Backdoor:Win32/Poison.E is a backdoor Trojan that enables remote attackers to get backdoor access and control of the affected computer. Backdoor:Win32/Poison.E strives to copy itself to the infected computer as a potentially malicious file, which is named similarly to a legitimate Windows file and exists by default in the same folder; therefore, the copy attempt probably fails. Backdoor:Win32/Poison.E creates the registry entry so that it can run automatically every time Windows is started. Backdoor:Win32/Poison.E connects to a remote server to receive commands, which allows a remote...

W32.Seswol.B is a worm that proliferates through removable drives and encrypts certain files on the compromised PC. When W32.Seswol.B is executed, it creates the potentially malicious files on all connected removable drives. W32.Seswol.B creates the registry entry. W32.Seswol.B also creates the registry entry so that it can run automatically every time Windows is started. W32.Seswol.B encrypts all files whose extension is not '.sys' on all drives, except for files located on C: drive.

Trojan.Jokra is a Trojan that wipes the hard drive of the affected PC by overwriting the default data with one of several predetermined text strings. Trojan.Jokra is compatible with multiple types of operating systems, and some members of the PC security industry speculate that a variant of Trojan.Jokra was involved in the recent South Korean DarkSeoul (or Mal/EncPk-ACE ) attacks. Although Trojan.Jokra's worldwide distribution numbers are low, given the potential damage of Trojan.Jokra's attacks, SpywareRemove.com malware researchers stress the usefulness of preventative security steps...

Troj/Bredo-AGB is a part of a spam malware attack, which is related to a DHL delivery. Troj/Bredo-AGB spreads via a spam email that pretends to come from DHL Express International. The spam DHL email has the subject line 'DHL delivery report'. The fake email includes false header information, which tricks a target recipient into believing that it is from a shipping company called DHL. The bogus DHL email attempts to dupe PC users into believing that there is a parcel waiting to be shipped to them, but an incorrect postcode has messed the delivery up. The fraudulent email message...

Trojan.Reveton.B (PWS:Win32/Reveton.B) is a Trojan that is used by attackers to distribute various ransomware to vulnerable computers. PWS:Win32/Reveton.B blocks access to the targeted computer, displays a fake image/alert and demands a ransom from a victim to be paid via Ukash or Paysafecard to restore access to the computer. Trojan.Reveton.B is a password-stealing Trojan. Trojan.Reveton.B installs a keystroke logger, commonly referred to as a keylogger, which records keystrokes and transmits the recorded information to remote attackers. Some keyloggers monitor only keystrokes involved...

Chameleon malware is a botnet-based Trojan that creates fraudulent 'clicks' on online advertisements as a money-generating scam. Based on current analyses, SpywareRemove.com malware researchers estimate that Chameleon malware doesn't throttle its fake clicks to hide itself from the PC user; as a result of these excessive numbers of fake advertisement clicks, your PC may suffer from poor speed or stability. Chameleon malware has been known to crash and restart itself frequently and is unlikely to be designed with the sophistication that more extensive botnets than itself are known to...

Mal/EncPk-ACE aka DarkSeoul is a backdoor Trojan that's notable for disabling the Windows operating system, replacing the normal startup sequence with a hacker team's banner prominently for the duration of the attack. Mal/EncPk-ACE, as indicated by its nickname, achieved brief infamy during a recent attack against various South Korean banks and TV broadcast networks, all of which were targeted at the same time. However, if removed properly, Mal/EncPk-ACE hasn't been found to cause long term damage to your PC. Residents of countries other than South Korea are, at this time, considered...

Trojan.Nessess is a Trojan that opens a back door and steals information from the targeted computer. When Trojan.Nessess is executed, it attempts to connect to its command-and-control (C&C) server, which allows remote attackers to perform malicious actions on the hacked PC such as upload, download and run files, list and stop processes, and run a 'cmd.exe' command shell. Trojan.Nessess allows remote attackers to gain full access and control of the infected computer. Trojan.Nessess may download and install additional PC threats on the affected computer system.

W32.Arseefour is a worm that encrypts certain files on the affected computer. W32.Arseefour may circulate via removable drives by replicating itself. W32.Arseefour may create copies on the infected computer system. W32.Arseefour may attempt to steal personal information from the compromised PC. Once installed on the attacked PC, W32.Arseefour may make system changes by adding potentially malicious files and making registry modifications. W32.Arseefour may create the registry entry so that it can start automatically every time you turn your PC on.

TROJ_PIDIEF.SMXY is a Trojan downloader that's disguised as a PDF document. The most recent attacks associated with TROJ_PIDIEF.SMXY have used a combination of spam e-mail messages to redirect victims to hostile sites, along with Blackhole Exploit Kit (a configurable exploit kit) attacks that install launch TROJ_PIDIEF.SMXY without your consent. Although the malware that TROJ_PIDIEF.SMXY installs has yet to be analyzed, SpywareRemove.com malware researchers warn that most infections associated with Blacole attacks are high-level threats, such as ransomware Trojans that lock your...

