Grooviemovie.info

The Grooviemovie.info domain is associated with the GroovieMovie browser extension by Imali Media Ltd. The GroovieMovie software by Imali Media Ltd. may be promoted to users as a media center solution for browsers like Google Chrome, Internet Explorer, Mozilla Firefox and Opera. The GroovieMovie extension advertised on Grooviemovie.info may enter computers with free software bundles, and you may notice the app on the Chrome Web Store and the Mozilla Add-ons platform. The GroovieMovie browser extension may make several modifications to the browser including changing the new tab page and default search provider. The GroovieMovie browser extension may offer access to services at Search.grooviemovie.info and make it the default new tab and search aggregator. PC users that install the GroovieMovie extension with a freeware installer by...

Posted on June 16, 2017 in Browser Hijackers

Trojan.Wdfload

Trojan.Wdfload is an extremely harmful Trojan that is used to carry out attacks on computer users. There have been numerous reports regarding Trojan.Wdfload, indicating that this Trojan poses a threat to computer users and their computers. Because of this, PC security analysts strongly advise computer users to ensure that their security software is fully up-to-date and capable of dealing with Trojan.Wdfload and similar threats. How the Trojan.Wdfload Infection Works Trojan.Wdfload seems like a generic threat detection used by many anti-virus programs to indicate one of the numerous types of Trojan infections commonly. However, in the case of Trojan.Wdfload, this is a specific Trojan that was first observed in the second week of Jun 2017. There are several other names associated with Trojan.Wdfload, including 'CertLock' and 'Ceram.'...

Posted on June 16, 2017 in Trojans

WinUpdatesDisabler Ransomware

The WinUpdatesDisabler Ransomware is a ransomware Trojan that is used to extort computer users. Malware analysts first observed the WinUpdatesDisabler Ransomware on an online anti-malware engine. Con artists developing ransomware Trojans like the WinUpdatesDisabler Ransomware will submit their ransomware variants under development to these platforms frequently as a way to test whether they can pass detection techniques used by anti-malware programs. This allows PC security analysts to track which new ransomware Trojans are being developed and continue to stay ahead of the con artists in a constant arms race. The WinUpdatesDisabler Ransomware receives its name because of elements in its ransom note and because it may run as an executable file named 'WinUpdatesDisabler.exe' on the victim's computer. Instead of Updates, the...

Posted on June 16, 2017 in Ransomware

Mora Project Ransomware

The Mora Project Ransomware is designed to encrypt the victims' files, carrying out a typical ransomware attack that extorts victims after taking their files hostage. The Mora Project Ransomware was first observed after con artists submitted the Mora Project Ransomware to online anti-virus platforms, a common practice used by threat developers to test whether their threat creations are capable of evading detection by common anti-virus engines. It is clear, from various of its characteristics, that the Mora Project Ransomware is still under development and it is unfinished currently. However, in its current form, it is capable of carrying an attack, despite the fact that it's ransom demand is extremely unrealistic. It is likely that the people responsible for the Mora Project Ransomware attack will release an updated version of the Mora...

Posted on June 16, 2017 in Ransomware

Photor

The Photor browser add-on by Photor Ltd. is promoted as a refreshing new tab replacement for Web surfers. The Photor browser add-on is an ad-supported program that you can install and benefit from for free. The home site for the Photor software is photorext.net, and there is a page on the Chrome Web Store at chrome.google.com/webstore/detail/photor/jndegkabfmfeaiddoinfcmbdndcdaago, which shows the app is used by a little more than seven thousand users. Compared to the Search and New Tab by Yahoo that has more than one hundred and twenty thousand users — the Photor New Tab is not very popular. That may be a consequence of the fact that the Photor browser add-on is distributed to users via free software packages mainly. Also, the Photor New Tab is powered by Search.photorext.net, which mimics the default new tab layout for Google Chrome...

