The Cerber Ransomware is a ransomware infection that is used to encrypt the victims' files. The Cerber Ransomware adds the extension CERBER to every file that the Cerber Ransomware encrypts. After the Cerber Ransomware has encrypted some of the files of the victim, the Cerber Ransomware demands the payment of a ransom in exchange for the decryption key. According to Cerber Ransomware's ransom note, computer users have one week to pay the ransom amount before this amount is doubled. The Cerber Ransomware Contains an Audio Message As the Cerber Ransomware encrypts the victim's files, it creates TXT, HTML, and VBS files named 'DECRYPT MY FILES' with instructions on how to pay the Cerber Ransomware's ransom. These files are dropped on every folder that contains files that were encrypted by Cerber Ransomware. According to these ransom...

The WanaCrypt0r Ransomware is an encryption Trojan that features a worm-like attack tactic. The WanaCrypt0r Ransomware is recognized as one of the most threatening and widespread encryption Trojans up until May 12th, 2017. The WanaCrypt0r Ransomware managed to compromise more than hundreds of thousand systems across one hundred and forty countries on its first release to the real world. The brunt of the attack was taken by PC users in Russia and the National Healthcare System in Great Britain. The Trojan managed to block access to most of the computers connected to the National Healthcare System and nearly 70% of the cases that involve the WanaCrypt0r Ransomware are recorded in Russia....

The CryptoLocker Trojan is a ransomware infection that encrypts the victim's files. CryptoLocker may typically be installed by another threat such as a Trojan downloader or a worm. Once CryptoLocker is installed, CryptoLocker will search for sensitive files on the victim's computer and encrypt them. Essentially, CryptoLocker takes the infected computer hostage by preventing access to any of the computer user's files. CryptoLocker then demands payment of a ransom to decrypt the infected files. CryptoLocker is quite harmful, and ESG security analysts strongly advise computer users to use an efficient, proven and updated anti-malware program to protect their computer from these types of...

The Play-bar.net search aggregator is similar to Ultimate-search.net, and it is a questionable service that is promoted by a browser hijacker. The Play-bar.net site is operated by Blisbury LLP and features a small search bar, a weather forecast in the top right corner and a clock widget in the top left corner. Additionally, the Play-bar.net site may offer users to play Adobe Flash games on online gaming platforms likePrincess Games, GamesRockit and TikiArcade. The browser hijacker related to Play-bar.net is written with the purpose of diverting the Internet traffic of infected users to Play-bar.net and earn affiliate revenue. The Play-bar.net browser hijacker may modify your DNS settings and change your default search aggregator, homepage and a new tab to Play-bar.net. The Play-bar.net browser hijacker might edit your Windows Registry...

The Cerber3 Ransomware is a new version of a well-known ransomware Trojan. The Cerber Ransomware Trojan now uses a slightly different method during its attack. The main difference is that the files infected by the Cerber3 Ransomware can be identified through the use of .CERBER3 as the extension that identifies the files that have been encrypted in the attack. PC security analysts had observed a Cerber2 variant of this attack previously. This numbering system may indicate new versions of software, and threats are no exception. The appearance of the Cerber3 Ransomware indicates that the Cerber ransomware family is being developed and updated currently. The Cerber3 Ransomware and Possible Updates to this Threat The Cerber3 Ransomware was discovered recently, around the end of August of 2016. The Cerber3 Ransomware presents minor...

The DNS Unlocker is adware that has caught the attention of PC security researchers. Many computer users have been using programs like the DNS Unlocker to bypass region-locking components in online applications. The DNS Unlocker, in particular, has been advertised as a way for computer users to access Netflix for regions outside of their location. PC security analysts strongly recommend against this approach. There are numerous applications available that supposedly allow computer users to modify their IP or connect to certain websites that are blocked for certain regions. However, this is a common way for adware developers to distribute their low-level and mid-level threats. In several situations, it may be better to avoid using these types of components or looking for reputable options even if they are slightly more expensive than...

Tavanero.info is a bogus search engine that is associated with a PUP (Potentially Unwanted Program). Tavanero.info attempts to mimic the look and feel of the Google search engine to mislead computer users. Tavanero.info uses the Google logo colors in its layout and even includes the term 'GoogleTM Custom Search,' despite the fact that Tavanero.info has no affiliations with Google. Tavanero.info should be considered for what it is, a bogus search engine that may be used to expose computer users to potentially harmful online advertisements and content. There is no legitimate connection between Tavanero.info and Google, despite this fake search engine's claims. The Activities of Tavanero.info and Its Associated PUP Tavanero.info is linked to a type of PUP known as a browser hijacker, mainly because these components may be used to hijack...

