Trojan attacks. The Files Encrypted by the Zepto Ransomware may be Lost Forever When the Zepto Ransomware is...

The CryptoWall Ransomware is a ransomware Trojan that carries the same strategy as a number of other encryption ransomware infections such as Cryptorbit Ransomware or CryptoLocker Ransomware. The CryptoWall Ransomware is designed to infect all versions of Windows, including Windows XP, Windows Vista, Windows 7 and Windows 8. As soon as the CryptoWall Ransomware infects a computer, the CryptoWall Ransomware uses the RSA2048 encryption to encrypt crucial files. Effectively, the CryptoWall Ransomware prevents computer users from accessing their data, which will be encrypted and out of reach. The CryptoWall Ransomware claims that it is necessary to pay $500 USD to recover the encrypted data....

RelevantKnowledge is software that exists in a moral grey area. RelevantKnowledge is widely considered spyware, because RelevantKnowledge will collect huge amounts of information about your Internet usage, and then use that information to put together even more information about you. That information is then sold, anonymously, either individually or as part of aggregate data. Given the way that RelevantKnowledge is installed on most computers, it is unlikely that most of those users are fully aware of the facts about RelevantKnowledge. What RelevantKnowledge is, and Where it Comes From RelevantKnowledge is a product of the company MarketScore, formerly called Netsetter. MarketScore...

DarkComet is a malware threat that has started to proliferate since the beginning of 2012. ESG security researchers have found that DarkComet is strongly associated with the conflict between political dissidents and the Syrian government. Basically, DarkComet is a full-fledged remote access Trojan (RAT), which allows a remote party to connect to the infected computer system and use it from afar. With full access to the victim's computer system, hackers can basically steal any information on the infected computer or use it for their own means. DarkComet uses a vulnerability in Skype, the popular online chat application, in order to spread. Whenever DarkComet's executable file runs, it connects to a server located in Syria from which DarkComet receives updates, instructions and the files DarkComet needs to take over the victim's computer...

There's a variant of the Zeus Trojan that has targeted banks and credit unions in the United States in October of 2012. This malware infection, known as the Gozi Trojan, has managed to steal sensitive data belonging to customers of important credit unions all around the United States. The Gozi Trojan attacks the targeted financial institutions' websites by inserting fields into the website in order to trick visitors into handing over their private information. The Gozi Trojan has affected at least thirty banks in the United States, often using fraudulent signatures in order to infiltrate secure networks. ESG security researchers have also observed the involvement of more than one hundred botnets in an effort to steal money using information stolen with the Gozi Trojan and transfer that money to offshore accounts. The criminals...

OnlineMapFinder is a potentially unwanted program (PUP) that is advertised at Free.onlinemapfinder.com/index.jhtml as a premium Web-app. The OnlineMapFinder application is developed by Mindspark Interactive Network, Inc. and is described at Free.onlinemapfinder.com/index.jhtml as "Maps, Driving Directions and more in one Chrome New Tab" briefly. The OnlineMapFinder application works as a browser extension/add-on that you can attach to Internet Explorer, Google Chrome, and Mozilla Firefox. You may find the OnlineMapFinder useful if you are traveling around the world with a laptop on your back. The OnlineMapFinder app may load exciting content from sources like Maps.nationalgeographic.com, Historicaerials.com, and Mapquest.com. OnlineMapFinder may be eliminated by going through the web browser add-ons and extensions menu to find and...

The TrackAPackage software may claim to offer you tools to track parcels you send and allow you to use express mail and web surfers may be attracted to install it. The TrackAPackage toolbar is deemed by security researchers as a Potentially Unwanted Program (PUP) because it may change the home page or open a new tab to Myway.com. The TrackAPackage toolbar is developed by Mindspark Interactive Network Inc. that may have a partnership with Ask.com. The TrackAPackage toolbar is cross-compatible, and you may expect changes in Internet Explorer, Google Chrome, and Mozilla Firefox. The behavior of the TrackAPackage toolbar is similar to the activities of the Video Download Converter Toolbar and the InstantRadioPlay, which some users may not be satisfied with its actions. You should take into consideration that the removal of TrackAPackage...

