Weather Hub

The Weather Hub software from ClientConnect Ltd. is promoted as a widget for your Internet client that can enhance your new tab and provide relevant weather forecast at the tip of your fingers. The Weather Hub is promoted via free software bundles and ads on browser extension libraries primarily. You may install the Weather Hub widget unknowingly if you choose the 'Express' and 'Typical' option when installing a free software package. You may be taken by surprise to find that your new tab in Google Chrome, Mozilla Firefox and Internet Explorer loads Searchespro.com by default. The Weather Hub program makes its services available by modifying the new tab page settings of various browsers that are based on the Chromium and Mozilla projects. The new tab powered by Weather Hub offers a search bar that redirects users to Bing.com, links to...

Posted on May 10, 2017 in Browser Hijackers

ZipLocker Ransomware

The ZipLocker Ransomware is a ransomware Trojan. The Trojans in this category are designed to take the victim's files hostage, asking for the payment of a sum to restore access to the infected files. These tactics are becoming common increasingly due to the effectiveness of the attack; even if the ZipLocker Ransomware infection itself is removed, the victim's files remain inaccessible. Because of this, dealing with ransomware Trojans like the ZipLocker Ransomware is not only a matter of preventing the ZipLocker Ransomware infection itself but also of taking steps to ensure that data can be recovered in case that it becomes compromised in one of these attacks. Disclosing the ZipLocker Ransomware Trojan Infection The most common tactic used in these attacks is to use an encryption algorithm to encrypt the victim's files. The ZipLocker...

Posted on May 10, 2017 in Ransomware

Crypto-Blocker Ransomware

The Crypto-Blocker Ransomware is a ransomware Trojan that is used to target computer users that speak English. The Crypto-Blocker Ransomware, like most ransomware Trojans, uses a strong encryption algorithm to make the victim's files inaccessible, essentially holding them ransom until the victim pays for the decryption key needed to access the affected files. There are many methods with which Trojans like the Crypto-Blocker Ransomware can be delivered to victims. The most common method involves spam email attachments, which use corrupted scripts to download and install the Crypto-Blocker Ransomware on the victim's computer. The Crypto-Blocker Ransomware will attack computers running the Windows operating system, up to the latest versions. Current attacks have been spotted in North America and Europe. PC security researchers are...

Posted on May 10, 2017 in Ransomware

Maykolin Ransomware

The Maykolin Ransomware is a ransomware Trojan that is used to extort computer users. The Maykolin Ransomware was first observed in May 2017. The Maykolin Ransomware receives its name from the email address that is used by its perpetrators to contact the victims. The Maykolin Ransomware, like most ransomware Trojans, encrypts its victims' data, then asks the infected user to pay a ransom so that the con artists can provide the decryption key necessary to recover the affected files. Threats like the Maykolin Ransomware may be distributed to victims through the use of corrupted spam email attachments. These attachments may include a macro script that downloads and executes the Maykolin Ransomware on the infected PC. The Maykolin Ransomware may be installed without alerting the victim, running in the background and carrying out its attack...

Posted on May 10, 2017 in Ransomware

Ruby Ransomware

The Ruby Ransomware is an encryption Trojan that is used to extort computer users. The Ruby Ransomware is one of the countless ransomware Trojans based on HiddenTear, the open source ransomware engine released in Summer of 2015 that has since spawned numerous variants. The Ruby Ransomware was first observed in late Spring of 2017 and seems to be in a testing phase currently. The Ruby Ransomware Pretends to be a Game to Induce Its Victims to Download It The Ruby Ransomware was released in the same way as other recently released Trojans such as the Click Me Ransomware, which are advertised as some game. Most ransomware Trojans are distributed through the use of corrupted email attachments or by hacking into victims' computers. In the case of the Ruby Ransomware, this Trojan is being released through the use of an application named...

