Author Archives: Max Lehmann - Page 5

DarkKomet

DarkKomet

If DarkKomet invades the operating system, it can record incredible amounts of highly sensitive data. The infection can record passwords, monitor the websites you visit, and even spy on you via webcam and microphone. There are many different variants of this malware because its malicious code was available for free to anyone interested at darkcomet-rat.com. This website is still alive, but if you visit it, you are informed that the “project” is no longer supported. In fact, it has been that way since 2012. The program – which is identified as a remote access tool (RAT) – was created in 2008, so it has been around for a solid 10 years now. Has it caused problems in that timeframe? Has it been used in a malicious manner? Of course, it has. In fact, it is one of the most vicious RATs out there, which is why it is so important to discuss its activity, distribution, and removal. Unfortunately, it is not easy to delete DarkKomet; at least, not manually. Nonetheless, your virtual security could depend on your success. Read more »

GarrantyDecrypt Ransomware

GarrantyDecrypt Ransomware

GarrantyDecrypt Ransomware is the latest file-encrypting malware to come to the attention of our malware researchers. It attacks operating systems in a covert manner, and most victims do not realize that it exists until all files are encrypted. The infection encrypts files because that is the only thing that its creator can hold over their victims’ heads. If files are important, victims might be more willing to pay a ransom in return for a decryptor. Of course, we only assume that a decryptor is on the table because the ransom note delivered by this infection is very vague. It simply asks to contact cyber criminals. Should you do it? Should you follow their instructions? Should you pay the ransom if it is requested? Should you try to decrypt your files or should you just forget about them now? These and many other questions are answered in this report. In the end, we also discuss the removal of GarrantyDecrypt Ransomware. Our Anti-Spyware-101.com research team has analyzed the threat, and we can offer a few tips that will, hopefully, help you delete it with ease. Read more »

GusCrypter Ransomware

GusCrypter Ransomware is a malicious computer infection that will not allow you to operate your comptue properly. This program will encrypt your files and it will tell you that you must pay the ransom fee to get them back.

Needless to say, paying the ransom fee should be the last thing on your mind because no one can guarantee that wiring the money to these criminals would restore your files in the first place. Your best bet at the moment would be removing GusCrypter Ransomware from your system, and then looking for methods to restore your files using other means. Read more »

GamingHub

GamingHub

Would you call yourself a gamer? If you would, it is likely that you have used applications and extensions to satiate your desires already. GamingHub is an extension designed for Google Chrome users, who are interested in playing games online. If your gaming console and your mobile phone are not enough, an extension that offers to play games directly from your web browser might seem like the perfect addition. Unfortunately, although the application is presented in a highly attractive manner, you should think twice before you decide to trust it. Once you install it, data-tracking tools will be activated to monitor your activity. Since the PUP (potentially unwanted program) does that silently, and it might appear to be quite useful to some, not everyone will rush to delete GamingHub. So, should you remove this extension or should you just ignore the security risks and enjoy the services it provides? Continue reading to find out. Read more »

LoJax is the First UEFI Rootkit, and It Is a Highly Sophisticated Threat

Do you know what kind of malware might persist even if the infected operating system is reinstalled and the hard disk is replaced? It is UEFI (Unified Extensible Firmware Interface) rootkits. In the past, these rootkits were detected only in internal labs controlled by malware researchers, but LoJax has changed the history. It is the first UEFI rootkit to have been found in the wild. Intel created UEFI to replace BIOS (Basic Input/Output System), and all chipsets should use it by 2020. Unfortunately, that means that anyone could become the target of this malware. The rootkit was found to communicate with C&C servers that belong to Sednit, a well-known cyber-espionage group that is also known by other names, including Fancy Bear, PT28, Sofacy, and Strontium. This group has been active since 2004, and it is known for attacking government-level agencies and organizations. Read more »

