Monthly Archives: September 2017 - Page 11

Shielddefense.net Redirect

Shielddefense.net Redirect

If you have noticed that your homepage and new tab page changed in your browser, you may be experiencing Shielddefense.net Redirect. The redirections coming from this particular source are due to a potentially unwanted program (PUP) called Shield Defense. This Google Chrome browser extension claims to block malware and tracking of websites, and thus provide you with a safe browsing experience. Although we cannot claim that this PUP does not do as it says, we have found a few worrisome traits while testing it. In fact, this PUP changes your browser settings without your knowledge and it also quite persistent since you cannot even change those back. Therefore, you could be exposed to its potentially risky search engine that may show you modified results by promoting affiliates that may not all be of the trustworthy kind. All in all, having this PUP on your system could indirectly cause some system security issues for you. We suggest that you remove Shielddefense.net Redirect from your system if you do not want to see what might happen if you leave a questionable application active on board. For the details, please continue reading our article. Read more »

MuteAllTabs

MuteAllTabs

If you are about to download a program that goes by the name of MuteAllTabs, we highly advise you not to do so since it is one more potentially unwanted program. Malware experts at Anti-Spyware-101.com have categorized it in such a way due to a couple of reasons. One of them is that it exhibits quite a few invasive features, which should not be tolerated. Another reason is its devious distribution, which could prove to be quite dangerous, to put it lightly. If you wish to learn more about the inner workings of this potentially unwanted program, so you can understand why its complete removal is essential, make sure to read the rest of our report. Besides such information, we also provide a few virtual security tips along with detailed removal instructions for MuteAllTabs. Read more »

Safeforsearch.net

Safeforsearch.net

If your browser’s homepage was changed to Safeforsearch.net without your authorization, then you should know that your browser has been infected with a browser hijacker. Therefore, you may want to remove it. Replacing the homepage address and other settings without the user’s knowledge is considered a malicious action and, thus, we regard Safeforsearch.net as malware. Apart from that, this hijacker can show ad-supported search results that can jeopardize your computer’s security as some of them can redirect you to infected, scan or phishing websites. It can also collect information about you to customize the advertising campaign. To find out more about this hijacker, read this article. Read more »

Ladomainadeserver.com redirect

Ladomainadeserver.com redirect believed to be an adware server that might be used by various adware applications. Therefore, if you noticed your browser began redirecting you to this web page, you could have downloaded some unreliable applications. No doubt to stop the annoying Ladomainadeserver.com redirect, you might have to find the program responsible for it. The instructions we will place at the end of the article may help you complete this task manually, but you should keep it in mind that even so, it might be still too difficult to deal with this threat on your own, especially for inexperienced users. In which case, we believe it would be smarter and quicker to use a legitimate antimalware tool instead. As for users who wish to know how this redirection could affect their browsing or cause trouble, we recommend reading the rest of this report. Read more »

Ev Ransomware

A new nasty infection Ev Ransomware has been detected by specialists working in the malware research department. According to them, this threat has been developed by an Indonesian group of malware developers, and it does not differ much from such prevalent threats as WannaCry Ransomware and Petya Ransomware. That is, it also has the one and only goal it seeks to achieve – to get easy money. Actually, there is one tiny feature that distinguishes it from the remaining ransomware infections that can be spotted in the wild – it is not a threat targeting the Windows OS. Instead, it primarily targets WordPress websites. When the ransomware infection is successfully uploaded by an attacker to the compromised website, the encryption of files starts immediately. Then, the message to pay 0.2 BTC (~ $959 at today’s price) is displayed. Specifically speaking, your website will open only a black window with a message if Ev Ransomware encrypts its files successfully. Ransomware is no longer a new type of malware, so malware researchers already have much knowledge about these infections. They say that there is one thing that unites them all – they want victims’ money and do not hesitate to tell them that. There is, most probably, no need to say that paying money to malicious software developers is the worst they can do. Even if you pay, your website will, most likely, not be fixed because the decryption mechanism of Ev Ransomware does not work properly. Of course, a fixed version of this threat might be uploaded to your website too, but this does not change anything. Read more »

