• Tag Archives online virus
  • Zeus Trojan (or Zbot Trojan) steals confidential information from the infected computer.

    Pandemiya hacking trojan

    A new and relatively rare Zeus Trojan program was found which is totally different from other banking Trojans and has capability to secretly steal data from forms, login credentials and files from the victim as well as can create fake web pages and take screenshots of victim’s computer.

    Researchers at RSA Security’s FraudAction team have discovered this new and critical threat, dubbed as ‘Pandemiya’, which is being offered to the cyber criminals in underground forums as an alternative to the infamous Zeus Trojan and its many variants, that is widely used by most of the cyber-criminals for years to steal banking information from consumers and companies.

     

    The source code of the Zeus banking Trojan is available on the underground forums from past few years, which lead malware developers to design more sophisticated variants of Zeus Trojan such as Citadel, Ice IX and Gameover Zeus.

     

    But, Pandemiya is something by far the most isolated and dangerous piece of malware as the author spent a year in writing the code for Pandemiya, which includes 25,000 lines of original code written in C.
    Like other commercial Trojan, Pandemiya infect the machines through exploit kits and via drive-by download attacks to boost infection rate that exploit flaws in the vulnerable software such as Java, Silverlight and Flash within few seconds victim lands on the web page.

    Pandemiya’s coding quality is quite interesting, and contrary to recent trends in malware development, it is not based on Zeus source code at all, unlike Citadel/Ice IX, etc.,” researchers from RSA, the security division of EMC, said Tuesday in a blog post. “Through our research, we found out that the author of Pandemiya spent close to a year of coding the application, and that it consists of more than 25,000 lines of original code in C.

    Pandemiya Trojan using Windows CreateProcess API to inject itself into every new process that is initiated, including Explorer.exe and re-injects itself when needed. Pandemiya is being sold for as much as $2,000 USD and provides all the nasty features including encrypted communication with command and control servers in an effort to evade detection.The Trojan has been designed with modular architecture to load more external plug-ins, which allows hackers to add extra features simply by writing new DLL (dynamic link library). The extra plug-ins easily add capabilities to the Trojan’s core functionality, that’s why the developer charge an extra of $500 USD to get the core application as well as its plugins, which allows cybercriminals to open reverse proxies on infected computers, to steal FTP credentials and to infect executable files in order to inject the malware at start up.

     

    The advent of a freshly coded new trojan malware application is not too common in the underground,” Marcus writes, adding that the modular approach in Pandemiya could make it “more pervasive in the near future.

    The malware developers are also working on other new features to add reverse Remote Desktop Protocol connections and a Facebook attack module in order to spread the Trojan through hijacked Facebook accounts.

    HOW TO REMOVE PANDEMIYA TROJAN

    The Trojan can be easily removed with a little modification in the registry and command line action, as explained below:

      1. Locate the registry key HKEY_LOCAL_USER\Software\Microsoft\Windows\CurrentVersion\Run and identify the *.EXE filename in your user’s ‘Application Data’ folder. Note the name, and delete the registry value.
      2. Locate the registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls. Find the value with the same name as the *.EXE file in the previous step. Note the file name, and remove the value from the registry.
      3. Reboot the system. At this stage Pandemiya is installed but no longer running. Delete both files noted earlier. This will remove the last traces of the Trojan. Your system is now clean.

    Please Visit our Computer News Website and Blog

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

    Fort Lauderdale, Miami, Boca Raton, Boynton Beach and all South Florida


  • First Android Phone Ransomware that Encrypts your SD card Files

    We have seen cybercriminals targeting PCs with Ransomware malware that encrypts your files or lock down your computer and ask for a ransom amount to be paid in a specified duration of time to unlock it.
    To deliver the Ransomware malwares to the mobile devices, cyber criminals have already started creating malicious software programs for android devices. Last month, we reported about a new Police Ransomware malware that locks up the devices until the victims pay a ransom to get the keys to unlock the phone. But, the malware just lock the mobile screen and a loophole in the its implementation allowed users to recover their device and data stored on SDcard.

    Now, in an effort to overcome this, threat actors have adopted encryption in the development of mobile Ransomware malwares. Recently, the security firm ESET has discovered a new Android ransomware, dubbed as Android/Simplocker.A, that has ability to encrypt the files on the device SD card and then demand a ransom from the victim in order to decrypt those files.