If Tech-connect.biz start appearing as your homepage and search engine, this means that your computer is housing a browser hijacker. Then you wonder how it could have happened if wasn't you who introduced Tech-connect.biz on your machine. The answer is very simple; browser hijackers may be part of the installation of a free software you downloaded from the Web recently. This is a well-used method since the computer users may be in a hurry when installing the free program they need and instead of choosing 'Advanced' or 'Custom,' used the quickest installation method, skipping its EULA and additional details, giving the browser hijacker, adware, and PUPs, the permission to be installed unknowingly. Although not threatening, Tech-connect.biz may cause a series of inconveniences to the computer users, such as appending the argument...

The Zepto Ransomware is a variant of the Trojan Locky Ransomware. The Zepto Ransomware is designed to infect all versions of the Windows operating system, from Windows XP all the way to Windows 10. Ransomware Trojans like the Zepto Ransomware are especially threatening because, even if removed, the victim's files will still be inaccessible. Essentially, the Zepto Ransomware takes the victim's files hostage, encrypting them and demanding the payment of a ransom to decrypt them. Since the files encrypted by the Zepto Ransomware are impossible to recover without access to the decryption key, PC security analysts advise that computer users take immediate preventive measures to avoid becoming victims of this and similar ransomware Trojan attacks. The Files Encrypted by the Zepto Ransomware may be Lost Forever When the Zepto Ransomware is...

The CryptoWall Ransomware is a ransomware Trojan that carries the same strategy as a number of other encryption ransomware infections such as Cryptorbit Ransomware or CryptoLocker Ransomware. The CryptoWall Ransomware is designed to infect all versions of Windows, including Windows XP, Windows Vista, Windows 7 and Windows 8. As soon as the CryptoWall Ransomware infects a computer, the CryptoWall Ransomware uses the RSA2048 encryption to encrypt crucial files. Effectively, the CryptoWall Ransomware prevents computer users from accessing their data, which will be encrypted and out of reach. The CryptoWall Ransomware claims that it is necessary to pay $500 USD to recover the encrypted data....

RelevantKnowledge is software that exists in a moral grey area. RelevantKnowledge is widely considered spyware, because RelevantKnowledge will collect huge amounts of information about your Internet usage, and then use that information to put together even more information about you. That information is then sold, anonymously, either individually or as part of aggregate data. Given the way that RelevantKnowledge is installed on most computers, it is unlikely that most of those users are fully aware of the facts about RelevantKnowledge. What RelevantKnowledge is, and Where it Comes From RelevantKnowledge is a product of the company MarketScore, formerly called Netsetter. MarketScore...

DarkComet is a malware threat that has started to proliferate since the beginning of 2012. ESG security researchers have found that DarkComet is strongly associated with the conflict between political dissidents and the Syrian government. Basically, DarkComet is a full-fledged remote access Trojan (RAT), which allows a remote party to connect to the infected computer system and use it from afar. With full access to the victim's computer system, hackers can basically steal any information on the infected computer or use it for their own means. DarkComet uses a vulnerability in Skype, the popular online chat application, in order to spread. Whenever DarkComet's executable file runs, it connects to a server located in Syria from which DarkComet receives updates, instructions and the files DarkComet needs to take over the victim's computer...

There's a variant of the Zeus Trojan that has targeted banks and credit unions in the United States in October of 2012. This malware infection, known as the Gozi Trojan, has managed to steal sensitive data belonging to customers of important credit unions all around the United States. The Gozi Trojan attacks the targeted financial institutions' websites by inserting fields into the website in order to trick visitors into handing over their private information. The Gozi Trojan has affected at least thirty banks in the United States, often using fraudulent signatures in order to infiltrate secure networks. ESG security researchers have also observed the involvement of more than one hundred botnets in an effort to steal money using information stolen with the Gozi Trojan and transfer that money to offshore accounts. The criminals...

OnlineMapFinder is a potentially unwanted program (PUP) that is advertised at Free.onlinemapfinder.com/index.jhtml as a premium Web-app. The OnlineMapFinder application is developed by Mindspark Interactive Network, Inc. and is described at Free.onlinemapfinder.com/index.jhtml as "Maps, Driving Directions and more in one Chrome New Tab" briefly. The OnlineMapFinder application works as a browser extension/add-on that you can attach to Internet Explorer, Google Chrome, and Mozilla Firefox. You may find the OnlineMapFinder useful if you are traveling around the world with a laptop on your back. The OnlineMapFinder app may load exciting content from sources like Maps.nationalgeographic.com, Historicaerials.com, and Mapquest.com. OnlineMapFinder may be eliminated by going through the web browser add-ons and extensions menu to find and...

