JiSuZip

The JiSuZip program is aimed at Chinese users, but it may find its way to non-Chinese users thanks to its extensive network of partners. The JiSuZip program appears to be an archive manager that comes bundled with an Internet plug-in dubbed 'MaohaWiFi.' PC users that are interested in using a free archive manager may install the MaohaWifi/JiSuZip package. However, the JiSuZip program is known to support a Chinese version only and lacks an uninstaller file. The 'MaohaWiFi' module acts as a WiFi networks manager, which may attempt to substitute your default WiFi utility. The JiSuZip program may modify the Registry and become the default app to open RAR and ZIP files on Windows. The JiSuZip makes an entry on the MSCONFIG panel and starts when you boot into Windows. The same operation is performed by MaohaWiFi, and you may be invited to...

Posted on June 20, 2017 in Possibly Unwanted Program

RabboLock Ransomware

The RabboLock Ransomware is an encryption ransomware Trojan that is used to carry out attacks against computer users. The RabboLock Ransomware infects computers running the Windows operating system and, like most encryption ransomware Trojans, the RabboLock Ransomware is designed to take the victims' files hostage and then demand the payment of a ransom. The RabboLock Ransomware seems to target computer users located in Denmark specifically. The RabboLock Ransomware will Mark the Encrypted Files The RabboLock Ransomware carries out a sophisticated encryption attack that involves encrypting the victims' files with a strong encryption algorithm. The RabboLock Ransomware will mark the files compromised in the attack with the file extension '.R4bb0l0ck,' which is added to the end of each file's name. The most common way in which the...

Posted on June 20, 2017 in Ransomware

Facebook Ransomware

There is no real relationship between the Facebook Ransomware and Facebook. The Facebook Ransomware is not delivered via Facebook or use any theme related to Facebook in its attack. Mainly, the Facebook Ransomware receives its name because its main executable seems to be named 'facebook.exe' and the Facebook Ransomware marks the files it encrypts in its attack with the file extension '.facebook.' The Facebook Ransomware carries out a typical ransomware Trojan attack by encrypting the victims' files and then demanding the payment of a ransom to provide the means to recover from the attack. Another Respected Social Network's Name Used by Extortionists The Facebook Ransomware is a typical encryption attack, mainly being used to target computers in Western Europe and the United States. The Facebook Ransomware was first observed carrying...

Posted on June 20, 2017 in Ransomware

SOREBRECT Ransomware

The SOREBRECT Ransomware is a ransomware Trojan that is mainly being used against businesses and high-profile targets, rather than individual computer users. The SOREBRECT Ransomware is a sophisticated ransomware Trojan that manages to carry out an attack that does not involve the delivery of a file, making it more effective in its attack and difficult to remove. Although ransomware Trojans are quite common, ransomware Trojans that use attacks without a file are quite rare. The SOREBRECT Ransomware was first observed in the late Spring of 2017 while malware researchers investigated threat attacks in Middle Eastern locations. The SOREBRECT Ransomware has carried out attacks in various countries around the world, including Russia, the United States, China, Mexico, Italy and Japan. How the SOREBRECT Ransomware Carries out Its Attack...

Posted on June 20, 2017 in Ransomware

Cookies Control

The Cookies Control browser extension is promoted as an easy-to-use extension that helps users switch cookies on and off quickly. The Cookies Control extension does not have a publicly known developer, and it can be found at cookies-control.com. The Cookies Control app is reported to travel in free software bundles and has a hidden page on the Chrome Web Store found at: chrome.google[.]com/webstore/detail/%D1%81ookies-control/cfkpefbllpconnkfpdgagkifmflckkdp. The Cookies Control extension may seem useful to users who do not wish to retain the cookies cache downloaded during regular Internet browsing. The cookies-control.com site may suggest that the proposed extension improves your privacy, but that is not entirely accurate. The Cookies Control extension might limit the ability of ad networks to track your activity online by using...

