Fake anti-virus programs are still among the most common types of online scams. Criminals continue to create fake anti-virus programs like System Care Antivirus in order to fool unsuspecting computer users into buying useless security software. These fake anti-virus programs are renamed and repackaged every few weeks, a pattern that has repeated itself consistently since their first appearance nearly a decade ago. Despite its name, System Care Antivirus is not actually an anti-virus program. In fact, it is the complete opposite; System Care Antivirus is a kind of malware infection commonly known as a rogue security program. System Care Antivirus is designed to cause problems on a...
Posted on April 9, 2013 in Rogue Anti-Virus Program
CIBS Pol Virus Description
The CIBS Pol Virus is a police ransomware Trojan that belongs to the Urusay family of malware. This police ransomware Trojan is classified as a Winlocker because it blocks access to the victim's computer by displaying a full-screen message that claims to be an alert from the police. CIBS Pol Virus is a well known scam that is in no way connected to the police force. Instead, the CIBS Pol Virus is used by criminals to scam inexperienced computer users so that they will hand over their money out of fear of prosecution, jail time and severe fines. If your access to your computer is blocked by the CIBS Pol Virus, ESG security researchers strongly advise against...
Posted on February 21, 2013 in Ransomware
MyStart is a browser hijacker that uses the MyStart by Incredibar toolbar and a browser hijacking component that forces its victims to visit the MyStart.Incredibar.com website. This website is a low-quality search engine that displays more advertisements than legitimate results. Even worse, several of MyStart's search results may lead computer users to websites containing malicious content. Although MyStart actually provides a supposed tool to remove this component from the victim's web browser, ESG security researchers recommend disregarding this component and instead removing MyStart with the help of a reputable anti-malware utility.
MyStart can refer to both the low-quality...
Posted on July 31, 2012 in Adware
Windows Active Guard is a malware program that belongs to the FakeVimes family of fake security software. Windows Active Guard carries out a common online scam that involves pretending to be a real security program in order to convince inexperienced computer users that they must pay for an expensive 'upgrade'. Since there are no real anti-malware capabilities on Windows Active Guard and it is, in reality, a malware infection itself, ESG malware researchers strongly recommend ignoring all of Windows Active Guard's warnings and removing this bogus security program with a reliable anti-malware application.
Windows Active Guard's Family of Rogue Security Programs
Posted on July 23, 2012 in Rogue Anti-Spyware Program
ESG security researchers have received reports of a ransomware infection, known as the FBI Moneypak ransomware, that targets computer users in the United States. The FBI Moneypak ransomware infection will claim that the victim's computer was involved in viewing child pornography and then demands payment of a 100 dollar 'fine' to be sent via MoneyPack. Of course, that a criminal charge as serious as child pornography would be punished with a mere 100 dollar fine is laughable. There is a reason for this, the FBI Moneypak ransomware is not really from the FBI. Rather, this message is actually part of a common malware scam.
The FBI Moneypak ransomware scam will use a Winlocker, that...
Posted on June 25, 2012 in Ransomware
The so-called Ukash Virus is a ransomware Trojan that receives its name because Ukash Virus requires that its victims use Ukash (a legitimate money transfer service) to transfer the ransom funds. This dangerous Trojan infection is composed of a Winlocker component that basically blocks access to the infected computer system, disabling access to the infected computer system's desktop, Task Manager, command line, Registry Editor and other services and applications. There are countless variants of the Ukash Virus, designed to target various different countries in Europe and North America. ESG malware analysts strongly advise against paying the ransom that this malware infection tries...
Posted on June 15, 2012 in Malware
Live Security Platinum is one of the many fake security programs in the WinWebSec family of malware. Although ESG security researchers have been following the WinWebSec family of malware for several years, Live Security Platinum is a relatively new variant first detected in 2012. Because of this, it is pivotal to ensure that your security software is fully updated. Like most fake security programs, Live Security Platinum is designed to induce PC users to purchase a worthless 'full version' of Live Security Platinum. To do this, Live Security Platinum will try to scare the computer user with a variety of fake error messages, pop-up alerts from the Taskbar and a convincing fake scan...
Posted on June 1, 2012 in Rogue Anti-Spyware Program
DNS Changer is a Trojan that is designed to force a computer system to use rogue DNS servers. Also, DNS Changer is being referred to as the Internet Doomsday Virus, Ghost Click Malware, DNS Changer Rootkit, DNS Changer Malware, DNS Changer Trojan, DNS Changer Virus, FBI DNS Changer or DNSChanger. A DNS Changer infection will typically have two steps, in order to reroute the infected computer’s traffic to these malicious DNS servers:
A DNS Changer malware infection will change the infected computer system’s settings, in order to replace the DNS servers to rogue DNS servers belonging to hackers or online criminals.
The DNS Changer malware infection will then try to...