The Counterflix software is advertised as an application that can allow users to load geo-restricted content from services like Hulu, Pandora and Netflix. PC users that live in countries like India, China, and Russia, where Internet censorship applies may be interested in installing Counterflix. The services provided by Counterflix are available through the app and the modification of your DNS configuration. The setup page for Counterflix can be found at Counterflix.com and users will need to edit their system settings to install the Counterflix correctly. You should note that the Counterflix software is provided on an “As-Is” basis and you will not receive support from its developers. Unfortunately, the makers of Counterflix do not provide contact information like a Facebook page or a Twitter account, which you may need in case of...

The Yeadesktop.com domain is presented to Web surfers as a search service that includes links to third-party service like LinkedIn, Netflix, Yahoo, YouTube and Facebook. Yeadesktop.com offers visitors access to curated collection of Web-based mini-games as well. The site may appeal to users of all ages, but you should take into consideration that Yeadesktop.com is supported by intrusive advertisements. Additionally, Yeadesktop.may be associated with a program with the same name ('Yeadesktop') that is mentioned in cases of browser hijacking. Computer users that are affected by the Yeadesktop browser hijacker have reported that their Internet browser loads Yeadesktop.com as the default start page and new tab. We have detected that a program with the name 'Yeadesktop' may be delivered to PC users via free software bundles and make...

The Luckysite123.com domain has been linked to Web browser redirects that may be caused by browser hijackers, Potentially Unwanted Programs (PUPs), adware, and various other parasites or low-level threats. The Luckysite123.com website is designed to impersonate a legitimate search engine, as well as offer various other supposed features. The Luckysite123.com layout is designed to mimic Google, Yahoo, Bing, and other legitimate search websites. However, the real purpose of Luckysite123.com may not be the delivery of legitimate search results. Rather, Luckysite123.com may be designed to expose computer users to advertising material and keep tabs on their online searches and activity. Furthermore, the way in which computer users may be forced to visit and use Luckysite123.com against their will may make these websites problematic. How a...

The Pricegroup.online domain is classified as a source of phishing content. The Pricegroup.online site is registered to the 104.236.150.81 IP address where we have found more than twenty clones of Pricegroup.online. The site at hand is used to display fake security alerts to users that include messages like 'Windows Defender Alert: Zeus Virus Detected in Your Computer!', 'Error#268d3 Detected' and 'Critical Alert From Windows'. Additionally, the Pricegroup.online phishing site features a disturbing voice recording that says: 'Your system has been infected with spyware. This virus is sending your credit card details, Facebook login and personal emails to hackers remotely. Please call us immediately at the toll-free number listed so that our support engineers can walk you through the removal process over the phone. If you close this page...

The 'Access To Your Computer Has Been Restricted' pop-up windows in your browser that may look like a BSOD error report are not to be trusted. The 'Access To Your Computer Has Been Restricted' pop-up windows are generated on untrusted pages that might cause browser crashes and continuous reloading of the page. The sites associated with the 'Access To Your Computer Has Been Restricted' alerts are designed to cause rendering problems for users and simulate a "critical system condition" situation. The 'Access To Your Computer Has Been Restricted' alerts are not legitimate reports from Windows OS and Microsoft Corp. The 'Access To Your Computer Has Been Restricted' messages are meant to scare users into calling a computer support specialist who is supposedly a certified expert employed by Microsoft. The text on the 'Access To Your Computer...

The Kryptonite Ransomware is a file encoder program that was discovered by malware researchers while doing an analysis of suspicious samples that were submitted to an online security platform. At the time of writing, the Kryptonite Ransomware appears to be a work-in-progress project that may be inspired by the fictional gem kryptonite from the Superman comics published by DC Comics. The Kryptonite Ransomware is seen to change the desktop background of machines to an image that has a gem colored in green and the text 'KRYPTONITE' as well as a ransom message. Fortunately, the Kryptonite Ransomware is not released officially, yet. You should have time to add a backup solution and a trusted anti-malware shield to your system before the work on the Kryptonite Ransomware is complete. Malware analysts suspect that the authors of the...