Posted on June 20, 2017 in Bad Toolbars

MoneyFriend

MoneyFriend is a name that is associated with adware, which was reported by PC security researchers in the third week of June 2017. The MoneyFriend adware is a program that is distributed to users as an optional component to free software packages. Choosing the 'Express' installation may allow the MoneyFriend adware to be installed to the Temp directory and change various Internet-related settings on your device. Cyber security analysts alert that the MoneyFriend adware is just as threatening as the Ntuserlitelist adware, which we reported near the end of March 2017. Both programs edit the system Registry, the proxy configuration and inject code into running processes that have Internet connectivity. The MoneyFriend adware features a built-in Proxomitron module, which is a customized build of the Proxomitron software created by Scott...

Posted on June 19, 2017 in Possibly Unwanted Program

iFind Searcher

The iFind Searcher browser extension is deemed as a browser hijacker. Some computer security researchers may refer to the iFind Searcher program with the terms 'Rogue.ForcedExtension,' 'PUP.iFindSearcher' and 'Adware32.iFindSearcher.' Computer users that noticed their browser including a blank spot on the navigation bar found that their searches are hijacked from services like Google and Bing, which makes their browser load the US version of Yahoo at us.search.yahoo.com. An investigation into the redirects to us.search.yahoo.com revealed that a program named iFind Searcher was attached to the browser and featured a transparent icon to avoid detection. Moreover, the iFind Searcher browser extension was designed to monitor the user's activity online and reroute users via two gateways to us.search.yahoo.com. The iFind Searcher extension...

Posted on June 19, 2017 in Browser Hijackers

Myflow.top

The Myflow.top domain is associated with browser redirects, unsolicited changes to files on computers and browser hijacking. Computer users that install free software packages might install a browser hijacker linked to Myflow.top that can divert Internet traffic to unreliable online shops and phishing pages. The Myflow.top browser hijacker is a program that is responsible for modifications to the browser settings and browser shortcuts for users. The developers of the Myflow.top browser hijacker has designed it to delete the original shortcuts for Internet clients like Google Chrome, Internet Explorer, Opera and Mozilla Firefox. The original shortcuts are replaced with modified launchers that include additional parameters. The new browser launchers are rigged to load content from servers registered to the 88.99.216.4 IP address that...

Posted on June 19, 2017 in Browser Hijackers

Search.todaystopheadlines.co

The Search.todaystopheadlines.co domain is associated with the Todays Top Headlines browser extension developed by Polarity Technologies Ltd. and released to Windows users in freeware bundles. Also, you may find the Todays Top Headlines extension promoted on free software platforms that offer access to browser extensions outside the Google Web Store and the Mozilla Add-ons library. You may want to keep in mind that extensions that are not listed on official platforms like chrome.google.com and addons.mozilla.org may perform unwanted modifications to your browser and redirect users to phishing pages. The Todays Top Headlines app by Polarity Technologies Ltd. is one such browser extension. It has no official site and lacks pages on chrome.google.com and addons.mozilla.org. Also, the Todays Top Headlines browser extension is an...

Posted on June 19, 2017 in Browser Hijackers

Roblocker X Ransomware

The Roblocker X Ransomware is a Trojan that is used to stunt computer users. The Roblocker X Ransomware is being distributed as a bogus updated for Roblox, a game created by the Roblox Corporation. The Roblocker X Ransomware uses a lock screen to prevent the victim from accessing the infected computer. The Roblocker X Ransomware will display a full-screen message that blocks all access. The main purpose of the Roblocker X Ransomware's lock screen is to force victims to pay a ransom needed to obtain the unlock code, which would then be used to unlock the affected computer. The Roblocker X Ransomware takes the victim's computer hostage until a ransom is paid. How the Roblocker X Ransomware and Other Ransomware Trojans may Attack a Computer Today, there are various ways in which ransomware Trojans may take the victims' computers hostage....