Posted on November 25, 2011 in Trojans
Backdoor.Comdinter is a backdoor Trojan that opens a back door on the attacked PC. When launched, Backdoor.Comdinter creates the registry entry so that it can load automatically whenever Windows is booted. Backdoor.Comdinter strives to connect to Google.com for checking network connectivity. Backdoor.Comdinter connects to the particular location to receive commands. Backdoor.Comdinter enables cybercriminals to obtain remote unauthorized access and control of the affected computer system. Backdoor.Comdinter can collect the victimized PC user's sensitive details and transfer them to a distant server for evil intentions.
Posted on March 7, 2014 in Backdoors
W32.Nakcos is a virus that may execute harmful activities on the compromised PC. W32.Nakcos may copy itself from one PC to another. W32.Nakcos may download and install other malware threats on the infected computer system. W32.Nakcos is distributed via infected websites, malicious downloads, spam emails that carry malicious attachments, and other means. W32.Nakcos can obtain access and control of the computer user's confidential data and PC data. W32.Nakcos can violate the computer user's security and privacy.
Posted on March 7, 2014 in Viruses
Pum.Bad.Proxy is a proxy related virus which may harm the targeted PC. After installation on the computer system, Pum.bad.proxy may embed malevolent codes to make changes to system files and values. Pum.bad.proxy is launched whenever the PC is restarted. Pum.bad.proxy permits changes on the proxy settings. Pum.bad.proxy can corrupt files to slow down the PC. Pum.bad.proxy can block security software to evade detection and uninstallation. Pum.bad.proxy restricts computer users from Internet connection and shows non-stop pop-up ads and messages. Pum.bad.proxy can destroy Windows and distribute and install other malware infections on the computer system.
Posted on March 7, 2014 in Viruses
NextCoup is adware which may be downloaded from the Internet when the computer user downloads various freeware from suspicious download websites. NextCoup may result in a variety of system issues when it is downloaded and installed on the PC. The computer user may allow NextCoup to be downloaded on the PC when he is downloading other free software from the Internet, or he may download NextCoup inadvertently by not paying enough attention to the installation process of the free program. When the PC user downloads any free application from the Internet and does not read the download agreement carefully, he may not be aware of what other potentially unwanted apps may come bundled with the particular free tool he is downloading. Once downloaded and installed, NextCoup may display random pop-up ads and banners on the computer. NextCoup may take over the Web browser and result in annoying...
Posted on March 7, 2014 in Adware
blinkx Video Toolbar is a Web browser toolbar and plug-in that may change the default search and start pages and/or new tab windows on the computer system with Blinkx.com. In an effort to make a profit from search advertising, blinkx Video Toolbar may be generated not only to alter the default search service, involving the Web browser's built-in search box and address bar, but also to secure it so that it remains the default browser search service. blinkx Video Toolbar may commonly propagate and install itself on the PC through packaged offers of a variety of freeware. blinkx Video Toolbar is generated by blinkx and may embed a Browser Helper Object (BHO) to Internet Explorer. blinkx Video Toolbar may add functionality of the alternative error page such as 'Page Not Found'.
Posted on March 7, 2014 in Bad Toolbars
Adware.Icovalid is adware that may display random pop-up advertisements and banners on the computer when the PC user is visiting shopping related and social networking websites. The pop-up advertisements and banners shown by Adware.Icovalid may give PC users numerous discount coupons, sales, deals and offers. If the computer user clicks on the pop-up ads and banners delivered by Adware.Icovalid, it may unwillingly divert him to suspicious websites that may be commercial. Adware.Icovalid may be integrated into Internet Explorer, Mozilla Firefox and Google Chrome Web browsers while the computer user is installing freeware from unreliable download websites on the Internet. After installation on the computer system, Adware.Icovalid may change the default browser settings and modify the default start page, search engine and a new tab page with an unreliable website. Adware.Icovalid may...
Posted on March 7, 2014 in Adware
Yandex Toolbar, otherwise known as Yandex Elements, Yandex Community Toolbar, Yandex.Search 1.3, Yandex CY 0.1.2, Yandex.News and Yandex Slovari 0.11, is a potentially unwanted browser plug-in that provides additional features such as seeing the latest weather forecast, control traffic information, receive social network and new message notifications. Yandex Toolbar may circulate to PCs together with a variety of suspicious registry cleaners or through packaged free programs. After installation on the PC, Yandex Toolbar may embed its own toolbar on the Web browser menu and alter the default browser settings. Yandex Toolbar may repeatedly reroute PC users to the relevant websites Yandex.ru and SecurityStronghold.com and, thus, try to earn money from increased traffic of the website. Yandex Toolbar may also substitute the default homepage, search service or a new tab window with...
Posted on March 7, 2014 in Bad Toolbars
A.advertisernets.com is a questionable website, which may be associated with adware and browser hijackers that may modify search results in any major search engine and unwillingly redirect PC users to A.advertisernets.com and similar websites that may be designed for commercial intentions to probably make a profit from increased website traffic and ad clicks. Adware and browser hijackers linked to A.advertisernets.com may attempt to show unwanted pop-up advertisements and banners related to the computer user's browsing habits and gather the PC user's surfing information in order to transmit and use it for targeted marketing campaigns. After hijacking the Web browser, adware and browser hijackers may replace the default homepage and search provider with A.advertisernets.com, or open it in a new tab window.
