• Category Archives Virus Threats

  • New emerging viruses and spyware loose in the net and identification of diffrent type of malware

  • Prison Locker Virus Upcoming in 2014

    Posted on by admin Comment

    Ransomware is one of the most blatant and obvious criminal’s money making schemes out there. Ransomware malware was mostly known by the people when Cryptolocker comes into play. At the time when readers were getting aware of ransomware, Cryptolocker threat had touched the peak and other money motivated cyber criminals have started developing their own Cryptolocker versions.

    Two hackers going by the name of ‘gyx’ and ‘Porphyry’ (admin of maldev.net hacking forum) are advertizing a new ramsomware malware tool-kit called “Prison Locker” on various hacking forums with tutorials.

    They have developed the Prison Locker a.k.a Power Locker ramsomware toolkit in C/C++ programming language, proving a GUI version with customizable features for customers.

    The Ransomware is using BlowFish encryption to encrypt all available files on the victim’s hard disk and shared drives except .exe, .dll, .sys, other system files.

    During encryption it will generate unique BlowFish key for each file and then encrypts the keys further with RSA-2048 encryption and will send victim’s system information back to the command-and-control center of the attacker.

    As the developer mention in a Pastebin post, the Command-and-control center allows an attacker to set the ramsomware warning time duration, ransom amount, payment mode and also allow decrypting the files on the victim system after payment received.

    The addition features added to Prison Locker:

    • The malware is able to detect Virtual Machine, Sandbox mode, and debugging environments.
    • It Will disable Windows key & Escape key to prevent unwanted user actions.
    • Malware can startup in both regular boot mode and safe boot under HKCU.
    • Kills taskmgr, regedit, cmd, explorer, and msconfig. processes to prevent unwanted user actions.

    If you get infected with this virus call Computer Repair Services at 754-234-5598

    www.ccrepairservices.com


    Computer News Virus Threats 📎and tagged

  • Apple Mac OS X Flashback Trojan Is still Alive, Recently Infected 22,000 Machines

    Posted on by admin Comment

    The Flashback Trojan, the most sophisticated piece of malware that infected over 600,000 Apple’s Macs systems back in April, 2012 is still alive and has infected about 22,000 machines recently, according to the researchers from Intego.

    For a refresh, Flashback Trojan was first discovered in September 2011, basically a trojan horse that uses a social engineering to trick users into installing a malicious Flash player package.

    Once installed, the Flashback malware injects a code into that web browser and other applications like Skype to harvest passwords and other information from those program’s users. The Trojan targets a known vulnerability in Java on Mac OS X systems.

    The system gets infected after the user redirects to a compromised website, where a malicious javascript code to load the exploit with Java applets. Then an executable file is saved on the local machine, which is used to download and run malicious code from a remote location.

    It took Apple months to recognize the severity of this Mac malware threat, which first appeared in the Fall of 2011. However, Apple released the patch and updated the specific introduction about the operating system,“It doesn’t get PC viruses” to “It’s built to be safe.” on the Apple website. Intego said:

    “The Apple Product Security Response team took serious actions in 2012 to mitigate the threat using XProtect and other security updates (including a Malware Removal Tool), however, the botnet count was only divided by six according to our sinkhole.

    Now in 2014, Intego researcher Abbati claims that Flashback botnet is still alive and is silently “adrift.”

    “Intego purchased some of the command and control (C&C) server domain names to monitor the Flashback threat that infected hundreds of thousands of Macs. Beginning January 2, we studied those domains and our sinkhole servers recorded all connections from Macs where Flashback is still active and trying to contact the C&C servers.

     

    Flashback botnet On April 2012, the Mac world was stunned to learn that the Flashback Trojan had infected millions of machines. The Flashback Ad-clicking the component tool that caused infected Macs to view sponsored links that had the potential to generate millions of dollars in fraudulent ad revenue. In addition, it has the capability to do much more, including sending spam, engaging in denial-of-service attacks, or logging passwords.

    To protect your computer from contracting the virus now, Call Online Complete Computer Repair Services 754-234-5598

    www.ccrepairservices.com

     


    Computer News Virus Threats 📎and tagged

  • Downdapp.com Pop-up Virus

    Posted on by admin Comment

    If you are seeing pop-up ads from Downdapp.com whenever you are opening a new tab within Internet Explorer, Firefox and Google Chrome, then your computer is infected with an adware or a potentially unwanted program.
    [Image: Downdapp.com pop-up virus]

    The Downdapp.com pop-up happens regardless of the web browser or search engine, and if you are seeing a pop-up from Downdapp.com asking you to update your browser or another piece of software, then your computer may be infected with adware or a potentially unwanted program.
    This infection is designed specifically to make money. It generates web traffic, collects sales leads for other dubious sites, and will display advertisements and sponsored links within your web browser.
    Downdapp.com is not a malicious domain itself, however cyber criminals are using malicious products to display ads from this domain, and thus getting pay-per-click revenue.

    The Downdapp.com ads are caused by an ad-supported (users may see additional banner, search, pop-up, pop-under, interstitial and in-text link advertisements) cross web browser plugin for Internet Explorer, Firefox and Chrome, which is distributed through various monetization platforms during installation. This malicious browser extensions is typically added when you install another free software (video recording/streaming, download-managers or PDF creators) that had bundled into their installation this adware program.
    When installed this adware program will open a Downdapp.com pop-up box stating that you need to updated your flash player or install an update for another software. If you click on the “Download” or “Click to install now” button, instead of installing an update for your browser, you’ll agree to download adware and other malicious programs onto your computer. The Downdapp.com malicious programs may install on your computer: toolbars (Babylon Toolbar, Delta Toolbar), adware (Yontoo, DealPly, CouponBuddy) or other forms of malware.

