‘855-442-0666’ Pop-Ups

The '855-442-0666' pop-up alerts that may appear on your screen while surfing the Internet should be ignored. The '855-442-0666' messages are associated with compromised pages, phishing pages, and fake computer support services. Cyber security researchers report that the '855-442-0666' messages are known to be hosted on compromised sites and untrusted domains. The '855-442-0666' pop-up windows are used to direct users to call toll-free phone lines like 855-442-0666 and ask for a computer technician to take a look at their systems. Web surfers may be suggested that they can find help from a certified Apple/Microsoft support agent by calling the 855-442-0666 phone number listed on the '855-442-0666' warning. However, we strongly advise against following the instructions shown on your screen. The '855-442-0666' phone line is not...

Posted on April 25, 2017 in Adware

Search.hr

Search.hr is presented to Web surfers as a search service that employs the same color scheme you may be familiar with on Google.com. The Search.hr site is not associated with Google Inc. and appears to be an independent service that is provided by a company under the name of Cro-bit Ltd. Search.hr is not a real search engine and it functions as a redirect-gateway to Search.yahoo.com where users will find links to resources and services by Yahoo. Computer users reported cases of browser hijacking that involved the Search.hr site, which was loaded as the default start page, new tab page and search provider. Affected users may have installed a free program that was developed in partnership with Cro-bit Ltd. The company is involved in Web development, Internet marketing, computer repair and mobile phone development. Free software...

Posted on April 25, 2017 in Browser Hijackers

JeepersCrypt Ransomware

The JeepersCrypt Ransomware is a ransomware Trojan that con artists use to force computer users to pay large amounts of money. To do this, the JeepersCrypt Ransomware will encrypt the victim's files using a strong encryption algorithm. The JeepersCrypt Ransomware is being used in attacks against computer users in Brazil and other countries in South America. This conclusion comes from the spam email campaign that is being used to spread the JeepersCrypt Ransomware, which impersonates email messages from companies working in these regions. The spam email campaign will use corrupted email attachments that use compromised scripts to download and install the JeepersCrypt Ransomware on the victim's computer. These scripts will use some exploit or pop-up to trick computer users into allowing the JeepersCrypt Ransomware to bypass UAC (User...

Posted on April 25, 2017 in Ransomware

Shifr Ransomware

The Shifr Ransomware is a threat that is designed to encrypt the victims' data, making it inaccessible. This is done by these Trojans to force victims to pay a ransom to recover the affected data. After encrypting the victim's files, the Shifr Ransomware delivers a ransom note in the form of an HTML file named 'HOW_TO_DECRYPT_FILES,' demanding that the victim pays 0.1 BitCoin (approximately $130 USD at the current exchange rate) if they ever want to recover their files. Malware Trojans like the Shifr Ransomware use strong encryption algorithms such as the RSA 2048 and AES 256 encryptions to make the victim's files inaccessible to anyone without the decryption key. There was a marked rise in the number of ransomware Trojan attacks since 2015 and the sophistication of these threats. You can't Access the Files Compromised by the Shifr...

Posted on April 25, 2017 in Ransomware

‘Important Security Alert From Windows’ Pop-Ups

The 'Important Security Alert From Windows' pop-up windows that users may experience at 4xt-setup.win should not be trusted. The 4xt-setup[.]win domain is part of a network of sites that are used to promote computer support services on the 866-995-5065 phone line. However, the 866-995-5065 phone line is not associated with a legitimate company. The services advertised via the 'Important Security Alert From Windows' are provided by con artists who pretend to be employees at Microsoft Corp. and offer help to users who can't remove the 'Important Security Alert From Windows' alerts. The warnings on your screen may be loaded by a browser hijacker that has entered your system. Also, Web surfers may be redirected to pages like 4xt-setup[.]win that are designed to cause navigation problems and suggest the users that their PCs may be infected...