    Once installed, the malware scans the SD card for certain file types such as image, document or video with extensions – jpeg, jpg, png, bmp, gif, pdf, doc, docx, txt, avi, mkv, 3gp, mp4 and encrypts them using AES in a separate thread in the background. After encrypting the files, the malware displays the following ransom message, written in Russian, which clearly means that this threat is targeting Russian Android users.

    WARNING your phone is locked!
    The device is locked for viewing and distributing child pornography , zoophilia and other perversions.
    To unlock you need to pay 260 UAH.
    1.) Locate the nearest payment kiosk.
    2.) Select MoneXy
    3.) Enter {REDACTED}.
    4.) Make deposit of 260 Hryvnia, and then press pay. Do not forget to take a receipt!
    After payment your device will be unlocked within 24 hours. In case of no PAYMENT YOU WILL LOSE ALL DATA ON your device!

    The Ransomware malware directs victim to pay the ransom amount i.e. 260 UAH, which is roughly equal to $21 US, through the MoneXy service, as this payment service is not easily traceable as the regular credit card.

    mobile virus

    To maintain anonymity the malware author is using the Command-and-Control server hosted on TOR .onion domain and the malware sends the information of the infected device such as IMEI number to its server. The researchers at ESET are still analysing the malware:

    Our analysis of the Android/Simplock.A sample revealed that we are most likely dealing with a proof-of-concept or a work in progress – for example, the implementation of the encryption doesn’t come close to “the infamous Cryptolocker” on Windows.

    The researchers have found that the malware is capable to encrypt the victim’s files, which could be lost if the decryption key is not retrieved from the malware author by paying the ransom amount, but on the other hand the researchers strongly advise users against paying fine, as their is no guarantee that the hacker will provide you decryption keys even after paying the amount.
    Unfortunately, mobile antivirus products are only capable to detect such known/detected threats only and can’t detect similar the new threats. So, it is important for you to always keep the back-up of all your files either manually on the computer system or use cloud backup services like dropbox, google drive etc, in order to protect it from the emerging threats.

    Please Visit our Computer News Website and Blog

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

    Fort Lauderdale, Miami, Boca Raton, Boynton Beach and all South Florida

     


  • NEW VIRUS ALERT ->Careto malware is frighteningly sophisticated

    The software, dubbed Careto, is a sophisticated suite of tools for compromising computers and collecting a wealth of information from them. Whoever is behind the malware sends out “spear phishing” e-mails, with addresses designed to be mistaken for the Web sites of mainstream newspapers, such as The Washington Post or the Guardian. If the user clicks on a link, it takes her to a Web site that scans her system for vulnerabilities and attempts to infect it. There are multiple versions of the malicious software designed to attack Windows, Mac OS X and Linux versions, and Kapersky believes there may be versions that attack iOS and Android.

    Once Careto has compromised a system, it begins collecting sensitive information from it. The software can “intercept network traffic, keystrokes, Skype conversations, analyse WiFi traffic, PGP keys, fetch all information from Nokia devices, screen captures and monitor all file operations.”

    CALL – COMPUTER REPAIR at 754-234-5598 if you are infected by any of these viruses.

    www.ccrepairservices.com


  • We can remove the FBI Virus Scam | MoneyPack Virus Fix it today Online or Locally

    FEDERAL BUREAU OF INVESTIGATION & DEPARTMENT OF JUSTICE SPYWARE

    CALL US NOW SO WE CAN REMOVE THIS PEST FROM YOUR COMPUTER

    DONT BE FOOLED, Complete Computer Repair Service can Eliminate this new threat

    CALL 754-234-5598

    FBI Moneypak Virus Greendot MoneyPak Black Background Called Department Of Justice FBI or Local Police Dept.

    FBI Moneypak Virus Spyware Malware? Your computer has been blocked by FBI send $100 dollars or $300 to moneypak or moneygram? STOP DoNot send in any money. CALL US.

    Virus Removal – Spyware Removal – Trojan Horse Removal

    Computer Worms Removal & Repair. FBI Virus Removal Repair & MORE

    ____________________________________________________________________________________________________________________________

    www.ccrepairservices.com


  • NEW VIRUS – Windows Safety Master Virus Windows PC Computers

    Windows Safety Master is a rogue anti-spyware program from the Rogue.FakeVimes family of computer infections. This program is considered scareware because it displays fake scan results, fake security warnings, and does not allow you to run programs on your computer. Windows Safety Master is distributed through web sites that display a fake online virus scanner that states your computer is infected and then prompts you to download the installation file. This infection is also promoted by hacked web sites that contain exploit code that tries to install the infection on your computer without your permission or knowledge.