xiti.com

xiti.com is a product of XiTi, the company which specializes in digital intelligence solutions. One of these solutions is “collecting reliable, relevant data” that fits special companies’ needs. Research conducted by specialists working at anti-spyware-101.com has shown that the company has a bunch of customers around the world. These include various media companies, e-commerce companies, companies providing financial services, and a great number of public institutions and corporations. Consequently, there must be hundreds of users who have encountered the xiti.com tracking cookie. If you belong to this group, it simply means that you have opened the website that belongs to the company using the service provided by XiTi, or, alternatively, you have clicked on the commercial advertisement produced by it. Either way, this tracking cookie is not dangerous, so it should not cause you any problems linked to your privacy and security. It is not harmful, so it is not a must to remove it too. Of course, it is up to you what to do with it. If you are worried that your privacy might be in danger due to the xiti.com presence on your system, remove it without further consideration. You do not need to be an expert to erase it from the system manually, believe us. Read more »

Torii Botnet Can Be Used to Exfiltrate Personal Data, Researchers Say

A botnet is a network of computers/systems that are infected with the same kind of malware to perform cyber attacks on a large scale. Torii Botnet is one of the newest botnets to be uncovered, but it is believed to have been active for at least a year now. Most botnets are utilized for mass spam email attacks that could, for example, be used to spread ransomware or expose users to phishing scams. They can also be used for DDoS (distributed denial-of-service) attacks that are primarily meant to disrupt regular traffic to a server or network. Read more »

Super Speedup 2018

Super Speedup 2018

We install PC optimization tools expecting that they will clean our systems. Unfortunately, not all of them do what they promise to do. Super Speedup 2018 is presented as a useful tool “designed and tested with utmost care to keep your PCs running smooth, fast and error free” as well; however, if you install this piece of software on your computer, you will see for yourself that this program is not free. In other words, it will not clean and optimize the system for you for free. In other words, Super Speedup 2018 works as a diagnostic tool unless upgraded, which, in fact, many users do not know before they click the Download Now button on the official application’s website http://winboost.site/. The program is not free, we can assure you that, so if you are looking for a tool that would clean and optimize your system free of charge, there is surely no point in installing Super Speedup 2018. You should not install its clones (e.g. Power Cleaner 2018, Win Speedup 2018, and Speedy SystemCare) on your computer as well because they are not free tools. Have you already installed Super Speedup 2018 on your system? Make sure you do not keep it installed if you are not going to upgrade it. We see no reason you should keep useless programs installed on the system. Read more »

Rush Music Search

Rush Music Search

Has your default search provider been changed to Rush Music Search out of the blue? If so, it is very likely that this has happened not without reason. The majority of users whose search engines are changed to this search tool install the browser extension named Rush Music Search on their computers themselves. Some of them download it from http://livemediasearch.systems, which is the extension’s official website, or directly from the Chrome Web Store, whereas others cannot even explain how this piece of software has managed to enter their computers. The Rush Music Search extension is presented as a useful tool for those who wish to perform music searches right from their web browsers’ URL bar, but we cannot confirm that it will really improve your web browsing experience. Also, you need to know that your web browser’s settings will be changed if you install Rush Music Search. If you are not ready for that, you should choose another program for performing music searches on the web. In case you have already installed Rush Music Search and found your default search provider changed, you could only undo the changes applied by deleting Rush Music Search from the system completely. You should take care of all other undesirable/unknown applications active on your system at the same time because they may cause you problems. Read more »

Bridgetrack

The Bridgetrack cookie is a piece of data that has been employed to track users’ activity since at least 2009. It can record the user’s geographical location, as well as search history and interaction with virtual content. All of this information is supposed to help the service provider and advertising companies working along with it to present more personalized content. In some cases, this is not a good thing as malicious parties can use cookies to figure out what intrigues potential targets. This could be used to deliver scams successfully. Anti-Spyware-101.com research team does not have any data that would point to the cookie discussed in this report to be malicious. Does that mean that you should just let it in and do whatever it pleases? Before you do that, you want to understand how it works. If you continue reading this report, you will be able to decide whether or not you want to delete Bridgetrack from your web browser. If you have made up your mind already, the removal guide is below. Read more »