Posted on April 24, 2017 in Browser Hijackers

‘Windows 7 Support – Case ID’ Pop-Ups

The 'Windows 7 Support – Case ID' pop-up windows in the browser that refer to the (844)-624-2338 phone line should not be perceived as security alerts by Microsoft. The 'Windows 7 Support – Case ID' alerts are classified as fake security warnings that are designed to look as though they are delivered by the Microsoft Copr. to your screen. We have received reports that the 'Windows 7 Support – Case ID' messages may be displayed via pages like: browseclean[.]bid browseclean[.]space/Final-Notice/tito2.php# nimbleland.co[.]in/bb/www.usaa.com.inetent_logon-signon/home/pin.php realtimescan.flu[.]cc stop-immediately[.]club system-error-found.flu[.]cc/5mp-can-not-proceed/ag2lbxv5M.php The domains listed above are registered to the 108.167.146.95 IP address and have been found to host images, text, audio, and videos that are used for the...

Posted on April 24, 2017 in Browser Hijackers

‘Firewall Detected Suspicious Network Connections’ Pop-Ups

The 'Firewall Detected Suspicious Network Connections' pop-up windows that say Microsoft has detected "suspicious" activity on your machine are not legitimate security warnings. The 'Firewall Detected Suspicious Network Connections' messages might feature the Microsoft Corp. logo and appear as custom pages on Support.microsoft.com but you should not call the phone numbers listed on your screen. The 'Firewall Detected Suspicious Network Connections' notifications are used to lure users into calling toll-free phone lines that are operated by con artists. The operators associated with the 'Firewall Detected Suspicious Network Connections' notifications might claim they are certified Microsoft technicians who can help you remove the virus that is the reason for the 'Firewall Detected Suspicious Network Connections' pop-up. Security experts...

Posted on April 24, 2017 in Adware

Adblocker For Youtube

The Adblocker For YouTube (also known as 'Clean YouTube') extension claims to do what its name suggests—block ads that are placed on videos at YouTube.com. Web surfers that favor the YouTube video platform due to its large user-base and quality content providers may be interested in blocking aggressive advertisements that some channels may incorporate in their video products. Many users may not like the sponsored commercials and search results on YouTube and seek to install the Adblocker For YouTube extension. The Adblocker For YouTube app is not associated with the projects uBblock Origin and AdBlock Pro, which many perceive as the "industry leaders." We have received reports that the Adblocker For YouTube is not doing its job and some ads may lack information on their source, which suggests that adware on the system may generate...

Posted on April 24, 2017 in Possibly Unwanted Program

Microcosm New Tab

The Microcosm New Tab extension that you may install with a free software bundle choosing the 'Express' option is deemed as a Potentially Unwanted Program (PUP). The developer of the Microcosm New Tab extension designed the app to substitute the default new tab and start page on Google Chrome. Moreover, the Microcosm New Tab app's icon is identical to the 'Homepage' icon on Google Chrome and users need to hover over it to distinguish both buttons. Needless to say, if the users install the Microcosm New Tab extension with a software package they may wonder why the start and new tab pages look different. The official page of Microcosm New Tab can be found at microcosmtab.com, and the Web store page can be found at chrome.google.com/webstore/detail/microcosm-new-tab/nagnmfhgkjkplbhplkbicmpkfopmnefp. The developer of the program advertises...

Posted on April 24, 2017 in Possibly Unwanted Program

Search.searchquicks.com

The Search.searchquicks.com site is presented to Web surfers as a free search service that provides search results via a customized Yahoo engine. Search.searchquicks.com is not among the Top 10 or the Top 20 search services on the Web, and many users may not be familiar with Search.searchquicks.com. The portal is associated with the 'Quick Search' browser extension that is a product of Eightpoint Technologies Ltd. which you may know for apps like Easy Television Access and Directions Express. The generic name of the 'Quick Search' extension may be intended to fool users into thinking that it is part of their browser's native features. The Eightpoint Technologies Ltd. is known to participate in the development of an ad-supported program, which aims to reroute users to unreliable search engines. The 'Quick Search' app is not an...