Posted on May 10, 2017 in Ransomware

FrozrLock Ransomware

The FrozrLock Ransomware is a Ransomware-as-a-Service (RaaS) provider that is being advertised on the Dark Web. The FrozrLock Ransomware is being sold for $220 and marketed with the message 'great security tool that encrypts most of your files in several minutes.' The first vestiges of the FrozrLock Ransomware have been traced back to Russia, delivered through corrupted Java scripts. PC security researchers have been following the development of the FrozrLock Ransomware for some time, but its home page and name was uncovered only recently. Some Features of the FrozrLock Ransomware The following features have been associated with the FrozrLock Ransomware: The FrozrLock Ransomware is coded in C# and is multi-threaded. The FrozrLock Ransomware supports .NET > 4.5. The FrozrLock Ransomware loader is deleted automatically after the...

Posted on May 10, 2017 in Ransomware

‘Error Hard Drive Safety Delete’ Pop-Ups

Some computer users have reported the presence of the 'Error Hard Drive Safety Delete' pop-ups on their computers. Computer users should disregard the content of the 'Error Hard Drive Safety Delete' pop-ups since they are part of a well-known tactic. The 'Error Hard Drive Safety Delete' pop-ups may appear when computer users visit websites with unsafe advertising content. The 'Error Hard Drive Safety Delete' pop-ups also may be associated with unwanted components installed on a computer, such as (Potentially Unwanted Programs) (PUPs) or adware. The 'Error Hard Drive Safety Delete' pop-ups cannot be closed easily and are designed to harass computer users to trick them into calling a fake technical support number. To bypass the 'Error Hard Drive Safety Delete' pop-ups, it will be necessary to close the Web browser using the Windows Task...

Posted on May 9, 2017 in Adware

System.donation-tools.org

The System.donation-tools.org domain is reported by users who are redirected to the site and related pages whenever they open a new tab and start an online session. Web surfers that experience redirects via System.donation-tools.org may have installed adware or a browser hijacker that transmits data to the 104.45.213.51 IP address where System.donation-tools.org is registered. A program on your PC may have made mortifications to the parameters of the shortcuts for your Internet browser and forced you to load System.donation-tools.org by default. We should add that the System.donation-tools.org site has a clone hosted on the same IP address but with a different name—irh-system.cloudapp.net. Both portals refer to the following links: h[tt]p://irh-system.cloudapp(.)net/SearchPage.aspx?n=irh-system...

Posted on May 9, 2017 in Browser Hijackers

mixGames Search

The mixGames Search browser plug-in by Mixplugin.com is promoted as a helpful addition to your Google Chrome that can help you search for "FREE unlimited" games as advertised on their Chrome Webstore page at Chrome.google.com/webstore/detail/mixgames-search/kcboafodfidhkjhhagekcbeepegnccha. The mixGames Search plug-in can be found under the name 'mixGames Start' at Mixplugin.com as well. The mixGames Search app is designed to make several alterations to your Internet settings as a way to customize your browser experience and deliver the promised functionality. PC users are not required to pay for installing and using the mixGames Search app, but they will need to provide mixGames Search with the following privileges: Ul> Read and change all their data on the websites they visit. Change their search settings to games.searchalgo.com The...

Posted on May 9, 2017 in Browser Hijackers

Searchy.online

Searchy.online is presented to visitors as a simple and straightforward search service that employs the same color theme as Google.com. Moreover, the search results page appears to be a near-perfect replica except for the app drawer in the top right corner and search lenses that allow users to explore results by category. Some users may think that Searchy.online may be a creation of Google Inc. that is aimed at users with a limited Internet connection. However, Searchy.online has nothing to do with Google except its blatant copy of the company's color theme. The Searchy.online site is operated and maintained by Search Engage Ltd. that is the company behind several clones of searchengage.com, which include: bitcro.com sugabit.net search.hr searchy.online The Searchy.online portal is a clone of Searchengage.com that does not differ from...

