Author Archives: Max Lehmann

SaveTheQueen Ransomware

SaveTheQueen Ransomware is a recently created file-encrypting threat. It is possible that we encountered a test version, which means the malware could still be in development. Our researchers think so because the malicious application does not drop a ransom note. Showing a ransom note is typical behavior for ransomware as such programs are mostly used to extort money from regular home users, businesses, or institutions. Further, we explain how our encountered variant works, how it could be distributed, and how it could be erased if it enters a system. At the end of this text, we also provide deletion steps that show how to remove SaveTheQueen Ransomware manually, although we cannot guarantee the instructions will still work if hackers release a new version of the malware. Read more »

CStealer Threatens the Security of Google Chrome Users by Stealing Passwords

Do you use Google Chrome on a daily basis? Perhaps you use it at work, or maybe you only use it at home. Whatever the case is, we are sure that you want to be safe while using this web browser. Unsurprisingly, Google Chrome is the most popular browser, with more than 69% of people using it all around the world. Unfortunately, the most popular services are usually the ones that are targeted by schemers and cybercriminals in most cases too. CStealer is a dangerous Trojan that was created to go after Google Chrome users specifically, and if it is successful, it can steal sensitive passwords stored on this browser. Read more »

Trojan.PyXie.A

Trojan.PyXie.A is a malicious computer infection that can remain hidden in the target system for a long time before the infected users does anything about it. It is a Trojan that works as a Remote Access Tool (RAT), and so it has a pretty wide functionality, which allows other cybercriminals to make use of this infection. In some cases, Trojan.PyXie.A can also be used to distribute ransomware, so the sooner you remove it from your system the better. The best way to find out whether you have this threat on-board is to run regular system scans with a reliable security tool. Read more »

Msop Ransomware

Msop Ransomware

Msop Ransomware is not the kind of threat that you would ever consider to be harmless. It does not try to disguise itself because that is not something that cybercriminals behind this malware need to do. Sure, they need to execute this malware silently, so that your personal files could be corrupted without disturbance, but once that is done, the threat needs to reveal itself. The purpose of this threat is to push victims into paying a ransom in return for a tool that, allegedly, could be used to decrypt files. Therefore, once files are corrupted, the infection immediately introduces you to a file named “_readme.txt.” We discuss the contents of this text file further in the report. We also discuss how the infection spreads, and how to keep your operating system protected against it in the future. Most important, we discuss how to delete Msop Ransomware, and we are almost certain that you have found this article because you already know just how important the removal of this threat is. Read more »

Awesome Sports Search

Awesome Sports Search

Awesome Sports Search is a PUP or a potentially unwanted program. Tools from this category might not be dangerous, but they may have annoying or undesired qualities, which might make some users want to erase them. In this case, users could find it irritating that the application might change their default search engine, gather information, or show third-party advertisements. If you do not want to keep an extension that might act this way on your browser, we recommend deleting it while following the instructions provided below this article or employing a legitimate antimalware tool that could remove Awesome Sports Search for you. Of course, if you wish to know more about the PUP before deciding what to do, we invite you to read the rest of our article first. Read more »

Pagefinder

Pagefinder

Pagefinder promises to help you “access popular sites instantly,” and although you might think that this Google Chrome extension can be convenient, we want to warn you that it was classified as a potentially unwanted program (PUP) by our malware research team at Anti-Spyware-101.com. It is most likely that Chrome users are introduced to this program via pop-ups, misleading links, and using redirection. Without a doubt, if you are ever introduced to an unfamiliar program in a strange manner, you should automatically become suspicious. If you decide that the program you are introduced to is just too good to pass up, you need to do research, and it is possible that you have stumbled upon this article exactly because of that. If you have not installed the extension yet, we suggest that you forget about it. If you have installed it already, you should definitely continue reading because the information we have gathered might make you want to remove Pagefinder. Read more »

Dharma-Ninja Ransomware

Dharma-Ninja Ransomware

Did Dharma-Ninja Ransomware encrypt files on your operating system? You can determine that by looking at the names of your files and by trying to open them. The “.id-{ID}.[ninja777@cock.li].ninja” extension should be added to the names, and when you try to open the files, you should be unable to do it. The files become unreadable after encryption because the threat changes the data within. Unfortunately, you cannot click a button or use an existing program to change things back to normal. Once files are encrypted, they are likely to be encrypted for good. Of course, the attackers want you to believe that you can restore files using their decryption software. Can you? That is unlikely to be the case, and Anti-Spyware-101.com researchers are ready to explain why. We also can explain how to delete Dharma-Ninja Ransomware. Keep reading to learn more, and do not forget to post questions in the comments section below if you want to. Read more »

RSA Ransomware

RSA Ransomware

RSA Ransomware was created by hackers who want to extort money from their victims. Therefore, the malicious application was programmed to encrypt personal data and display a ransom note asking to pay for their decryption. While hackers may claim they will provide needed decryption tools right after they get their money, we would not rush to trust them. There is always a risk they may not bother delivering the promised tools or that they might ask for more money. Thus, the best way to restore your files would be using backup copies. Of course, not every user backups his files, in which case, encrypted data could be lost if a victim does not want to put up with hackers’ demands. Whatever is your decision, we recommend removing RSA Ransomware because it might be risky to leave it undeleted. To find out more about it as well as learn how to erase it, we invite you to continue reading. Read more »

DOGCALL

DOGCALL is one of those things that are hard to notice if you do not perform regular system security scans. It is a Trojan that is used to access a target system. The term for these infections is RAT – Remote Access Tool. It means that with this malicious threat on-board, someone gains access to your system, and then the infection can be used to perform a number of illegal activities. To remove DOGCALL, you actually need to be aware of the fact it is there. Thus, regular system scans with security tools are very important if you intend to protect your system from harm. Read more »

FIN7 Uses a Sophisticated Malware Dropper Called BOOSTWRITE

It was confirmed that a recently discovered Trojan titled BOOSTWRITE was developed by a well-known group of cybercriminals called FIN7. Hackers from this group are known for creating sophisticated Trojans, backdoors, and other threats that help them attack various systems for financial gain. FIN7 has been around for a few years now, and it does not look like these cybercriminals are going to stop their malicious activities any time soon. Sadly, it seems their tools are becoming more vicious and difficult to detect. If you want to know how their latest Trojan works and how it could enter a system, we invite you to read the rest of this article. Also, if you have any questions about BOOSTWRITE, you could leave us a comment below. Read more »