    When Windows Safety Master is installed it will be configured to automatically start when you login to Windows. Once started, it will pretend to scan your computer and then states that there are numerous infections present. If you attempt to remove any of these supposed infections, the program will state that you first need to purchase a license before being allowed to do so. As all of the scan results are false, please ignore any prompts to purchase the program.

    Windows Safety Master screen shot

     

    To protect itself from being removed, Windows Safety Master will also block you from running any legitimate application on your computer. It does this to prevent you from running legitimate security software that may detect it as an infection and remove it. The message that you will see when you attempt to run a program is:

    Firewall has blocked a program from accessing the Internet
    C:\Program Files\Internet Explorer\iexplore.exe
    is suspected to have infected your PC.
    This type of virus intercepts entered data and transmits them
    to a remote server.

    When you see this message please ignore it as your programs are not infected and will work normally after this infection is removed.

    While Windows Safety Master is running it will also display fake security alerts that are designed to make you think your computer has a severe security problem. Some of these warnings include:

    Error
    Trojan activity detected. System integrity at risk.
    Full system scan is highly recommended.

    Error
    System data security is at risk!
    To prevent potential PC errors, run a full system scan.

    Warning! Identity theft attempt detected
    Hidden connection IP: xx.xxx.xxx.xxx
    Target: Microsoft Corporation keys
    Your IP: 127.0.0.1

    Just like the scan results, these warnings are fake and can be ignored.

    As you can see, this infection was created for the sole reason of scaring you into purchasing it. It goes without saying that you should definitely not purchase Windows Safety Master, and if you already have, please contact your credit card company and dispute the charges stating that the program is a scam and a computer virus. To remove Windows Safety Master and other related malware, PLEASE VISIT OUR WEBSITE

    CALL – COMPUTER REPAIR at 754-234-5598 if you are infected by any of these viruses.

    www.ccrepairservices.com


  • LiveSupport Un-wanted Program

    The LiveSupport program is a small program that displays contact information for a remote support company and suggests that you download a variety of security programs to protect your computer. This program is commonly bundled with free programs that you can download off of the Internet. These free programs bundle adware programs like LiveSupport in order to generate revenue even though the program you wanted is free. Once installed, Live Support will automatically start when you login to Windows and display an icon of a remote-support person’s head on the title bar of the active Window. When you click on this head icon, you will be shown a screen that offers a remote support number, which is currently 1-855-544-6024, as well as a tab that pretends to perform a system check and recommends two of four programs. The programs it promotes are Driver Pro, Optimizer Pro, Driver Updater, and System Performance Optimizer.

     


    LiveSupport screen shot

     

    It is important to note that even though some may find this program to be misleading and annoying, it is not an actual computer infection. Rather this program is installed by free programs that did not adequately disclose that other software would be installed along with it. Therefore, it is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed. Furthermore, If the license agreement or installation screens state that they are going to install a toolbar or other unwanted adware, it is advised that you cancel the install and not use the free software.

    This program does contain an uninstall entry within the Add or Remove Programs or Uninstall Programs control panel. Unfortunately, there have been many cases where the program did not fully remove itself when using the control panel or it encountered errors. For this reason you may contact Complete Computer Repair Services at 754-234-5598 or Visit our Online Website www.ccrepairservices.com


  • Windows Efficiency Kit Virus

    Windows Efficiency Kit is a rogue anti-spyware program from the Rogue.FakeVimes family of computer infections. This program is considered scareware because it displays false scan results, fake security warnings, and does not allow you to access your legitimate Windows applications. Windows Efficiency Kit is distributed through web sites that display a fake online virus scanner that states your computer is infected and then prompts you to download the installation file. This infection is also promoted by hacked web sites that contain exploit code that tries to install the infection on your computer without your permission or knowledge.

    Once Windows Efficiency Kit is installed it will be configured to automatically start when you login to Windows. Once started, it will pretend to scan your computer and then states that there are numerous infections present. If you attempt to remove any of these supposed infections, the program will state that you first need to purchase a license before being allowed to do so. As all of the scan results are false, please ignore any prompts to purchase the program.

