Author Archives: Sarah Stewart

backtonormal@foxmail.com Ransomware

backtonormal@foxmail.com Ransomware

backtonormal@foxmail.com Ransomware is a nasty computer infection you might encounter if you surf the Internet on a daily basis, you download various programs from P2P websites, and you tend to open email attachments from random emails you receive. It has turned out that backtonormal@foxmail.com Ransomware is not exactly a brand new computer threat. According to our specialists, it seems to be a variant of Crysis/Dharma Ransomware. This finding has helped them to obtain information about its modus operandi in no time because it does not differ much from the previous versions of this ransomware infection. We can assure you that the entrance of backtonormal@foxmail.com Ransomware will not be anywhere near pleasant because this nasty infection will lock files on your computer immediately if it ever finds a way to infiltrate your computer. This threat finds victims’ files and locks them right away, so it is very likely that it will already be too late to change something when you find out about the successful entrance of backtonormal@foxmail.com Ransomware. You will not rescue those encrypted files by removing the ransomware infection from the system, i.e. none of them will be automatically unlocked for you, but you will protect your all new files by removing backtonormal@foxmail.com Ransomware from the system. Read more »

Search.terraarcade.com

Search.terraarcade.com

Search.terraarcade.com looks like your regular search engine, but no user would ever want use this domain. In fact, our research specialists say that if you see this website on your browser, it means that you have been affected by a browser hijacker. A browser hijacker is not a major computer security threat, but it would not be a good idea to keep it. Do yourself a favor and remove Search.terraarcade.com today following the instructions you will find below this description. Afterwards, you should check whether there is more potentially unwanted software installed on your PC. Read more »

helpersmasters@airmail.cc Ransomware

helpersmasters@airmail.cc Ransomware

helpersmasters@airmail.cc Ransomware is not a completely new threat, as research conducted by our experienced specialists has confirmed. It is just a new variant of Scarab-Bomber Ransomware. Without a doubt, it shares some similarities with its predecessor, so it was not hard to learn more about its behavior. It has turned out that the ransomware infection acts just like its predecessor. That is, once it infiltrates users’ computers, it immediately locks files found on them. Ransomware infections encrypt those files that users value the most. Some of these files are documents, images, and music. Crypto-threats no doubt use secure encryption algorithms to lock data on affected computers so that it would be impossible for ordinary computer users to unlock them without the unique key and the special decryptor. Only cyber criminals have them, but do not let them convince you to purchase these tools from them – they might not be sent to you even if you make a payment. In other words, you will lose your money as well. Since you cannot know whether you could unlock your files after you send money to cyber criminals, we suggest that you focus on the helpersmasters@airmail.cc Ransomware removal instead. Once the threat is gone from the system, you could try out alternative data recovery methods, e.g. available automated data recovery tools. Read more »

YaTab

YaTab

Not all extensions are equal. Some are beneficial and reliable. Others are useless and can be even malicious. YaTab falls somewhere in the middle of the spectrum. This extension does offer seemingly useful services, but it also acts as a browser hijacker that takes over the browser and redirects all search queries to a third-party engine. In the past, Ask.com was the engine of choice; however, Anti-Spyware-101.com researchers have found that it currently redirects to Google Search. Can the results be trusted? They were not modified during our research, but we cannot guarantee that that is what you will face also. In general, if you were not informed that your searches would be redirected, changed, or messed with in any manner, trusting the search service is not a good idea. As you can guess, we advise deleting YaTab, and if you have no idea how you should proceed, just continue reading. If your questions remain unanswered, do not hesitate to use the comments section below to contact our research team. Read more »

CastVPN

CastVPN

If you have downloaded CastVPN hoping to watch your favorite TV series for free, you might not know it yet, but you actually got more than you bargained for. Unfortunately, you are not the winner in this situation. The application is very intrusive, and it appears that it can be used to record incredibly sensitive information about the user and their system and browser. Speaking of browsers, while the application can be downloaded onto any Windows operating system, there is an extension that is compatible with the Google Chrome web browser only. In fact, at the time of research, this extension was the only thing that could be downloaded because the official website (castvpn.com) promoting the application was down. Anti-Spyware-101.com research does not recommend installing any version of the potentially unwanted program (PUP), and if you have installed it already, we have a few tips that will help you remove it. If you are not sure why you should delete CastVPN in the first place, continue reading. Read more »