OZIP is a browser hijacker developed by Zoekyu Technologies Limited that may replace the homepage of affected computers with search.ozipcompresdsion.com/?oz=sp. and add the OZIP Serch 1.0.9 extension to the Google Chrome and Mozilla Firefox browsers. Affected computer users, instead of the desired search engine will get a New tab by OZIP. OZIP may enter a computer through the usual methods used by many browser hijackers present in the cyber space; bundled with free programs, included in email attachments, via corrupted websites, etc. OZIP may modificate your default search engine and homepage and lead you to compromised websites. Also, OZIP may gather information by monitoring the computer user's activities. Although the search results provided by OZIP are reliable, since they come from official search results, it is not recommended to...

The Counterflix software is advertised as an application that can allow users to load geo-restricted content from services like Hulu, Pandora and Netflix. PC users that live in countries like India, China, and Russia, where Internet censorship applies may be interested in installing Counterflix. The services provided by Counterflix are available through the app and the modification of your DNS configuration. The setup page for Counterflix can be found at Counterflix.com and users will need to edit their system settings to install the Counterflix correctly. You should note that the Counterflix software is provided on an “As-Is” basis and you will not receive support from its developers. Unfortunately, the makers of Counterflix do not provide contact information like a Facebook page or a Twitter account, which you may need in case of...

The Yeadesktop.com domain is presented to Web surfers as a search service that includes links to third-party service like LinkedIn, Netflix, Yahoo, YouTube and Facebook. Yeadesktop.com offers visitors access to curated collection of Web-based mini-games as well. The site may appeal to users of all ages, but you should take into consideration that Yeadesktop.com is supported by intrusive advertisements. Additionally, Yeadesktop.may be associated with a program with the same name ('Yeadesktop') that is mentioned in cases of browser hijacking. Computer users that are affected by the Yeadesktop browser hijacker have reported that their Internet browser loads Yeadesktop.com as the default start page and new tab. We have detected that a program with the name 'Yeadesktop' may be delivered to PC users via free software bundles and make...

The Luckysite123.com domain has been linked to Web browser redirects that may be caused by browser hijackers, Potentially Unwanted Programs (PUPs), adware, and various other parasites or low-level threats. The Luckysite123.com website is designed to impersonate a legitimate search engine, as well as offer various other supposed features. The Luckysite123.com layout is designed to mimic Google, Yahoo, Bing, and other legitimate search websites. However, the real purpose of Luckysite123.com may not be the delivery of legitimate search results. Rather, Luckysite123.com may be designed to expose computer users to advertising material and keep tabs on their online searches and activity. Furthermore, the way in which computer users may be forced to visit and use Luckysite123.com against their will may make these websites problematic. How a...

Here's a brief recap of what's happened in the top tier of the ransomware landscape over the last half a year or so. After dominating the industry for quite a while, Locky went on a long vacation in December 2016 and stayed under the radar for a few months. Cerber became the Number 1 ransomware family when it comes to widespread distribution, and although smaller strains like Spora and Shade tried to put up a fight, they had no chance. In April, Locky reared its ugly head once again, but the burst of spam turned out to be more of a cameo reappearance than a back-with-a-bang return. In May, Jaff, initially considered to be the rightful successor of Locky, popped up and infected quite a few people in a matter of hours, but its timing was awful. Twenty-four hours later, the WannaCry outbreak crippled hundreds of thousands of computers...

The 66.com.ua site is promoted as a cool search launcher based on the character Darth Vader from the Star Wars franchise. The 66.com.ua site features a minimalistic layout that offers a single search bar and a background image of Darth Vader looking with contempt for the Web user. The creator of the 66.com.ua portal is not known publicly, but we are aware that he/she have embedded a customized Yandex search on 66.com.ua. The Vader's Search ('Пошукова Машина Вейдера' in Russian) service is aimed at Russian-speaking users, but it supports 29 languages, most of which are spoken in Asia primarily. Additionally, the 'Vader66' site is promoted on forums and social media services favored in Russia actively. The 'Vader66' search portal at 66.com.ua is not perceived as a reliable search service provider. A closer look at the code of the page...

