Monthly Archives: February 2018 - Page 9

Webdigger.net

Webdigger.net

Webdigger.net is a browser hijacker that might infiltrate your computer without your knowledge and then immediately change all browsers’, including Mozilla Firefox, Google Chrome, and Internet Explorer settings. Research has shown that it is the most active in Mexico; however, it does not mean that you do not need to be careful if you live in a different place. Since this browser hijacker is spread in software bundles, it might soon become prevalent in your region too. If you could not stop this threat from entering your computer and now see Webdigger.net when you launch your browser, there is no doubt that you have encountered the browser hijacker too and need to take action as soon as possible. Browser hijackers are far from ordinary programs, so you will need to put more effort into its removal. No, you cannot let it stay because the untrustworthy search tool will stay set on your browsers and, as a consequence, you will be forced to use it to perform web searches. In the worst-case scenario, it might even take you to untrustworthy pages and expose to potential threats, so the sooner it leaves your browsers alone, the better. Read more »

PornBlackmailer Ransomware

PornBlackmailer Ransomware

A scareware infection named PornBlackmailer has made its headlines in January 2018 when an online forum user created a post about a malicious .scr file reportedly downloaded from the free pornography website Xvideos. The PornBlackmailer ransomware blackmails victims to pay a fee so that they are not reported to the police about the use of pornographic material involving children.

It is still not specified whether the name of the infection PornBlackmailer is the right name for the threat, because the string "HowSexWithDolls" found in the codes of different variants of the threat suggests that this could be another name to use.

The PornBlackmailer ransomware differs from conventional ransomware infections that encrypt files and show the victim a ransom note in full screen or a program window. The PornBlackmailer does not tamper with the victim’s files but uses other scare tactics to extort money from the unsuspecting user. The infection should be removed immediately after being spotted, and you should also keep in mind that the threat resides on the computer even if no ransom notification is displayed after restarting the computer. The threat does not create its point of execution, which means that it does not start at every system startup, but that does not change the fact that it is necessary to remove PornBlackmailer. Read more »

Gh0st RAT

Gh0st RAT was a threat involved in the operation called GhostNet back in 2008. GhostNet is the name of the network consisting of both compromised computers and C&C servers. Users initiated the installation of Gh0st RAT themselves by opening a phishing email and clicking on a malicious URL inside it, which when clicked, connected the user to the C&C server and downloaded a dropper. The dropper then connected to the C&C server once again and downloaded this Trojan. Infected computers were considered a part of GhostNet. Specialists say that Gh0st RAT infected 1295 computers in 103 countries. Among its victims were diplomatic, political, and military institutions. It is hard to say whether GhostNet is still active, but researchers are sure that users might still discover Gh0st RAT on their PCs if they keep them unprotected because the builder of this Trojan is available for download at GitHub (https://github.com/sincoder/gh0st). It might be downloaded by anyone and then used for various malicious purposes. Specialists say that this infection will not act the same in all the cases because cyber criminals might customize it to fit their needs. Consequently, it might be harder for users to detect it, especially when it infiltrates users’ computers without their knowledge and performs all its malicious activities in the background. Read the rest of this article to find out what it is capable of and how to erase this infection fully from the system. Read more »

Screen Watch

Screen Watch

Screen Watch is a suspicious browser extension that promotes a search page that could pose a threat to your system security with its potentially unreliable features. As its name may suggest, this Google Chrome extension offers you quick links to movie-related websites as well as popular sites like Facebook and Amazon. Our malware specialists at anti-spyware-101.com classified this tool as a potentially unwanted program (PUP); although, it is possible that due to its capabilities it may be considered as a browser hijacker. In fact, it has been found that this PUP is very similar to others like Muzik and Seen On Screen. Since you could be exposed to potentially harmful third-party content (ads and links) while using this tool, we suggest that you remove Screen Watch even if you are a movie fan. Please read on to find out more about this threat. Read more »

Scarabey Ransomware

Scarabey Ransomware

Scarabey Ransomware is not a program, which should never be up and running on your personal computer. In fact, we highly advise you to delete it if it is ever found up and running on your operating system. Doing so is critical because this malicious piece of software can act in an incredibly devious manner. If you are not familiar with ransomware programs, you must know that this category of applications can easily encrypt a massive amount of data stored on the affected computer without any notification or authorization. As you can imagine, having such program will have devastating outcomes, to put it lightly. Learn more about the inner workings of this malicious program by reading this report entirely. Additionally, we provide a few virtual security tips that will help you maintain a clean and secure system at all times. Finally, to help you delete Scarabey Ransomwareonce once and for all, we include a detailed removal guide that you can find below. Read more »