The PSCrypt Ransomware is an encryption Trojan that surfaced with reports from computer security researchers in the last week of June 2017. The PSCrypt Ransomware Trojan is distributed to users via spam emails loaded with a macro-enabled Microsoft Word file. The document may be proposed to users as an invoice, order confirmation and message from a friend on a social media service. Either way, the file acts as an installer that includes a script which is loaded in Windows and issues commands that result in the installation of the PSCrypt Ransomware. A closer look at the code of the PSCrypt Ransomware revealed that the threat has been recorded in December 2016 under the name Globe Imposter Ransomware. Evidently, the authors of the Globe Imposter Ransomware have made a step away from the Globe Ransomware franchise and wish to give rise to...

The VINDOWS DEFENDOR Ransomware is a Screen Locker Trojan that demands a payment of 500 USD from the user to return access to the desktop. Computer security researchers reported the release of the VINDOWS DEFENDOR Ransomware in the last week of June 2017. The threat is believed to be based on the Levis Locker Ransomware considering both threats behave the same way and include the photo of the media creator LewissTechYT. Additionally, the VINDOWS DEFENDOR Ransomware sports a nearly identical message to the one we have seen with Levis Locker. PC users are advised to avoid spam emails and ask for confirmation when they are invited to run an insecure script inside Microsoft Word documents. Cyber security experts reported that the VINDOWS DEFENDOR Ransomware is designed to make an entry in the MSCONFIG panel and run on the next system boot...

The QuakeWay Ransomware is a file encoder Trojan that is written in the AutoIt programming language. Initial threat analysis showed that the QuakeWay Ransomware is used in attacks at regular PC users. You might be suggested to download an invoice and order confirmation form when browsing spam emails. The spam emails related to the QuakeWay Ransomware are reported to include a macro-enabled document which includes a script responsible for installing the QuakeWay Ransomware on the primary system disk. The QuakeWay Ransomware is classified as a mid-tier crypto malware that is ranked among threats like Schwerer Ransomware and UltraLocker Ransomware. The QuakeWay Ransomware does not differ from the majority of file encoder Trojans on the market. The program is designed to scan the infected PC for available data storage units, make a list of...

Here's a brief recap of what's happened in the top tier of the ransomware landscape over the last half a year or so. After dominating the industry for quite a while, Locky went on a long vacation in December 2016 and stayed under the radar for a few months. Cerber became the Number 1 ransomware family when it comes to widespread distribution, and although smaller strains like Spora and Shade tried to put up a fight, they had no chance. In April, Locky reared its ugly head once again, but the burst of spam turned out to be more of a cameo reappearance than a back-with-a-bang return. In May, Jaff, initially considered to be the rightful successor of Locky, popped up and infected quite a few people in a matter of hours, but its timing was awful. Twenty-four hours later, the WannaCry outbreak crippled hundreds of thousands of computers...

The 66.com.ua site is promoted as a cool search launcher based on the character Darth Vader from the Star Wars franchise. The 66.com.ua site features a minimalistic layout that offers a single search bar and a background image of Darth Vader looking with contempt for the Web user. The creator of the 66.com.ua portal is not known publicly, but we are aware that he/she have embedded a customized Yandex search on 66.com.ua. The Vader's Search ('Пошукова Машина Вейдера' in Russian) service is aimed at Russian-speaking users, but it supports 29 languages, most of which are spoken in Asia primarily. Additionally, the 'Vader66' site is promoted on forums and social media services favored in Russia actively. The 'Vader66' search portal at 66.com.ua is not perceived as a reliable search service provider. A closer look at the code of the page...

The WizzRelease software is associated with the Wizzcaster ads platform hosted on the bestoffersfortoday.com domain. The WizzRelease software was reported to be an adware by computer security researchers in June 2017. The bestoffersfortoday.com domain was mentioned in reports for browser redirects and excessive advertisement as early as February 2017. Evidently, the WizzRelease program is classified as an adware that is designed to connect to bestoffersfortoday.com and display marketing materials to the user. The WizzRelease adware may arrive on computers when the users install free software packages with the 'Express' and 'Typical' option. The WizzRelease adware is reported to install files in the following directories: C:\users\%username%\appdata\local\mbot_se_014010396\download\wizzrelease.exe C:\application data\local...