    Windows Efficiency Kit screen shot

    To protect itself from being removed, Windows Efficiency Kit will also block you from running any legitimate application on your computer. It does this to prevent you from running legitimate security software that may detect it as an infection and remove it. The message that you will see when you attempt to run a program is:

    Firewall has blocked a program from accessing the Internet

    Internet Explorer
    C:\Program Files\Internet Explorer\iexplore.exe

    is suspected to have infected your PC.
    This type of virus intercepts entered data and transmits them
    to a remote server.

    When you see this message please ignore it as your programs are not infected and will work normally after this infection is removed.

    While Windows Efficiency Kit is running it will also display fake security alerts that are designed to make you think your computer has a severe security problem. Some of these warnings include:

    Error
    There’s a suspicious software running on your PC. For more details, run a system file check.

    Error
    Trojan activity detected. System data security is at risk. It is recommended to activate protection and run a fully system scan.

    Just like the scan results, these warnings are fake and can be ignored.

    Without a doubt, this infection was created for the sole reason of scaring you into purchasing it. It goes without saying that you should definitely not purchase Windows Efficiency Kit, and if you already have, please contact your credit card company and dispute the charges stating that the program is a scam and a computer virus. To remove Windows Efficiency Kit and other related malware, PLEASE VISIT OUR WEBSITE

    CALL – COMPUTER REPAIR at 754-234-5598 if you are infected by any of these viruses.

    www.ccrepairservices.com


  • Downdapp.com Pop-up Virus

    If you are seeing pop-up ads from Downdapp.com whenever you are opening a new tab within Internet Explorer, Firefox and Google Chrome, then your computer is infected with an adware or a potentially unwanted program.
    [Image: Downdapp.com pop-up virus]

    The Downdapp.com pop-up happens regardless of the web browser or search engine, and if you are seeing a pop-up from Downdapp.com asking you to update your browser or another piece of software, then your computer may be infected with adware or a potentially unwanted program.
    This infection is designed specifically to make money. It generates web traffic, collects sales leads for other dubious sites, and will display advertisements and sponsored links within your web browser.
    Downdapp.com is not a malicious domain itself, however cyber criminals are using malicious products to display ads from this domain, and thus getting pay-per-click revenue.

    The Downdapp.com ads are caused by an ad-supported (users may see additional banner, search, pop-up, pop-under, interstitial and in-text link advertisements) cross web browser plugin for Internet Explorer, Firefox and Chrome, which is distributed through various monetization platforms during installation. This malicious browser extensions is typically added when you install another free software (video recording/streaming, download-managers or PDF creators) that had bundled into their installation this adware program.
    When installed this adware program will open a Downdapp.com pop-up box stating that you need to updated your flash player or install an update for another software. If you click on the “Download” or “Click to install now” button, instead of installing an update for your browser, you’ll agree to download adware and other malicious programs onto your computer. The Downdapp.com malicious programs may install on your computer: toolbars (Babylon Toolbar, Delta Toolbar), adware (Yontoo, DealPly, CouponBuddy) or other forms of malware.

    This infection will also display advertising banners on the webpages that you are visiting, and as you browse Internet, it will show coupons and other deals available on different websites.

    You should always pay attention when installing software because often, a software installer includes optional installs, such as this Downdapp.com pop-up ads. Be very careful what you agree to install.
    Always opt for the custom installation and deselect anything that is not familiar, especially optional software that you never wanted to download and install in the first place. It goes without saying that you should not install software that you don’t trust.

    www.ccrepairservices.com

    Call  Us to remove this virus infection at 754-234-5598


  • ▲ COMPUTER REPAIR Sony HP Dell Acer Compaq Asus Gateway Toshiba Apple

    Computer Repair Services

    TRUSTED BUSINESS Onsite Laptop Repair Services

     

    COMPUTER REPAIR FOR YOUR MAC OR WINDOWS PC LAPTOP, DESKTOP NETBOOK & NOTEBOOK COMPUTER

    All Type of computer repairs including dc jack and laptop screens highly recommended

    When you have a computer related problem you want to make sure that the people that are doing the repair are trustworthy. We sell all brand of computer and laptop product and accessories. We have over 20 Plus years of experience.

    We have been established, and have been rated #1 for Customer Service In the South Florida area for over 7 years.