Yoshikada Ransomware

Yoshikada Ransomware

Most likely, you have found this report and started reading it because you have already discovered Yoshikada Ransomware on your computer. This is a new crypto-threat, but it does the same job as many other ransomware-type infections. That is, this nasty infection locks users’ personal files right away after slithering onto their computers without their knowledge. A motive behind this activity is only one – to obtain money from users. If this threat has already entered your system without your knowledge, and locked your files, you should be able to find a new file on your computer. This file is a ransom note. You might not find the exact amount of money you have to send to cyber criminals indicated in it, but you will find out that you need to purchase the special decryptor from cyber crooks so that you could unlock those encrypted files. If you do not know what to do, we want you to know that we do not recommend transferring money to crooks no matter how much money they ask. It is unclear whether you will get the tool you pay for. Cyber criminals might change their minds and not give it to you. In this case, you could only blame yourself because nothing else could be done. In addition, if you send money to them, they will realize that it is worth spending time on the development of malware. Consequently, you might encounter new harmful threats in the future. Read more »

Search.hyourweatherinfonow.com

Search.hyourweatherinfonow.com

Search.hyourweatherinfonow.com looks like one of the Polarity Technologies Ltd browser hijackers. Our researchers confirmed it after taking a look at the software’s Privacy Policy and End User License Agreement documents. Not to mention, the application looks almost the same as the other browser hijackers from this company that we have already tested earlier. All of its clones provide a search box and a toolbar containing links to various web pages. In this case, the threat offers links to sites providing news, reports, weather forecast, and so on. Even though such links could seem to be useful, we would not recommend leaving Search.hyourweatherinfonow.com on your browser. It might also display questionable advertisements containing links to third-party websites, e.g., scam websites, sites suggesting other threats alike, and more. It seems to us it would be smarter to stay away from such material. If you think the same, we advise you to get rid of this suspicious application with the instructions located below or a legitimate antimalware tool. Read more »

Search.searchtmpn4.com

Search.searchtmpn4.com

If you find that your browser’s default settings have been altered without your consent, it might be an indication that a browser hijacker is up and running on your personal computer. One such application is known as Search.searchtmpn4.com. It is currently roaming the web; thus, being aware of its existence is critical. If unfortunately, if you already have this malicious application on your PC, make sure to conduct its complete removal. Doing so is imperative because this it, just like its counterparts, will make browsing the web a much more frustrating and annoying experience. Furthermore, you must also know that in some cases, this browser hijacker could prove to be quite dangerous. If you wish to learn more about its devious functionality, read the rest of this article. Below we also include a detailed removal guide, which you should use to delete Search.searchtmpn4.com without encountering any major problems. Read more »

Search.searchapp.website

Search.searchapp.website is not a program that you want you find up and running on your computer. If that, unfortunately, happens, make sure to execute its complete removal as soon as possible. Doing so is essential because this application has been classified as an intrusive search engine. During its analysis, our research team has discovered that this invasive application can make undesirable alterations to your browser's default settings without any warning whatsoever. Due to that, browsing the Internet will become an annoying and otherwise bothersome experience, to put it mildly. Also, you must know that in some instances, this devious piece of software could prove to be dangerous. If you want to have an in-depth understanding of this intrusive search engine's inner workings, be sure to read this article entirely. In addition to such information, you will find a comprehensive removal guide that will help you delete Search.searchapp.website in no time at all. Read more »

TheGameSearcher

TheGameSearcher

You should not install TheGameSearcher on your computer if you do not want to find your Google Chrome settings altered. This piece of software is a browser extension that promises to help users save some time by providing them access to hundreds of free games they can play online. Some people install this extension consciously from its official website (thegamesearcher.com) or the Chrome Web Store (https://chrome.google.com/webstore/detail/thegamesearcher/cafloompkfpcfoonhijmekcogofdjoah) expecting that it will act beneficially, but the majority of people do not even suspect that it can change their browsers’ settings until they discover a new search tool set in the place of the default search provider on Google Chrome. Fortunately, this program is not a stubborn malicious application. As a consequence, all changes it applies to users’ browsers can be undone by disabling it. If you still cannot decide whether or not you should remove TheGameSearcher from your computer, you should know one thing – it is not fully reliable software even though it does look very useful at first glance. Researchers say that it should be categorized as a potentially unwanted program because it has several tiny drawbacks. You can read about those drawbacks in detail further in this article. We are sure you will know how to get rid of the undesirable extension by the end of this report too. Read more »