Posted on May 9, 2017 in Browser Hijackers

BitKangoroo Ransomware

The BitKangoroo Ransomware is a ransomware Trojan that, as part of its attack, will delete the victim's files completely. PC security researchers first received news of the BitKangoroo Ransomware in early May of 2017. The BitKangoroo Ransomware represents a real threat to victims' files and data due to the extreme nature of its attack. While many ransomware Trojans threaten the victim with deleting data, the BitKangoroo Ransomware follows through and deletes the victims' files if the ransom is not paid in a certain time. This may be in part to disguise the fact that there exists a decryption application that can help PC users recover from the BitKangoroo Ransomware infection, which is not the case with most ransomware Trojans that are active today. The Attack of this Kangaroo is Severe but Can be Defeated The BitKangoroo Ransomware...

Posted on May 9, 2017 in Ransomware

Media Player Air

The Media Player Air is not considered as a threat but as a Potentially Unwanted Program (PUP) that may travel bundled with freeware installers or may be installed by the computer users due to its description since it is advertised as a very useful tool: 'Air Media Player is a powerful media player designed with simplicity and efficiency in mind. As a media player intuitive enough for the everyday user, Air Media Player flawlessly plays every media format, from MP3 and MP4 to FLV and MKV. Besides its versatile support for playing different media formats, Air Media Player is also extremely light on CPU and memory usage, providing you with a rich and responsive experience. Speaking of experience, Air Media Player supports playing extremely high definition videos from 1080p to 4K and 8K qualities. Standard DVDs are also supported, as well...

Posted on May 8, 2017 in Possibly Unwanted Program

ComboTab

The ComboTab is a Google Chrome extension is associated with a rather severe browser hijacker that may use the Combotab.com domain to show numerous advertisements, redirect users to online stores and show pop-up windows occasionally. The ComboTab is advertised as a tool that can provide computer users with an easy search, 'A simple new tab page for your Chrome with Weather, Search and Quick Apps' but its browser hijacker may manipulate the settings of Google Chrome to show pop-ups by ComboTab and open several tabs loaded with advertisements every time you start an online session. Browser hijackers and adware applications may use shareware or free games to penetrate a computer without the user knowledge. Additionally, the ComboTab browser hijacker may use a Registry key to obstruct you from changing your default search provider and...

Posted on May 8, 2017 in Browser Hijackers

Kolytorelflbe.ru

The Kolytorelflbe.ru domain is deemed as suspicious by security analysts and is associated with a browser hijacker and adware. The Kolytorelflbe.ru hijacker is designed to perform occasional redirects to kolytorelflbe.ru/?token=5ao3q and may promote optimization utilities, harmful software, browser toolbars and similar suspicious content. Users affected by the Kolytorelflbe.ru browser hijacker may want to know that it may have arrived on their PCs as a browser assistant enclosed with a free software bundle. The Kolytorelflbe.ru browser hijacker can manipulate Google Chrome, Mozilla Firefox, and Internet Explorer and divert users when they print a URL address, click on links on a Web page or do a search on Google. Moreover, the Kolytorelflbe.ru domain may be used by third-parties to deploy cyber threats Security analysts strongly advise...

Posted on May 8, 2017 in Browser Hijackers

Beautify Desktop Wallpaper

Users who are experiencing the rotation and changes of their desktop wallpapers by an application named Beautify Desktop Wallpaper may want to know that Beautify Desktop Wallpaper is associated with adware and Potentially Unwanted Programs (PUPs). The Beautify Desktop Wallpaper serves as a gateway to connections with various websites that may share information about your machine and get instructions from its developers. When Beautify Desktop Wallpaper is running on an affected computer, it may connect to the sites https://servicehost.cf, https://svc-host.net, https://nvda.cf, https://svc-host.net,https://moz-update.cf and https://ms-dev.cf. The Beautify Desktop Wallpaper is not considered as harmful, but the applications and websites linked to it may slow down your computer and display unwanted advertisements. If you have Beautify...

Posted on May 8, 2017 in Possibly Unwanted Program