Posted on June 16, 2017 in Possibly Unwanted Program

CryptoSpider Ransomware

The CryptoSpider Ransomware is an encryption ransomware Trojan designed to force computer users to pay large ransoms in exchange for their files, which the CryptoSpider Ransomware takes hostage. The CryptoSpider Ransomware is one of the many variants of HiddenTear, an open source ransomware platform that has spawned countless ransomware variants since its first release in 2015. PC users that take precautions against the CryptoSpider Ransomware and similar threats can avoid numerous problems. Analyzing the CryptoSpider Ransomware and Other HiddenTear Variants The CryptoSpider Ransomware customizes the original HiddenTear open source ransomware platform. This ransomware platform was released to the public in August of 2015 by a programmer named Utku Sen. Since its release, this ransomware Trojan, which was released for proof of concept...

Posted on June 16, 2017 in Ransomware

‘Error 3x3103fx’ Pop-Ups

Legitimate PC security software does not use the 'Error 3x3103fx' security code. The 'Error 3x3103fx' code is displayed on pop-up windows generated on pages like mf-ez-18.s3.amazonaws.com that are hosted on the Amazon Web Services platform. Pages like mf-ez-18.s3.amazonaws.com may include a valid digital certificate and support an encrypted connection due to being hosted on the Amazon Web Services platform. That way, Web surfers who stumble upon the 'Error 3x3103fx' pop-up windows may look at the address bar and may trust the fake security alert on their screens. The 'Error 3x3103fx' notifications may suggest that the user has downloaded pornographic content loaded with threats. The 'Error 3x3103fx' warnings might include the following text: 'Microsoft Warning Alert ** Malicious Pornographic Spyware/Riskware Detected Error # 3x3103fx...

Posted on June 15, 2017 in Adware

TrafLab Ads

The TrafLab advertisement platform has an official page at traflab.ru/reg, and it is promoted to be suited to companies based in Russia that have low-conversion rates. The TrafLab advertisement platform has a bad reputation because it may handle most of the Internet traffic generated by adware and riskware published by software developers based in Russia. Computer users that were infected with adware, browser hijackers and used riskware have reported redirects via gateways operated by TrafLab numerous times. Further investigation into the connections of TrafLab showed that the platform reroutes requests made by adware such as Nsis:Adware-CJ and LinkSwift. Moreover, there are reports that the TrafLab may be connected to Internet requests made by Trojans like Notepices and Sality indirectly. PC users that experience redirects via...

Posted on June 15, 2017 in Adware

GreatZip

The GreatZip program is promoted as an archive manager that allows users to pack individual files into a single archive file for secure data exchange. The GreatZip software can be found at greatzip.com, which is not a reliable site. Greatzip.com is not an interactive page but a large image that has four active hyperlinks — FEATURES, FAQ, CONTACT and DOWNLOAD NOW. There are no screenshots of the UI for the GreatZip program, but the marketing pitch on the FEATURES page says: 'GreatZip provides a simple user interface that conceals some very powerful features. From advanced encryption algorithms that would take millennia to crack to a beautiful UI that keeps things simple and organized, there's a reason that most people who try GreatZip continue to use it over every other compression platform on the market.' The GreatZip software does not...

Posted on June 15, 2017 in Adware

CryForMe Ransomware

The CryForMe Ransomware is an encryption ransomware Trojan that was observed on June 14, 2017. The CryForMe Ransomware is one of the countless variants of HiddenTear, an open source ransomware platform that has spawned countless variants since it first appeared in the Summer of 2015. The CryForMe Ransomware may be delivered to victims through the use of a corrupted Microsoft Word document, which will execute compromised scripts on the victim's computers to download and install the CryForMe Ransomware onto the targeted computers. Once the CryForMe Ransomware is installed, the CryForMe Ransomware will encrypt the victim's files and then ask for a ransom to recover the affected files. Instead of CryForMe It should be ICryForYou There is virtually no difference between the CryForMe Ransomware and the countless other ransomware variants...

