PornoPlayer is responsible for a malware application that locks the infected computer. The malware (sometimes called "ransomware" because it does nothing but hold the computer hostage) is entirely in Russian, and was created in order to scam Russian PC users. Therefore, most PC users outside of Russia will have absolutely no idea what the malware is demanding, making PornoPlayer especially frustrating to try to remove. What PornoPlayer is, and what PornoPlayer does to an Infected PC The ransomware itself does not really have an agreed-upon name in English, aside from being referred to as PornoPlayer. Various security software companies and anti-malware researchers have different names for the malware, including Blue Trash, Porno Player, WinAD, Homoblocker, and the generic names Trojan.Ransom and Trojan.Ransomware. PornoPlayer is a...

Posted on July 24, 2009 in Trojans


Trojan.Delf is a threat that intercepts the Internet traffic and compromises the system security in a big way. If the computer users encounter this Trojan on their systems, they should keep in mind that there may be other threats on their machine as well. Trojan.Delf is often installed by other threats on the targeted computers, but it also can be a product of a drive-by download under the file name 'bot_unencrypted.exe.' When Trojan.Delf finds its way onto a computer, it changes its name once the installation is complete. The Trojan.Delf infection ends up being installed in the System32 folder, where it creates a copy of itself bearing the name WtiSysST.exe. Trojan.Delf is then installed as a system drive in an attempt to avoid detection by the usual security products. Trojan.Delf also modifies a Registry sub-key, making it start...

Posted on July 24, 2009 in Trojans


Many computer users have reported that their security software has detected a VirTool.Obfuscator.EK or VirTool:JS/Obfuscator.EK infection. However, whenever they try to remove VirTool.Obfuscator.EK their anti-malware programs may crash, freeze or display error messages. This is the purpose of VirTool.Obfuscator.EK, a Java Script threat that is used to prevent the detection and removal of other threats. This is known as obfuscation and is an important weapon in the cybercrooks' arsenals. If your anti-malware software indicates the presence of VirTool.Obfuscator.EK on your computer, this may indicate that there are other threats present on your computer. VirTool.Obfuscator.EK may be linked to a variety of threats, ranging from adware and Potentially Unwanted Programs to severe rootkit infections. One of the main reasons why...

Posted on July 24, 2009 in Trojans


Troj/Agent-KQH (also known as Trojan.Win32.Agent.kqh) is a trojan virus that masquerades as a legitimate or useful program in order to gain access to a computer. Once active, Troj/Agent-KQH may begin monitoring and recording keystrokes, gathering information on usernames, passwords, and personal and financial data that is periodically sent to an unauthorized user remotely. Troj/Agent-KQH also downloads additional malware onto the compromised system.

Posted on July 24, 2009 in Trojans


Packed.Generic.228 is a detection method for encrypted files that may attempt to hide from antivirus programs in order to escape identification. Packed.Generic.228 may also download additional malware onto the compromised computer. It is best to remove Packed.Generic.228 as soon as possible.

Posted on July 24, 2009 in Trojans

Spy Sniper

Spy Sniper is a missleading program that uses vigorous tactics for deception that leads to the purchase of a full Spy Sniper application. Spy Sniper pretends to be a security application that is able resolve computer issues. Spy Sniper, after installed, is known to display fake popup messages and perform system scans that display several falsified results. Spy Sniper comes from either a malicious website or Trojan horse that is sometimes download through a fake video codec. Removal of Spy Sniper is recommended to be performed to eliminate the risk of damage to your system.

Posted on July 23, 2009 in Misleading Programs is a browser hijacker promoting the distribution of the rogue anti-spyware application known as Personal Antivirus. Due to affiliated trojans infiltrating the computer via security exploits and modifying the browser settings, web-surfing activities are redirected to the domain. Once here, the computer is subject to a fake online scan that displays fictitious and sometimes grossly exaggerated infection results, all in order to intimidate the user into purchasing the fake spyware remover Personal Antivirus.

Posted on July 23, 2009 in Rogue Websites


Troj/Agent-KPU (also known as Trojan.Agent.KPU) is a keylogger Trojan that typically infiltrates a computer through manual means or via malicious websites, appearing as something entirely different. Troj/Agent-KPU modifies registry files in order to begin running every time Windows starts up. Once this is done, Troj/Agent-KPU monitors usernames, passwords and financial data entered into the compromised computer and sends this information to a remote web site.

Posted on July 23, 2009 in Trojans


Bloodhound.Exploit.262 is a detection method used to detect malicious files that may attempt to exploit weaknesses in security software in order to allow malware to gain access to a computer. This should be removed as soon as possible.

Posted on July 23, 2009 in Trojans


Packed.Generic.186 is a detection method for encrypted files that may attempt to hide from antivirus programs in order to escape identification. Packed.Generic.186 may also download additional malware onto the compromised computer. It is best to remove Packed.Generic.186 as soon as possible.

Posted on July 23, 2009 in Trojans


Nethood.htm is a file used by Feldor. Feldor is a virus that attempts to provide an unauthorized user remote access to the compromised computer system, by modifying the computer configuration. This may lead to identity theft, or additional malware being downloaded onto the system.

Posted on July 23, 2009 in Viruses

Recent Twitter Breach Raises Security Concerns for Los Angeles's Plan to Use Google Apps

Security concerns over a multimillion dollar proposal have been raised by Los Angeles Officials in regards to internet based services for confidential government information including police records and email. It would appear that the recently reported attack on Twitter personnel, which resulted in the theft of over 300 private documents, has reached the ears of Los Angeles officials. They are now questioning their decision to move government e-mail and other records onto Google's hosted Web service Google Apps. "Anytime you go to a Web-based system, that puts you just a little further out than you were before," LA City Councilman Tony Cardenas told The Associated Press. "Drug cartels would pay any sum of money to be aware of our progress on investigations." It was just in May that the Twitter breach occurred. The impact of the whole...

Posted on July 22, 2009 in Computer Security

Fake "Novel H1N1 Flu Situation Update" File Drops Troj/Agent-KPU on PCs

With the Swine Flu H1N1 pandemic still ongoing, otherwise known as H1N1 influenza A, it is no surprise that malware creators are taking advantage of its global panic as another fear tactic to continue infecting computer users with malware. There have been numerous attempts to lead Internet users astray by playing on their fears regarding the sickness. Now there is yet another malware directly exploiting the current medical media buzz. Searching the Internet for information on the influenza strain in question will undoubtedly lead you to a file called "Novel H1N1 Flu Situation Update". Opening this file will reveal a Word document plastered with basic data and diagrams discussing the Swine Flu pandemic. Unfortunately, while you are busy reading through the information supplied in this Word document, an electronic infection is now...

Posted on July 22, 2009 in Computer Security


Olhrwef.exe is a backdoor trojan infiltrates a system with veritable ease and typically without the user being aware of the intrusion. Olhrwef.exe allows an unauthorized user remote access to the compromised computer. This may lead to identity theft and the loss of personal and financial information.

Posted on July 22, 2009 in Backdoors


Windowsclick, also known as, is a tracking cookie that may allow unauthorized third party users access to browser activity. Windowsclick is installed onto the system through gambling and pornographic-related adult websites.

Posted on July 22, 2009 in Cookies