Posted on March 7, 2014 in Browser Hijackers
A.Visadd.com is known to be an adware-related website that may display random pop-up advertisements and messages on the computer. A.Visadd.com may be related to security threats such as adware and browser hijackers that may lead to various unwanted computer problems. Security infections related to A.Visadd.com may usually spread and invade the computer system through bundled free programs that PC users can download on suspicious download websites from the Internet. If any malware threats linked to A.Visadd.com are installed on the PC, the Web browser may get forcibly rerouted to A.Visadd.com and similar unreliable websites. Adware and browser hijackers may also substitute the default homepage or search service with A.Visadd.com, or open it in a new tab window of the Web browser. PC infections pertaining to A.Visadd.com may add a relevant toolbar or other unwanted plug-ins, add-ons or...
Posted on March 7, 2014 in Browser Hijackers
'Police Department University Of California' Ransomware, otherwise known as 'Police Department University Of California' Ransomware Virus, is ransomware, which blocks targeted PCs in California, USA, and displays a bogus pop-up warning message 'Attention! Your computer has been locked for safety reasons listed below' generated and delivered by a 'Police' Ransomware Trojan. The deceitful pop-up notification of 'Police Department University Of California' Ransomware speaks on behalf of the the legal security authority and accuses victimized computer users of violation of certain laws of the USA. The scary pop-up warning message of 'Police Department University Of California' Ransomware threatens the attacked computer user with imprisonment for supposed cybercrime actions. The victimized PC user is urged to pay a fine of $200 via GreenDot Moneypack within 72 hours to restore access to...
Posted on March 7, 2014 in Ransomware
Jcp.drivermapping.net is a suspicious website, which may pose as a genuine and safe search engine. Jcp.drivermapping.net may be connected with adware and browser hijackers that may access the computer system packed with free software that can be downloaded from unreliable download websites on the Internet. Browser hijackers and adware linked to Jcp.drivermapping.net may be installed stealthily in Internet Explorer, Google Chrome or Mozilla Firefox Web browsers, and add an unwanted add-on, plug-in or browser extension. Adware and browser hijackers pertaining toJcp.drivermapping.net may substitute the default start page and default search service with Jcp.drivermapping.net, or open it as a new tab page. These security threats may also insert numerous sponsored links into search results in any major search engine. Sponsored links may unwillingly divert computer users to questionable...
Posted on March 6, 2014 in Browser Hijackers
RadSteroids is potentially unwanted program that may be installed onto the computer together with numerous free programs from the Internet. RadSteroids may display various unwanted pop-up ads and banners, which may contain a variety of offers, discount coupons and deals on the computer system. The pop-up ads shown by RadSteroids may urge the computer user to click on random pop-up advertisements and messages or the ones linked to his surfing habits. If the computer user clicks on these pop-up advertisements and messages, RadSteroids may continuously divert the PC user to questionable websites. RadSteroids may advertise suspicious websites, services and products. RadSteroids may also collect information about the PC user's browsing activity, search requests and websites visited. This data may be valuable for marketing campaigns, especially, delivering targeted ads and messages.
Posted on March 6, 2014 in Possibly Unwanted Program
Adware.Share Anything is adware which may be generated to earn money from clicks on advertisements and banners it may send to the PC user. Once installed on the PC, Adware.Share Anything may show a variety of unwanted messages, annoying pop-up advertisements or advertisements linked to the computer user's Web browsing habits. Adware.Share Anything may proliferate via infectious removable devices, spam emails including malicious attachments, file sharing websites on peer-to-peer networks and many other means. Adware.Share Anything may prevent the PC user from normal Internet surfing activity. Adware.Share Anything may be able to trace the computer user's online sessions and collect...
Posted on March 6, 2014 in Adware
ZeusVM is a Trojan that circulates to compromised PCs as a configuration file which is covered as a safe image. ZeusVM is a new variation of the banking Trojan known as ZeuS that attacks financial institutions. ZeusVM is generated to retrieve its configuration file from an image. ZeusVM retrieves a JPG image from a server alongside other components. An image is copied from the Internet, but with some additional code added into it. Through the use of steganography, the cybercrooks have added the malware configuration data to the image without making any harm to it. The fact that the configuration file is covered as an image has a variety of advantages, incorporating the fact that the malevolent code can evade security tools. A computer user, whose PC is used for hosting the file would likely not suspect that the image is, in fact, a component of an infectious operation.
Posted on March 6, 2014 in Trojans
Angler Exploit Kit is a hacking tool that is produced to search for Java and Flash Player vulnerabilities on the attacked PC and use them with the aim to distribute malware infections. Angler Exploit Kit commonly checks to see if the PC it is proliferating to has Java or Flash. If Angler Exploit Kit can't exploit Java or Flash, it delivers a remote control exploit (CVE-2013-0074) that affects Silverlight 5. Silverlight is a plug-in of Microsoft, which is the same as Adobe Flash, for streaming media on Web browsers, and is most likely most known for being used in a streaming video service of Netflix. This attack of Angler Exploit Kit could pose a serious security risk to the infected computer.
Posted on March 6, 2014 in Malware