The 'Windows Health Is Critical' pop-up windows that feature a background colored in blue and mention an error code dubbed '0xFFFFFFF' should not be trusted. The 'Windows Health Is Critical' pop-up windows offer misleading information and aim to convince the users that they need help due to the critical condition of the computer. Computer security experts alert that the 'Windows Health Is Critical' warnings are not associated with legitimate problem reporting systems by Microsoft. When you experience a system crash, the OS will present you with a report and options on how to recover enclosed in a program window that is likely to include the term "Troubleshoot." The 'Windows Health Is Critical' warnings are generated by Web pages, which may include a script that makes your browser unresponsive by instructing it to reload a non-existent...

The Secure-surf.net site is promoted as a search engine that respects your privacy and offers access to popular services like Gmail, Google+, Facebook, Instagram and Amazon. However, the presentation of Secure-surf.net falls short when you look at the address bar and realize that the connection to the engine is unencrypted. Additionally, the site is styled after the default new tab in Google Chrome with several modifications. You should note that Secure-surf.net is not a domain associated with Google Inc. and it acts as a redirect-gateway to Rambler.ru and Yahoo. When a user initiates a search at Secure-surf.net two new tabs would open. One is loaded with content at Rambler.ru, and the other shows search results at Search.yahoo.com. Secure-surf.net is classified as an unreliable site that is associated with a browser hijacker. The...

The Smartyfi.net portal offers visitors access to a weather forecast suited to their geographical location. Web surfers may be asked to allow Smartyfi.net to detect their physical location accurately and show notifications in their browser. The Smartyfi.net site sports a bleak design, which may have been a decision intended to provide maximum performance. The Smartyfi.net site is represented by a blank page, which has a search bar on the right side and a weather forecast panel beneath the search bar. The panel at Smartyfi.net loads content based on your IP address automatically and does not allow the user to add more than one city or explore forecasts unrelated to your current location. You will need to use the search bar at Smartyfi.net and load services like accuweather.com if you need more information. Additionally, Smartyfi.net...

The aZaZeL Ransomware is an encryption Trojan that surfaced with computer security reports in the third week of June 2017. The aZaZeL Ransomware is programmed to modify files on the compromised system and suggest the user that the files can be recovered if payment is made to a particular Bitcoin address. The aZaZeL Ransomware is named after the 'azazel-bot@india.com' email account that was listed on the ransom notification. Malware researchers alert that the aZaZeL Ransomware may be installed via macro-enabled documents downloaded from spam emails. The threat is known to target regular PC users and small businesses. Once the aZaZeL Ransomware manages to encrypt your data, it is impossible to decode it because the Trojan is using advanced cryptographic algorithms and its data transmissions are encrypted as well. The aZaZeL Ransomware is...

Trojan.Bitcoinminer is a detection name that is used in reference to the file 'indexer.exe' that is used to mine the Feathercoin and the Bitcoin cryptocurrencies. The Trojan.Bitcoinminer program that runs as indexer.exe can be found in a hidden folder under the AppData directory. You should note that the software used to mine cryptocurrency is very demanding, requires a lot of computational power and has an increased electricity consumption. Consequently, machines equipped with a miner need to be sturdier than your average computer. Also, PC users that wish to mine Bitcoins and Feathercoins should read the appropriate documentation and know what they are going into. Threat actors use tools like the Trojan.Bitcoinminer and take advantage of the combined processing power of many computers to mine cryptocurrency and claim a fee for their...

The Jungle Arcade software from Junglearcade.com/games is promoted as a browser extension that offers free access to quality games on the Internet. The software is classified as a Potentially Unwanted Program (PUP) that is designed to modify your browser settings, load content from Junglearcade.com/games, load persistent tracking cookies and change your new tab page. The Jungle Arcade software is available to Google Chrome, Internet Explorer and Mozilla Firefox users. If you intend to install the Jungle Arcade extension, you should read the terms of use and privacy agreement at: junglearcade.com/Terms junglearcade.com/Privacy The Jungle Arcade program changes your new tab page to a custom version of Junglearcade.com and reads information like your Internet history, bookmarks collection and download log. The data is transmitted to...