    We can replace your broken or cracked laptop screen same day in your home office or business with no extra fees. We replace LCD and LED computer screens. We service brands such as HP, THINKPAD, TOSHIBA, ACER, GATEWAY, E-MACHINE, SONY, APPLE, DELL, IBM, LENOVO, ASUS, COMPAQ, MACBOOK, IBOOK, SAMSUNG APPLE COMPUTER & MORE

    COMPUTER REPAIR SERVICES -TRY US TODAY 754-234-5598

    www.ccrepairservices.com


  • Windows Premium Shield

    Windows Premium Shield is a scareware program from the Rogue.FakeVimes family of computer infections. This program is considered scareware because it displays false scan results, fake security warnings, and does not allow you to access your legitimate Windows applications. Windows Premium Shield is distributed through web sites that display a fake online virus scanner that states your computer is infected and then prompts you to download the installation file. This infection is also promoted by hacked web sites that contain exploit code that tries to install the infection on your computer without your permission or knowledge.

    Once Windows Premium Shield is installed it will be configured to automatically start when you login to Windows. Once started, it will pretend to scan your computer and then states that there are numerous infections present. If you attempt to remove any of these supposed infections, the program will state that you first need to purchase a license before being allowed to do so. As all of the scan results are false, please ignore any prompts to purchase the program.

     

    Windows Premium Shield screen shot
    Windows Premium Shield screen shot

    To protect itself from being removed, Windows Premium Shield will also block you from running any legitimate application on your computer. It does this to prevent you from running legitimate security software that may detect it as an infection and remove it. The message that you will see when you attempt to run a program is:

    Firewall has blocked a program from accessing the Internet
    C:\Program Files\Internet Explorer\iexplore.exe
    is suspected to have infected your PC.
    This type of virus intercepts entered data and transmits them
    to a remote server.

    When you see this message please ignore it as your programs are not infected and will work normally after this infection is removed.

    While Windows Premium Shield is running it will also display fake security alerts that are designed to make you think your computer has a severe security problem. Some of these warnings include:

    Error
    Trojan activity detected. System integrity at risk.
    Full system scan is highly recommended.

    Error
    System data security is at risk!
    To prevent potential PC errors, run a full system scan.

    Just like the scan results, these warnings are fake and can be ignored.

    Without a doubt, this infection was created for the sole reason of scaring you into purchasing it. It goes without saying that you should definitely not purchase Windows Premium Shield, and if you already have, please contact your credit card company and dispute the charges stating that the program is a scam and a computer virus.

    To remove Windows Premium Shield and other related malware, Please call Complete Computer Repair Services at 754-234-5598


  • Windows Accelerator Pro Virus

    Windows Accelerator Pro is a rogue anti-spyware program from the Rogue.FakeVimes family of computer infections. This program is considered scareware because it displays false scan results, fake security warnings, and does not allow you to access your legitimate Windows applications. Windows Accelerator Pro is distributed through web sites that display a fake online virus scanner that states your computer is infected and then prompts you to download the installation file. This infection is also promoted by hacked web sites that contain exploit code that tries to install the infection on your computer without your permission or knowledge.

    Once Windows Accelerator Pro is installed it will be configured to automatically start when you login to Windows. Once started, it will pretend to scan your computer and then states that there are numerous infections present. If you attempt to remove any of these supposed infections, the program will state that you first need to purchase a license before being allowed to do so. As all of the scan results are false, please ignore any prompts to purchase the program.

    To protect itself from being removed, Windows Accelerator Pro will also block you from running any legitimate application on your computer. It does this to prevent you from running legitimate security software that may detect it as an infection and remove it. The message that you will see when you attempt to run a program is:

    Firewall has blocked a program from accessing the Internet
    C:\Program Files\Internet Explorer\iexplore.exe
    is suspected to have infected your PC.
    This type of virus intercepts entered data and transmits them
    to a remote server.

    When you see this message please ignore it as your programs are not infected and will work normally after this infection is removed.

    While Windows Accelerator Pro is running it will also display fake security alerts that are designed to make you think your computer has a severe security problem. Some of these warnings include:

    Error
    Trojan activity detected. System integrity at risk.
    Full system scan is highly recommended.

    Error
    System data security is at risk!
    To prevent potential PC errors, run a full system scan.

    Just like the scan results, these warnings are fake and can be ignored.

    Complete Computer Repair Services can effectively remove this virus from your system wihthout any loss of data. Call 754-234-5598