'Ransomware 2.0; Trojan.Win32.SendIP.15' Pop-Up

The 'Ransomware 2.0; Trojan.Win32.SendIP.15' pop-up alerts in the browser, which you may receive from Winmanager[.]today are not to be trusted. The 'Ransomware 2.0; Trojan.Win32.SendIP.15' pop-ups are used by an unknown company that promotes the services of the Advanced PC Fixer software from Pcvark Software Pvt. The Advanced PC Fixer desktop app is listed in our databases as a riskware because it exhibited poor performance and questionable marketing strategy. Almost a year after adding the Advanced PC Fixer to our database, the questionable marketing choices become a subject of discussion again. Sites like Winmanager[.]today appear to generate the 'Ransomware 2.0; Trojan.Win32.SendIP.15' notifications, which look like messages from Support.microsoft.com that is the official support page managed by Microsoft. However, Winmanager[.]today is not managed by Microsoft and says that the visitor's computer is infected with threats dubbed as 'Ransomware 2.0' and 'Trojan.Win32.SendIP.15.' The complete text of the 'Ransomware 2.0; Trojan.Win32.SendIP.15' alerts can be found below:

'DOWNLOAD REQUIRED
Windows is heavily damaged! (33.2%)
Please download Advanced PC Fixer™ to remove (2) Viruses from your computer.
VIRUS INFORMATION
Virus Name: Ransomware 2.0; Trojan.Win32.SendIP.15
Risk: HIGH
Infected Files: /C:\WINDOWS\System32\migration\ADJF9009de.@*fg\windows.exe;/ C:\WINDOWS\System32\Drivers\spoclsv.ex
Download and Repair Windows Windows 10
Application: Advanced PC Fixer™
Rating: 9.9/10
Price: Free'

The 'Ransomware 2.0; Trojan.Win32.SendIP.15' pop-up windows are categorized as a bad form of marketing where the users are lead to believe that their systems are compromised, and Microsoft recommends installing the Advanced PC Fixer software from Pcvark Software Pvt. to remedy the problem. Cybersecurity experts alert that 'Ransomware 2.0' and 'Trojan.Win32.SendIP.15' are not names of real cyber threats and you should not follow the instructions shown at Winmanager[.]today that uses misappropriated logos from Support.microsoft.com. AV engines are known to recognize the scripts associated with the 'Ransomware 2.0; Trojan.Win32.SendIP.15' pop-ups and flag them as:

• HTML:RedirME-inf [Trj]
• JS:ScriptIP-inf [Trj]
• Win32.Trojan.Raasj.Auto
• JS:Agent [Trj]
• HTML.Trojan.FakeAlert.f

The 'Ransomware 2.0; Trojan.Win32.SendIP.15' warnings are observed on many pages registered to the 8.36.44.186 IP address. Web surfers are advised to avoid pages that suggest they have been compromised by the 'Ransomware 2.0' and 'Trojan.Win32.SendIP.15' and their 'Windows is heavily Damaged (33,2%).' It is best that you block access to untrusted sites related to the 'Ransomware 2.0; Trojan.Win32.SendIP.15' fake security alerts. A reputable anti-malware solution should be used to deny connections to the following domains reported to host the 'Ransomware 2.0; Trojan.Win32.SendIP.15' pop-ups:

• mobilecheck[.]life
• mobileprotect[.]world
• mobileprotect1[.]life
• mobileprotect1[.]today
• winmanager[.]today
• winsecurity[.]info
• winsecurity[.]online
• winsecurity[.]site