Monthly Archives: April 2017 - Page 7

Kripto64 Ransomware

Kripto64 Ransomware

Kripto64 Ransomware is a Turkish malicious application based on the source code of Hidden-Tear, an educational open-source ransomware. We can assure you that it, unlike ransomware it is based on, does not enter users’ computers to teach them. Its main goal is to easily obtain money from users. Although it demands money, it does not encrypt files at the time of writing, and there are no payment details provided. As a consequence, researchers believe that its C&C server is down, or it is still in development. Delete Kripto64 Ransomware as soon as possible even if it has not touched any of your files because this infection might be updated and then lock all your files in the blink of an eye. Do not let this happen to you – remove this infection from your computer today. Read more »

Fake WindowsUpdater Ransomware

Fake WindowsUpdater Ransomware

Fake WindowsUpdater Ransomware is a malicious application which, just like its predecessors, encrypts users’ files with the AES-256 encryption algorithm. Its name, we can assure you, is not random. It has been given this name because of the name WindowsUpdater.exe found in its source code. Of course, it does not really matter what its name is. The most important thing is that it has all the features of a typical ransomware infection, i.e. it finds users’ valuable files after the successful entrance, encrypts them all, and then opens a ransom note. At the time of writing, the C&C server (http://ganedata.co.uk/ransomware/ransomware.php) of this ransomware infection is already dead, which suggests that it is no longer active. Unfortunately, there are no guarantees that this infection will not be fixed in the near future and thus will not start encrypting users’ files again, so do not be so sure that you will not encounter it. Most probably, you are reading this article because you have already detected Fake WindowsUpdater Ransomware on your computer. If we are right here, delete this computer infection from your system no matter it has encrypted your files or not, i.e. no matter you have encountered a working version of this threat or not. Read more »

Zixer2 Ransomware

Zixer2 Ransomware is a ransomware-type computer infection that is similar to Globe Ransomware. It was designed to encrypt your personal files using an advanced encryption algorithm and then demand that you pay money for a decryption key. However, we urge you not to pay the ransom and remove this program instead because you cannot trust its developers to keep their word and send you the key. The sum you are supposed to pay is not specified, and you have to contact the developers via email to get instructions on how to pay the ransom. Read more »

LMAOxUS Ransomware

LMAOxUS Ransomware

LMAOxUS Ransomware is a malicious program that must be removed without any hesitation if it is ever found up and running on your personal computer. This is crucial since its functionality is extremely malicious. If you are not familiar with ransomware program, you must be aware of the fact that applications of this category are fully capable of locking enormous amounts of personal data without requiring any authorization whatsoever. It is not hard to understand that having this devious program active on your personal computer could have detrimental outcomes, to say the least. If you consider yourself to be a security conscious user, you must take appropriate virtual security measures to keep your PC clean and secure. In this article, we provide a few virtual security recommendations along with detailed information regarding the overall functionality of LMAOxUS Ransomware. We also include a detailed removal guide that you should use to delete this malware once and for all. Read more »

LockerPay Ransomware

LockerPay Ransomware

Our malware analysts have recently found a new ransomware-type program called LockerPay Ransomware. Apparently, this application was designed to encrypt documents and images and pictures and then offer you to purchase a decryption key. You might want to decline the offer because there is no guarantee that the creators of this program will keep their word. You should consider removing this program instead of giving what the developers want because you cannot trust them. You need to act quickly because this ransomware is set to delete the encrypted files after 48 hours if you do not pay. You should wait for a free decryption tool to be made, but there is no guarantee that it will be made. For more information, read this whole article. Read more »

PANDAViewer

PANDAViewer

PANDAViewer, as its name suggests us, is an image viewer. It is promoted as “a fast, stable, easy to use image viewer for PC, laptop, tablet and smartphone.” It can be downloaded from pandaviewer.com, but users who get it from a third-party source, without a doubt, have the application working the same. It does seem to be a beneficial application at first sight, so it does not surprise researchers working at anti-spyware-101.com that it is becoming more and more popular. To be frank, it is a bad thing because PANDAViewer is not an application that can be trusted fully. Specialists call it a potentially unwanted program (PUP) because it has several drawbacks. Of course, it is far from a malicious application, but it still does not act like a fully decent application. Make a decision yourself whether or not this program can stay installed on your computer. Information provided in the following paragraphs of this article should help you to make up your mind. Read more »

TeamViewer_Tracer.exe

Have you located a file called TeamViewer_Tracer.exe? Although the name of this file suggests that it is somehow associated with TeamViewer, our research team at Anti-Spyware-101.com warns that this is a lie. If this remote control tool is not installed on your PC, you should become suspicious right away. Of course, if it is installed on your PC, you might think that the file is legitimate. Even so, the malicious .exe file is placed in the %ALLUSERSPROFILE% folder, which means that it is isolated from the legitimate TeamViewer files. If you are completely lost and confused, you can install a legitimate malware scanner to do a quick examination and figure out if the suspicious .exe file you are looking at is malicious. Needless to say, a legitimate malware scanner will list all infections that might be active on your PC, and so we recommend using it without further delay. As you must have figured out by now, we recommend deleting TeamViewer_Tracer.exe. If you are not sure why, you need to read this report. Read more »

Project34 Ransomware

Project34 Ransomware is a major attack against your personal files that was most likely designed initially to only target Russian speakers; however, our malware specialists at anti-spyware-101.com say that this dangerous ransomware was also spotted in other regions as well in March, 2017. When your PC gets hit by such a vicious program, it is possible that you will be unable to recover your most important files. This is why we keep emphasizing the importance of making regular backups on either cloud storage places or removable media. Of course, you always have the option to pay the ransom fee these cyber crooks demand from you for the recovery of your files, but, in reality, there is little chance that you will actually receive anything in exchange. If you want to be able to move on and use your PC safely, we advise you to remove Project34 Ransomware ASAP. For further details, please continue reading our article. Read more »

Final Ransomware

Final Ransomware

Final Ransomware might show its victims a ransom note claiming it has encrypted all their personal files on the computer. However, the research shows the infection can only lock data from specific folders. Thus, there is a chance the threat might not cause you a lot of trouble. According to our specialists, it does not even lock the screen, so your computer should work normally. If you have no intention of paying the ransom, we advise you to ignore the displayed ransom note and concentrate on the malicious program’s removal. Users who are up for the task can try to erase it manually while following the instructions available below the article. Of course, if you want to know more about Final Ransomware you should read the rest of our report first. Read more »

Crptxxx Ransomware

Crptxxx Ransomware

A new ransomware-type infection Crptxxx Ransomware has been discovered by experts working in the cyber-security field. It has turned out that it is quite an old infection, which might even be an old version of Btcware Ransomware. Although its infection rate is no longer high, theoretically, users might still find it on their computers. The main symptom showing that this computer infection has successfully entered the system is a bunch of encrypted files on the computer. It scans the system and finds pictures, documents, media files, and other valuable files first before locking them. Luckily, it does not enter computers with the intention of ruining the Windows OS, so, as a consequence, the %WINDIR% folder will be left intact. The same can be said about the folder of Internet Explorer. Ransomware infections perform the encryption of personal files not without reason. We can assure you that they do not seek to make you angry either. Instead, it is all about money. Even though the victims of Crptxxx Ransomware do not find any information about a ransom in a ransom note left by this infection, it does not mean that they will get their files unlocked for free. Of course, we do not try to say here that users should immediately go to pay money to bad people when they discover ransomware on their PCs. Read more »