Troj/SwfExp-BN is a Flash-based component of the Blackhole Exploit Kit, a website-based PC threat that searches for vulnerabilities that can be used for drive-by-download installations of other malware. E-mail spam appears to be the main distribution mechanism for attacks related to Troj/SwfExp-BN, with some popular e-mail attacks including references to European events like the Cyprus banking bailout and the election of Pope Francis. If you have the misfortune to follow web links from e-mail messages that resemble this description, you should take care to use anti-malware software to...

Troj/PDFJS-ADE is a Trojan downloader that connects to an external server for downloading and installing malicious software automatically. Attacks linked to Troj/PDFJS-ADE are prominently associated with misleading e-mails that use fake news articles with European themes (such as the Cyprus bank bailout or the papal election) to encourage victims to click on their malicious links. These links redirect you to a Blackhole Exploit Kit , which launches attacks a variety of potential system vulnerabilities through components like Troj/PDFJS-ADE. Besides the standard defenses against...

Tech-ava-soft.org is a malicious website that's given over to promotional efforts for AVASoft Professional Antivirus , a rogue anti-malware program from the Winwebsec family. Unlike legitimate anti-malware scanners, Tech-ava-soft.org's product can't find malware or remove it from your computer, but displays inaccurate alarms and system scans to make it seem otherwise. Visiting Tech-ava-soft.org risks infecting your PC with AVASoft Professional Antivirus by means of drive-by-download exploits, but most PC users only will see Tech-ava-soft.org after they're redirected to...

Backdoor.APT.Merong is a backdoor Trojan that is included in a malware attack, which affects companies. The malware campaign that is used by cybercriminals to distribute Backdoor.APT.Merong uses the name of the company it aims at in the CnC URL name. Backdoor.APT.Merong regularly uses either names of companies or a project that a particular company works on in its CnC URL name in order not to appear suspicious. Backdoor.APT.Merong propagates via malicious emails carrying harmful web addresses. The zip file encompasses 'Updated_office_contact_v1.exe', which when run creates 'ctfmon.exe'...

Trojan.APT.LetsGo is a Trojan that is a component of a malware campaign, which targets companies. The malware attack that is used by attackers to spread Trojan.APT.LetsGo uses the name of the company it affects in the CnC domain name. Trojan.APT.LetsGo constantly uses either names of companies or a project that a certain company is working on in its CnC domain name in order not to raise any suspicion. Trojan.APT.LetsGo spreads via infected emails including malicious URLs. The .zip file includes 'Updated_office_contact_v1.exe', which once executed creates 'ctfmon.exe' and...

Win32/Agent.UAW is a Trojan that is used as a detection name of Power Loader, a special bot builder for generating downloaders for other malware families and yet another example of specialization and modularity in malware making. Win32/Agent.UAW may gather certain information used to access specific websites. Win32/Agent.SFM may also gather personal information when the computer user browses particular websites. Win32/Agent.UAW strives to transmit collected information to a remote server. Once run, Win32/Agent.UAW may also harvest various information connected with the targeted PC...

Trojan.Ransomcrypt.B is a Trojan that may be used by scammers to distribute certain ransomware. Trojan.Ransomcrypt.B may allow cybercriminals to gain remote unauthorized access and control over the compromised PC. Trojan.Ransomcrypt.B may be able to steal personal information from target computer users. Trojan.Ransomcrypt.B may gather computer data and private details on the victimized computer and transfer them to remote servers. Trojan.Ransomcrypt.B may drop other malware threats on the corrupted PC. Trojan.Ransomcrypt.B can proliferate via system vulnerabilities, malicious downloads,...

Trojan.Theola is a Trojan that steals information from the affected computer. When Trojan.Theola is executed, it creates the potentially malicious files, which adds the Trojan as an extension to the Google Chrome web browser. When the web browser is opened, Trojan.Theola monitors a PC user's activity and steals credentials for online banking websites. Trojan.Theola allows attackers to obtain full remote access and control of the targeted computer.

W32.Yazz is a virus that affects executable files and downloads potentially malevolent files onto the infected computer. When W32.Yazz is executed, it drops the potentially malevolent files on the corrupted PC. W32.Yazz also creates the UpdateWinTools.5.1 mutex so that only one instance of the virus is run. W32.Yazz creates the registry entries so that it can run automatically every time Windows is started. W32.Yazz searches all drives for executable files and affects them. W32.Yazz then searches network shares and copies corrupted files using the certain file names. W32.Yazz then...

Win32/Redyms is a family of browser hijackers that changes the results of several search engines for the purposes of promoting malicious sites and/or advertisements. Win32/Redyms infections usually are caused by drive-by-download attacks from hacked or hostile websites, and frequently employ specialized Trojan droppers (based on the Power Loader bot-building kit) that install Win32/Redyms automatically. Because Win32/Redyms injects its code into the processes of separate programs, SpywareRemove.com malware researchers heartily recommend using appropriate anti-malware tools whenever you...