Nuclear Ransomware

Nuclear Ransomware

It is unlikely that you will notice when your files are being encrypted by Nuclear Ransomware, but once the attack is complete, you will not be able to miss this infection. First of all, a window representing a demand for a ransom will be displayed. Second, your files will become unreadable. It is currently unknown which encryption algorithm this malicious ransomware uses, but when the encryption happens, the monstrous “.[black.world@tuta.io].nuclear” extension is appended to their names, and so it is impossible to miss them. Unfortunately, this ransomware is likely to go after files that are considered personal, such as documents, media files, and, of course, photos. If you had set up a system restore point to protect data, that might not be enough to save files because Shadow Volume Copies are deleted when the ransomware attacks. Unfortunately, we cannot guarantee that you will be able to recover your files at all. Anti-Spyware-101.com research team recommends reading this removal guide because it not only shows how to delete Nuclear Ransomware but also helps you understand how the threat works. Read more »

Two Click Search

Two Click Search

Two Click Search is a browser extension enabling you to search for a term or phrase within a text without copying and pasting it in a search box on a search engine. The extension works on the Chrome browser and is available on its official website and in the Chrome Web Store, the latter of which contains only a brief statement about the program without any detailed information how exactly the application works. It has been found that Two Click Search might also be bundled with free software programs and sometimes may be installed surreptitiously, which usually leads to unwanted consequences. These and some other aspects of the browser extension have lead malware researchers to classify it as a potentially unwanted program (PUP), which should be removed from the computer in order to prevent malware installation and other undesirable actions involving your device and your personal information. Read more »

Search.searchfaa.com

Search.searchfaa.com

Search.searchfaa.com is a featured search website that may show up in your main browsers after you install a suspicious free program. Our malware specialists at anti-spyware-101.com say that this search page is indeed the creation of a well-known company called Polarity Technologies Ltd. By "well-known" we actually mean notorious, as this team seems to be specialized on creating identical and similar browser hijackers like Search.youremailnow.com, Search.searchytds.com, and Search.hfreeforms.co. This particular feature, quick access to your e-mail accounts, is also not the first time that it has emerged; we have seen at least two previous search engines that seem to be perfect clones of this one. This hijacker actually claims that it is "all about making your email experience quicker, easier, and overall better" but this simply means that it provides you with buttons on a fake toolbar leading to web-based e-mail accounts. This you can easily have if you bookmark your e-mail accounts and display the bookmarks bar in any of your browsers. Since this hijacker may introduce you to questionable third-party content through manipulated search results, we advise you to remove Search.searchfaa.com as soon as possible. Read more »

TelevisionAce Toolbar

TelevisionAce Toolbar

Are you familiar with Mindspark Interactive Network? That is the company that has created TelevisionAce Toolbar, an extension that is represented via the New Tab to help you find your favorite TV shows and stream episodes. While the extension itself is free, it will not help you stream TV shows or movies for free. Instead, it will provide you with a list of services that you can sign up for to stream the desired content. Besides that, the add-on specifically promotes ESPN, NBC, Hulu, Amazon, and Netflix streaming services. Also, it promotes vulture.com and tvlistings.zap2it.com, both of which offer movie and TV-related content. The suspicious extension provides users with links to YouTube, Facebook, Target, Walmart, Instagram, and other popular sites as well. Undoubtedly, at first sight, the extension seems quite useful, but our Anti-spyware-101.com researchers do not recommend making any assumptions. If you want to learn why we recommend deleting TelevisionAce Toolbar and why we classify it as a potentially unwanted program, you need to keep reading. Read more »

Search.searchytds.com

Search.searchytds.com

Some users might be tricked into thinking that Search.searchytds.com is a reliable search tool that can help surf the web more efficiently, but it is most likely that this browser hijacker will corrupt Firefox, Chrome, and Internet Explorer browsers without users’ permission. At the time of research, it was not exactly clear how this threat spreads, but it is possible that a seemingly useful application could be employed to promote it. On the other hand, installers promoted via filewon.com, filewin.com, and similar unreliable websites could be used as well. In this case, the hijacker could travel in bundles, and much more serious threats could slither into the operating system along with it. If that happens, focusing solely on the hijacker could be dangerous. That being said, you must delete Search.searchytds.com, and the sooner you do that, the better. Our Anti-Spyware-101.com malware research team has analyzed the hijacker, and it is our strong recommendation that you remove it. If you want to learn why exactly that is important, you need to continue reading this report. Read more »