The WizzRelease software is associated with the Wizzcaster ads platform hosted on the bestoffersfortoday.com domain. The WizzRelease software was reported to be an adware by computer security researchers in June 2017. The bestoffersfortoday.com domain was mentioned in reports for browser redirects and excessive advertisement as early as February 2017. Evidently, the WizzRelease program is classified as an adware that is designed to connect to bestoffersfortoday.com and display marketing materials to the user. The WizzRelease adware may arrive on computers when the users install free software packages with the 'Express' and 'Typical' option. The WizzRelease adware is reported to install files in the following directories: C:\users\%username%\appdata\local\mbot_se_014010396\download\wizzrelease.exe C:\application data\local...

The 'Windows Health Is Critical' pop-up windows that feature a background colored in blue and mention an error code dubbed '0xFFFFFFF' should not be trusted. The 'Windows Health Is Critical' pop-up windows offer misleading information and aim to convince the users that they need help due to the critical condition of the computer. Computer security experts alert that the 'Windows Health Is Critical' warnings are not associated with legitimate problem reporting systems by Microsoft. When you experience a system crash, the OS will present you with a report and options on how to recover enclosed in a program window that is likely to include the term "Troubleshoot." The 'Windows Health Is Critical' warnings are generated by Web pages, which may include a script that makes your browser unresponsive by instructing it to reload a non-existent...

The Secure-surf.net site is promoted as a search engine that respects your privacy and offers access to popular services like Gmail, Google+, Facebook, Instagram and Amazon. However, the presentation of Secure-surf.net falls short when you look at the address bar and realize that the connection to the engine is unencrypted. Additionally, the site is styled after the default new tab in Google Chrome with several modifications. You should note that Secure-surf.net is not a domain associated with Google Inc. and it acts as a redirect-gateway to Rambler.ru and Yahoo. When a user initiates a search at Secure-surf.net two new tabs would open. One is loaded with content at Rambler.ru, and the other shows search results at Search.yahoo.com. Secure-surf.net is classified as an unreliable site that is associated with a browser hijacker. The...

The Smartyfi.net portal offers visitors access to a weather forecast suited to their geographical location. Web surfers may be asked to allow Smartyfi.net to detect their physical location accurately and show notifications in their browser. The Smartyfi.net site sports a bleak design, which may have been a decision intended to provide maximum performance. The Smartyfi.net site is represented by a blank page, which has a search bar on the right side and a weather forecast panel beneath the search bar. The panel at Smartyfi.net loads content based on your IP address automatically and does not allow the user to add more than one city or explore forecasts unrelated to your current location. You will need to use the search bar at Smartyfi.net and load services like accuweather.com if you need more information. Additionally, Smartyfi.net...

The aZaZeL Ransomware is an encryption Trojan that surfaced with computer security reports in the third week of June 2017. The aZaZeL Ransomware is programmed to modify files on the compromised system and suggest the user that the files can be recovered if payment is made to a particular Bitcoin address. The aZaZeL Ransomware is named after the 'azazel-bot@india.com' email account that was listed on the ransom notification. Malware researchers alert that the aZaZeL Ransomware may be installed via macro-enabled documents downloaded from spam emails. The threat is known to target regular PC users and small businesses. Once the aZaZeL Ransomware manages to encrypt your data, it is impossible to decode it because the Trojan is using advanced cryptographic algorithms and its data transmissions are encrypted as well. The aZaZeL Ransomware is...

Trojan.Bitcoinminer is a detection name that is used in reference to the file 'indexer.exe' that is used to mine the Feathercoin and the Bitcoin cryptocurrencies. The Trojan.Bitcoinminer program that runs as indexer.exe can be found in a hidden folder under the AppData directory. You should note that the software used to mine cryptocurrency is very demanding, requires a lot of computational power and has an increased electricity consumption. Consequently, machines equipped with a miner need to be sturdier than your average computer. Also, PC users that wish to mine Bitcoins and Feathercoins should read the appropriate documentation and know what they are going into. Threat actors use tools like the Trojan.Bitcoinminer and take advantage of the combined processing power of many computers to mine cryptocurrency and claim a fee for their...

The Jungle Arcade software from Junglearcade.com/games is promoted as a browser extension that offers free access to quality games on the Internet. The software is classified as a Potentially Unwanted Program (PUP) that is designed to modify your browser settings, load content from Junglearcade.com/games, load persistent tracking cookies and change your new tab page. The Jungle Arcade software is available to Google Chrome, Internet Explorer and Mozilla Firefox users. If you intend to install the Jungle Arcade extension, you should read the terms of use and privacy agreement at: junglearcade.com/Terms junglearcade.com/Privacy The Jungle Arcade program changes your new tab page to a custom version of Junglearcade.com and reads information like your Internet history, bookmarks collection and download log. The data is transmitted to...