Posted on June 19, 2017 in Ransomware

WinBan Ransomware

PC security researchers have noticed a ransomware Trojan that seems to be still under development. The WinBan Ransomware is submitted to online anti-virus platforms, which are used by con artists to test their ransomware creations commonly, as a way to detect whether their attacks can bypass detection by popular anti-virus programs. This, in turn, allows PC security analysts to detect early versions of threats like the WinBan Ransomware and prepare computer users to protect their computers against them and any new tactics being used by the con artists in these attacks. The Illegal Ban of Your Files Caused by the WinBan Ransomware The WinBan Ransomware may be delivered in the form of Microsoft Word documents attached to unsolicited email messages. These attachments will include macro scripts that download and install the WinBan...

Posted on June 19, 2017 in Ransomware

WinBamboozle Ransomware

The WinBamboozle Ransomware is a ransomware Trojan that is used to entrap inexperienced computer users. Malware researchers who uncovered a ZIP file named ‘full.zip’ first detected the WinBamboozle Ransomware. Inspection of this file revealed that it contained a corrupted component used to carry out a ransomware attack on its victims. It is likely that the file associated with the WinBamboozle Ransomware will be used to attack computer users by releasing it along with a software plug-in or through torrent networks disguised as harmless files. The WinBamboozle Ransomware was first observed on an online anti-virus platform monitored by malware researchers. Con artists will often use these platforms to test whether their ransomware Trojans are capable of evading detection, uploading unfinished versions of their threats (such as the...

Posted on June 19, 2017 in Ransomware

Pro-search.me

Pro-search.me is a generic Internet search site and a browser hijacker. In most situations of the Pro-search.me site automatically loading on your favorite web browser application components related to Pro-search.me have loaded during the installation of bundled apps or freeware programs obtained from the Internet. The use of Pro-search.me may very well return relevant search results. Though, many of the search query results found on Pro-search.me may be accompanied by sponsored links or advertisements. Use of the various advertisement and sponsored links found on Pro-search.me may cause unwanted redirects to sites that have questionable content. Computer users looking to stop the actions of Pro-search.me loading automatically as a default home page, or new tab page will want to seek out and remove each of its related components or...

Posted on June 19, 2017 in Browser Hijackers

Muack.to

Muack.to is a site that is classified as a browser hijacker that may look the part of a basic search engine site. Upon first glance of Muack.to it may appear to be a knock-off of popular search sites like Google or Bing. Use of Muack.to will, in fact, return relevant search queries but the results are accompanied by advertisements or sponsored links. Use of those links may cause unwanted site redirects or loading of other pages that could have unwanted content. The components related to Muack.to are known to load through the installation of other freeware apps or bundled software where Internet settings may be modified. Those who find Muack.to to be annoying and intrusive may opt to find and eliminate all associated components or web browser extensions that have loaded. Automatically removing those components may be done by the use of...

Posted on June 19, 2017 in Browser Hijackers

Wana Decrypt0r Trojan-Syria Editi0n Ransomware

The Trojan-Syria Editi0n Ransomware is designed to mimic the WannaCry Ransomware infection, a well-known ransomware Trojan that received substantial media attention in May of 2017. The Trojan-Syria Editi0n Ransomware claims to be a Syrian version of the WannaCry Ransomware, and it is designed to infect computers running the Windows operating system. The Trojan-Syria Editi0n Ransomware is not a WannaCry variant, and there is no relationship between the Trojan-Syria Editi0n Ransomware and that sophisticated ransomware Trojan. The Trojan-Syria Editi0n Ransomware is a variant of HiddenTear, an open source ransomware engine that has spawned countless ransomware variants since it was first made public in August of 2015. Although the Trojan-Syria Editi0n Ransomware is not designed as a variant of WannaCry, the Trojan-Syria Editi0n Ransomware...

Posted on June 19, 2017 in Ransomware