Posted on April 21, 2017 in Browser Hijackers

Yousearch.io

The Yousearch.io site is offered to users as a search service with a clean and straightforward interface. The Yousearch.io site does not provide ownership information, and there is no company name listed on any of its pages. Also, the news and image search functionality does not work. Only the text and video search are somewhat operational. If you are looking to change your primary search provider to Yousearch.io there are better alternatives. The Yousearch.io service is an ad-supported portal, and it is designed to pull results from a limited number of pages when you type keywords that are listed on yousearch.io/get/index. The connection to Yousearch.io is encrypted by default but that does not mean the results shown on Yousearch.io are clean. The portal does not appear to partner with initiatives like the Google Safebrowsing, Mozilla...

Posted on April 21, 2017 in Browser Hijackers

AES-NI Ransomware

The AES-NI Ransomware is a ransomware Trojan that seems to be associated with the use of NSA exploits leaked by the hacking group Shadow Brokers. According to tweets released by the AES-NI Ransomware's creator, a Windows server vulnerability was used to install the AES-NI Ransomware, a low-quality ransomware Trojan. There is one thing clear about these claims; the AES-NI Ransomware has been responsible for numerous attacks in April 2017. Between April 10 and April 22 the detection of the AES-NI Ransomware has been at about 0 to 5 infected systems every day, with more than 100 victims by the end of the measurement period. This spike in infections seems to coincide with the leak of Windows exploits. However, PC security researchers consider that these exploits are not being used to deliver the AES-NI Ransomware, regardless of the con...

Posted on April 21, 2017 in Ransomware

NetSurf Ads

Computer users that find themselves redirected to sites like shopmania.ro and experience ads that feature the slogan 'Powered by NetSurf' may have installed an adware-powered extension. The ads brought by NetSurf may include offers from other online stores and suggest users subscribe to premium services. The NetSurf adware can be found at net-surf.browser-repo[.]net/bg/install, where it is promoted as a benign shopping extension. The NetSurf app has a page on the Chrome Webstore that you can find at chrome.google[.]com/webstore/detail/net-surf/dfloejogjogbalabpfaiiionlclpkekk, but most of the installations related to NetSurf are performed with a free software bundle that many users may handle with the 'Express' and 'Typical' option. The NetSurf adware belongs to the Adware.Price Fab family of programs, which are marketed as shopping...

Posted on April 21, 2017 in Adware

Tf.org

The Tf.org site is the home page for a customized search powered by Yandex that has the name 'The First.' The page on Tf.org does not provide ownership information and 'The First' search service appears to be aimed at Web surfers based in Russia. The Tf.org site is not classified as a reliable search provider and 'The First' service is designed to provide sponsored search results generated with the Yandex.Direct platform. Tf.org is associated with cases of browser hijacking where users are redirected to Tf.org automatically. The Tf.org browser hijacker may run as an add-on, extension and a Browser Helper Object that is listed as 'The First' in your Add-ons/Extensions Manager. The Tf.org browser hijacker behaves like adware and may read your Internet history, downloads log, and software configuration to display targeted commercial...

Posted on April 20, 2017 in Browser Hijackers

Googlescan.ru

The Googlescan.ru domain is deemed as untrusted because it is related to a browser hijacker and phishing portals that are clones of icloud.com, which is the iCloud platform by Apple Inc. The Googlescan.ru site is presented to users as a search service that is powered by a customized Google engine. However, the custom search at Googlescan.ru may redirect users to phishing pages and limit their searches to a defined list of sites. We have found that the browser hijacker associated with Googlescan.ru is aimed at Web surfers based in Russia. The Googlescan.ru browser hijacker may travel in the company of free programs like AIMP3 and Light Alloy Player that are developed by teams of Russian programmers. The Googlescan.ru browser hijacker may run as a background app and change your settings in Google Chrome, Yandex Browser and Mozilla...

Posted on April 20, 2017 in Browser Hijackers