The GoPlay Search browser extension is a product by the same team who created the Videodrome Search extension. The GoPlay Search program is developed by a team of programmers associated with the bettersearchtools.com site. The bettersearchtools.com site appears to be the homepage for a dozen extensions on the Chrome Web Store including Better Search Tools, bestMovies Search Plus, Videodrome Search and betterMovies Home. Additionally, the GoPlay Search software has a clone named justPlay Search, which supports the same functionality and connects to the same sites, but it has a separate page on the Chrome Web Store. Both versions of GoPlay Search are classified as Potentially Unwanted Programs (PUPs) that are ad-supports products by bettersearchtools.com. The GoPlay Search (a.k.a. justPlay Search) extension and its clone can be found on...

The CloudExtender software is classified as an adware that you may install with a free program bundle if you forget to explore the 'Advanced' and 'Custom' options. The CloudExtender adware places a virtual layer between the user and the loaded site, which enables the app to display promotional images, banners, play video/audio commercials, redirect the user to third-party sites and show pop-up windows. Computer security experts note that the content provided via the CloudExtender adware may include links to fake lotteries, prizes on Facebook, coupons, and discounts at reputable stores like Amazon and Walmart. The CloudExtender program is not your typical adware considering that it is reported to perform multiple browser redirects every time the user starts an online session. Apparently, the CloudExtender adware may edit the shortcut...

The 'Critical Chrome Update' pop-up alerts that you may notice in Google Chrome and other browsers are not legitimate notifications by Google Inc. about updates regarding their browser. The 'Critical Chrome Update' notifications may include the Google Chrome logo and originate on a page that supports HTTPS connection, but it does not mean that it is safe to download the proposed update. Modern-day browsers support automatic updates and do not use pop-up windows from sites like 'oolidvagrantup.com' to invite the user to take action. Companies like the Mozilla Foundation, Google Inc., Microsoft Corp and many others rely on an automated system to push updates fast, securely and reliably. Do not trust the 'Critical Chrome Update' warnings on your screen. If the browser fails to install new updates, an exclamation mark icon would appear in...

The Search.heasyspeedtest.co site is associated with yet another clone of the Test My Speeds that comes under the name of Easy Speed Test. Both programs come from the same developer—Polarity Technologies Ltd. and offer the same functionality. However, Test My Speeds changes the user's browser settings to Search.testmyspeeds.co while the Easy Speed Test browser extension changes the new tab, start page and search to Search.heasyspeedtest.co. Regardless of the small differences, the Easy Speed Test extension offers access to the same Internet speed tool at openspeedtest.com, which is embedded into Search.heasyspeedtest.co as a widget. You may be interested to know that Polarity Technologies Ltd. is not a partner of openspeedtest.com and the service has its own extension named Internet Speed Test by openspeedtest.com, which can be...

The TeslaWare Ransomware is a general detection name associated with a RaaS (Ransomware-as-a-Service) platform being sold on the Black Market online. Cyber security researchers alerted of the TeslaWare Ransomware campaign going live in the third week of June 2017. Evidently, access to the source-code for the TeslaWare RaaS is sold for prices that range from 35 EUR (39) to 70 EUR (78 USD). Wannabe-cyber-extortions are welcomed to buy the TeslaWare Ransomware and make modifications to its appearance, behavior, and functionality. The TeslaWare Ransomware is one of the many RaaS platforms to emerge in the first half of 2017, which includes names like the Ranion Ransomware and the FileFrozr Ransomware. However, the TeslaWare Ransomware appears to be a work-in-progress RaaS considering the encrypted data can be recovered. Compromised users...

The Xmrig32.exe file is associated with the mining of the Monero cryptocurrency. The Xmrig32.exe file serves as the primary process for the Monero currency miner, which is available for free download online. The XMRig (Xmrig32.exe) software is deemed as a Potentially Unwanted Program (PUP) that allows users to facilitate Monero transactions using their machines and claiming a percentage of the money transfers. The XMRig program is a very resource-hungry application that requires a lot of computational power. The activity of the XMRig Monero miner (Xmrig32.exe) might need more than 80% of the CPU and GPU resources on the system. The XMRig Monero miner supports computation with CPU and GPU dedicated resources as the currency transactions are packed as small data packets, but their number is significant. Running the XMRig Miner...