    This infection will also display advertising banners on the webpages that you are visiting, and as you browse Internet, it will show coupons and other deals available on different websites.

    You should always pay attention when installing software because often, a software installer includes optional installs, such as this Downdapp.com pop-up ads. Be very careful what you agree to install.
    Always opt for the custom installation and deselect anything that is not familiar, especially optional software that you never wanted to download and install in the first place. It goes without saying that you should not install software that you don’t trust.

    www.ccrepairservices.com

    Call  Us to remove this virus infection at 754-234-5598


    Virus Threats 📎and tagged

  • Windows Premium Shield

    Posted on by admin Comment

    Windows Premium Shield is a scareware program from the Rogue.FakeVimes family of computer infections. This program is considered scareware because it displays false scan results, fake security warnings, and does not allow you to access your legitimate Windows applications. Windows Premium Shield is distributed through web sites that display a fake online virus scanner that states your computer is infected and then prompts you to download the installation file. This infection is also promoted by hacked web sites that contain exploit code that tries to install the infection on your computer without your permission or knowledge.

    Once Windows Premium Shield is installed it will be configured to automatically start when you login to Windows. Once started, it will pretend to scan your computer and then states that there are numerous infections present. If you attempt to remove any of these supposed infections, the program will state that you first need to purchase a license before being allowed to do so. As all of the scan results are false, please ignore any prompts to purchase the program.

     

    Windows Premium Shield screen shot
    Windows Premium Shield screen shot

    To protect itself from being removed, Windows Premium Shield will also block you from running any legitimate application on your computer. It does this to prevent you from running legitimate security software that may detect it as an infection and remove it. The message that you will see when you attempt to run a program is:

    Firewall has blocked a program from accessing the Internet
    C:\Program Files\Internet Explorer\iexplore.exe
    is suspected to have infected your PC.
    This type of virus intercepts entered data and transmits them
    to a remote server.

    When you see this message please ignore it as your programs are not infected and will work normally after this infection is removed.

    While Windows Premium Shield is running it will also display fake security alerts that are designed to make you think your computer has a severe security problem. Some of these warnings include:

    Error
    Trojan activity detected. System integrity at risk.
    Full system scan is highly recommended.

    Error
    System data security is at risk!
    To prevent potential PC errors, run a full system scan.

    Just like the scan results, these warnings are fake and can be ignored.

    Without a doubt, this infection was created for the sole reason of scaring you into purchasing it. It goes without saying that you should definitely not purchase Windows Premium Shield, and if you already have, please contact your credit card company and dispute the charges stating that the program is a scam and a computer virus.

    To remove Windows Premium Shield and other related malware, Please call Complete Computer Repair Services at 754-234-5598


    Virus Threats 📎and tagged

  • Windows Accelerator Pro Virus

    Posted on by admin Comment

    Windows Accelerator Pro is a rogue anti-spyware program from the Rogue.FakeVimes family of computer infections. This program is considered scareware because it displays false scan results, fake security warnings, and does not allow you to access your legitimate Windows applications. Windows Accelerator Pro is distributed through web sites that display a fake online virus scanner that states your computer is infected and then prompts you to download the installation file. This infection is also promoted by hacked web sites that contain exploit code that tries to install the infection on your computer without your permission or knowledge.

    Once Windows Accelerator Pro is installed it will be configured to automatically start when you login to Windows. Once started, it will pretend to scan your computer and then states that there are numerous infections present. If you attempt to remove any of these supposed infections, the program will state that you first need to purchase a license before being allowed to do so. As all of the scan results are false, please ignore any prompts to purchase the program.

    To protect itself from being removed, Windows Accelerator Pro will also block you from running any legitimate application on your computer. It does this to prevent you from running legitimate security software that may detect it as an infection and remove it. The message that you will see when you attempt to run a program is:

    Firewall has blocked a program from accessing the Internet
    C:\Program Files\Internet Explorer\iexplore.exe
    is suspected to have infected your PC.
    This type of virus intercepts entered data and transmits them
    to a remote server.

    When you see this message please ignore it as your programs are not infected and will work normally after this infection is removed.

    While Windows Accelerator Pro is running it will also display fake security alerts that are designed to make you think your computer has a severe security problem. Some of these warnings include:

    Error
    Trojan activity detected. System integrity at risk.
    Full system scan is highly recommended.

    Error
    System data security is at risk!
    To prevent potential PC errors, run a full system scan.

    Just like the scan results, these warnings are fake and can be ignored.

    Complete Computer Repair Services can effectively remove this virus from your system wihthout any loss of data. Call 754-234-5598


    Virus Threats 📎and tagged

  • Watchout for the newest virus Neverquest Banking trojan

    Posted on by admin Comment

    Neverquest Trojan: Built to Steal from Hundreds of Banks Neverquest is a new banking trojan that spreads itself via social media, email and file transfer protocols. It possesses the capacity to recognize hundreds of online banking and other financial sites. When an infected user attempts to login to one of the sites the trojan reacts by activating itself and pilfering its victim’s credentials. more at Kaspersky and TechRepublic

    CALL Complete Computer Repair to make sure we get you the proper immunization for this virus threat


    Virus Threats 📎and tagged