Posted on June 15, 2017 in Ransomware

Mole02 Ransomware

The Mole02 Ransomware is a new variant of the MOLE Ransomware, a known ransomware Trojan that has been around for a while. The Mole02 Ransomware is easy to be identified because it will mark the infected files with the file extension '.mole02.' The Mole02 Ransomware carries out a typical ransomware attack, encrypting victims' files and then demanding a ransom to be provided with the decryption key needed to recover the affected files. It is important to take precautions against the Mole02 Ransomware and its variants since this ransomware family represents a real danger to computers and the computer users' data. The Mole02 Ransomware Impersonates a Very Convincing Microsoft Online The Mole02 Ransomware attack is typical of these infections, taking over the victim's computer and the victim's files captive, and then demanding the payment...

Posted on June 15, 2017 in Ransomware

MrLocker Ransomware

The MrLocker Ransomware is is a category of ransomware Trojans that trick computer users into believing that their files have been encrypted to extract a ransom payment from them. Ransomware Trojans like the MrLocker Ransomware mimic encryption ransomware infections, which are capable of encrypting the victims' files and take them hostage. The MrLocker Ransomware, like these, delivers a ransom note but does not encrypt the victim's files. There are two variants of the MrLocker Ransomware being used to carry out this tactic currently. Both versions of the tactic are identical and demand the payment of $250 USD to be paid in BitCoins. It is insistently advised not follow the MrLocker Ransomware's instructions since this threat does not take your files hostage, meaning that there is no need to pay the ransom amount since there are no...

Posted on June 14, 2017 in Ransomware

Unlckr Ransomware

The Unlckr Ransomware is a variant of the Unlock92 Ransomware, a ransomware Trojan that was released to carry out attacks mainly in Russia and surrounding countries. The Unlckr Ransomware is a modified version of this previous threat that has some upgrades and improves its encryption method, using the RSA-2048 to make the victim's files inaccessible. Like most encryption ransomware Trojans, the Unlckr Ransomware is designed to make the victim's files unusable by encrypting them, then demanding the payment of a ransom from the victim. The Unlckr Ransomware will target numerous file types, but its main focus is the user-generated files such as those associated with Adobe Acrobat, Microsoft Office, and Libre Office, as well as media files such as music, video and images. The Unlckr Ransomware may be delivered to victims through the use of...

Posted on June 14, 2017 in Ransomware

Scarab Ransomware

The Scarab Ransomware is an encryption ransomware Trojan that was observed on June 13, 2017. The Scarab Ransomware is one of the many HiddenTear variants that are active currently. HiddenTear, an open source ransomware Trojan released in 2015, has spawned countless threat variants since its code was made available to amateur con artists looking to carry out these attacks. The most common way of distributing the Scarab Ransomware is by including it as a corrupted file attachment in spam email messages. The Scarab Ransomware can be identified easily because it will mark the files it encrypts with the file extension '.scarab,' which is included to the end of the affected file's name. There is little to differentiate the Scarab Ransomware from other ransomware Trojans, which encrypt the victim's files and then demand the payment of a...

Posted on June 14, 2017 in Ransomware

GPAA Ransomware

The GPAA Ransomware is a ransomware Trojan that claims to be linked to the Global Poverty Aid Agency. Computer users are supposed to be convinced by the GPAA Ransomware to 'give' to this agency, with the goal of raising the large amount of 1000 BitCoin (nearly three million USD, approximately). Although the GPAA Ransomware claims that its main goal is to help people living in poverty, it is clear that the GPAA Ransomware is just carrying out a tactic and attempting to take advantage of inexperienced computer users. Like most other ransomware Trojans, the GPAA Ransomware may be delivered through the use of corrupted spam email attachments. Beyond the GPAA Ransomware's transparent superficial tactic, impersonating a humanitarian aid agency, there is virtually no difference between the GPAA Ransomware and the countless other encryption...

Posted on June 14, 2017 in Ransomware