GandCrab 5 LOADER

GandCrab 5 LOADER is a threat that could spread the so-called GandCrab 5 Ransomware. The malware is vicious as it encrypts user’s personal data and then leaves instructions on how to pay a ransom. Unfortunately, restoring files without specific decryption tools is impossible, and so if the user does not have any backup copies, the encrypted data might be lost forever. Under such circumstances, we would advise learning more about GandCrab 5 LOADER as it could help you keep away from GandCrab 5 Ransomware. So far our researchers managed to find only one loader that distributed the particular ransomware application, so at the end of the article, you will see instructions showing how to erase it manually. However, there could be other malware’s loaders out there, and so we encourage you to read the rest of our report so you could learn more about them. Read more »

Matrix-THDA Ransomware

Matrix-THDA Ransomware

Matrix-THDA Ransomware is a threat that drops a text file claiming the user’s files were encrypted because of some server vulnerabilities. The cybercriminals not only claim they can provide the necessary decryption key and decryption software but also offer to help the victim to secure the server/system. However, we would not recommend trusting them as no matter how friendly and polite the ransom note may appear to be, in reality, there are no reassurances they will hold on to their end of the deal. Therefore, what we recommend to those who encounter the malware is deleting it. We believe it is safer to recover files from backup copies. Not to mention, using backup files would be cost-free as Matrix-THDA Ransomware’s creators may ask for a ransom. If you want to learn more before coming up with a decision you should read the rest of this report. For those who have already decided we would suggest completing the steps listed below the article. Read more »

NetMeterX

NetMeterX

NetMeterX is a PUP or a potentially unwanted program to be more precise. Even though such applications are not considered to be harmful or malicious, users should still be extra cautious with them. While the tool itself might be harmless, it could have annoying qualities or might introduce you to potentially dangerous content, for example, unreliable third-party advertisements. Therefore, before placing such software on the system, it is essential to learn all about it, which is why further in this article we will tell you more about NetMeterX. Our researchers do not recommend taking any chances with it, and so at the end of this page, you can find instructions explaining how to remove the PUP manually. Also, if you have any questions, keep in mind you can leave us a message below the article. Read more »

Scrabber Ransomware

Cyber criminals have not stopped developing new ransomware infections on the HiddenTear engine yet because Scrabber Ransomware, a new HiddenTear-based ransomware infection, has been spotted in the wild by malware researchers. It seems that the ransomware infection targets both Russian and English-speaking users because it drops a ransom note in both languages after encrypting users’ personal files. At first glance, it acts as an ordinary ransomware infection; however, unlike ordinary computer threats, it seems that it does not demand money from users who fall victim to it. It only asks them to send a PC name and a user name (these are the same unless there is more than one PC user created). We cannot promise that your files will be unlocked once you do so even though the message dropped on victims’ computers claims that the ransomware infection has not been developed to obtain money from users: “We are not scammers and do not pursue the purpose of collecting money, do not file a complaint against us, please’ (taken from the English version of the ransom note dropped). Cyber criminals will not remove Scrabber Ransomware from the system for you either – you will have to do so yourself. No matter what you decide to do, i.e. whether or not you send the PC/user name to the ransomware developer, do not forget that you must fully remove this infection no matter what. Read more »

LightSpeedPC

LightSpeedPC

LightSpeedPC is a potentially unwanted program (PUP), which suggests that it should not be trusted. This category means the application might have unwanted qualities and could be unreliable, but it does not mean it is malicious or dangerous. Another thing you should know is even though the tool’s creators may claim the software can clean the system and visibly improve the computer’s performance, our specialists say it is rather unlikely. Apparently, the issues that the application detects and blames for the system’s slow performance may not be the cause after all. In which case, using the PUP might not bring the results you wanted to achieve. Consequently, we would recommend not to leave the tool unattended and erase it. To delete LightSpeedPC manually, you should have a look at the instructions placed at the end of the article. On the other hand, if learning about the software is of the same importance to you, we encourage you to read our article first. Read more »