Ured Za Posebne Poslove Sigurnosti Ransomware is one of the newest variants of a Police Ransomware Trojan to strike Europe, with the Ured Za Posebne Poslove Sigurnosti Ransomware's country of preferential victimization being Croatia. Ured Za Posebne Poslove Sigurnosti Ransomware's fake police pop-ups include the same copy-pasted legal texts that have been seen on many of its relatives, albeit translated (most likely via an automated tool) into Croatian. You should ignore the emblem of the Croatian police and other aesthetic quirks that try to convince you to pay the Ured Za Posebne...

Trojan Travnet steals information from any document-based file types on your computer, thereafter uploading them to a criminally-controlled server. Current estimates for Trojan Travnet's campaign place its age at a minimum of four years, making it a surprisingly old and regularly-developed spyware campaign. SpywareRemove.com malware experts can confirm that Trojan Travnet's primary distribution method is through malicious document files that install Trojan Travnet whenever a vulnerable PC opens them – all without any appearance of symptoms. Because Trojan Travnet avoids obvious details...

Bucksbee is a browser hijacker, which is advertised via other free software downloads, and when installed on the targeted PC, it adds a toolbar, changes the browser homepage and default search engine to srp.freecause.com. Bucksbee Search will display pop-up advertisements and sponsored links in hijacked search results, and may gather search terms from victimized search queries. Bucksbee Search invades the infected computer after a PC user has installed another free application or add-on that had bundled into their installer Bucksbee. For example, when a computer user installs vPlay,...

Backdoor.Salgorea is a backdoor Trojan that opens a back door on the infected computer. Backdoor.Salgorea may spread through spam email containing a malevolent .hta file. When Backdoor.Salgorea is run, it copies itself as the potentially malicious files on the compromised PC. Backdoor.Salgorea creates a partially modified copy of itself to the temporary folder and executes this copy with parameter '--help'. Backdoor.Salgorea also creates the clean file and runs it. Backdoor.Salgorea then creates the schedule task files in order to execute the file 'sidebar.exe' daily. Backdoor.Salgorea...

I.trkjmp.com is an advertising network that's promoted via adware applications. While they insert links into unrelated text content in your browser, adware applications will encourage you to expose yourself to I.trkjmp.com's advertisements of your own free will. While the actual redirecting to I.trkjmp.com occurs in a consensual manner, PC users that wish to remove I.trkjmp.com's adware have the ability to do it with any appropriate and competent anti-malware program, and, in most cases, the symptoms should be resolved as soon as your PC is disinfected. Taking the Unwanted Leap Towards...

Dts.search-results.com is a search engine site that borrows its results from other search engines (such as Google and Ask.com). Even though SpywareRemove.com malware analysts haven't seen any cases of Dts.search-results.com intentionally promoting PC threats of any stripe, they have seen instances where browser hijackers and similar types of malware have promoted Dts.search-results.com. In the process of doing so, they may incidentally block you from using any alternative sites, regardless of what your browser's settings happen to be. Browser redirects to Dts.search-results.com or other...

With respect to PC security, in particular, Chitka, an online advertisement delivery service, has been used for advertisement-delivery attacks that involve browser hijackers and other browser-based PC threats. Chitka should not be confused with the legitimate ad network called Chitika. If your browser displays advertisements from Chitka in unusual ways or without your permission, you should consider your PC potentially infected, and SpywareRemove.com malware analysts suggest using anti-malware applications to expel the Chitka-based browser hijacker before their advertisements can...

Hackers have gone deep sea phishing in the ocean full of potential Google Account holder users in a recent phishing scam from a bogus Google Docs 'important Google document' login screen. It seems to a perpetual influx of new phishing scams just about every day has hackers utilize fresh bait to victimize computer users through the use of legitimate entities. This time the fresh bait comes by way of a fake Google Docs account login from a message claiming that a document needs review. The notification as show in Figure 1 below, reading: "Please view the document i uploaded for you using...

The Neutrino Exploit Kit is a configurable package of exploits and related attacks that install malicious software without the consent of the victim – in a technique known as a drive-by-download attack. Although the Neutrino Exploit Kit is similar to previous exploit kits, SpywareRemove.com malware research team and others in the PC security industry have noted the Neutrino Exploit Kit's uptick in sophistication, with features that allow the Neutrino Exploit Kit to steal limited amounts of information in its initial attacks, evade anti-virus software and filter traffic for preferential...

Win32/TrojanDownloader.Wauchos.I is a Trojan that is distributed via malicious emails. The fake email message supposedly comes from the US Electronic Federal Tax Payment System (EFTPS) and targets Taxpayers. The unsolicited email with the title 'EFTPS: Company Tax Payment Batch Has Been Rejected' brings the news that the Federal Tax Payment bearing ID: 6558836841 has become redundant. The Return Reason Code of the affected user is mentioned as R225. However, the identification number that is used in the Company Identification Field is not applicable anywhere. The target user is thus...

It never ceases to amaze us with the new and creative ways in which hackers find ways to victimize computer users all around the world. With that said, a new type of hacker called 'Ratters', a term taken from them utilizing Remote Access Tools (R.A.T.) or Remote Administration Tools , is on the prowl seeking to use your webcam as a means of spying on you. The captured images or videos are then posted online through channels like YouTube calling the victimized computer user their slaves to be openly traded through such channels on the Internet. The idea and practice of compromising a...

Trojan.Win32.Agent.hwoo is a Trojan that's used to install a more sophisticated PC threat than itself: a backdoor Trojan that can compromise your computer's security by allowing criminals to access it through a C&C server. Recent Trojan.Win32.Agent.hwoo attacks have been found to be distributed through e-mail spam messages that are themed after topics such as human rights activism in Tibet and Uyghur. The attacks that install Trojan.Win32.Agent.hwoo (and allow Trojan.Win32.Agent.hwoo to install other malware) use drive-by-download techniques that can allow an infection to take place...

Exploit.JS.Pdfka.gjc is a Javascript Trojan that is a part of the malware attacks using PDF exploits. Exploit.JS.Pdfka.gjc attacks Uyghur and Tibetan activists. Exploit.JS.Pdfka.gjc spreads via PDF files, which include the CVE-2013-0640/641 (ItaDuke) exploits. If the exploit, detected as Exploit.JS.Pdfka.gjc, is successful, the PDFs display a clean, 'lure' document to the affected PC user. The first document called '2013-Yilliq Noruz Bayram Merik isige Teklip.pdf' points to a New Year's party invitation. The second one, called 'arp.pdf', is an authorization to request a reimbursement,...

Trojan.Win32.Yakes.cngh is a Trojan that's distributed predominantly via e-mail spam for Germany and neighboring countries. PDF exploits embedded in the attached file will install Trojan.Win32.Yakes.cngh automatically, and since Trojan.Win32.Yakes.cngh's e-mails are disguised as business invoices, victims may infect their own computers without understanding that an attack has taken place. Trojan.Win32.Yakes.cngh includes several generalized functions that can disable your computer's security features, spy on your activities or conceal itself from detection. SpywareRemove.com malware...

Exploit.JS.CVE-2010-0188.e is a Trojan that is distributed via spam emails containing the malicious PDF attachment. The fake emails are written in German, and most are sent from German IP addresses. The computer names referenced in the mail headers are often of the form 'Andreas-PC' or 'Kerstin-Laptop' (the names have been changed to protect the innocent), which suggests that they had been sent from German home computers. The malicious PDF attachment, detected as Exploit.JS.CVE-2010-0188.e, names are of the form 'Mahnung recipents name.pdf' (Mahnung is German for 'reminder' or...

Troj/Agent-AANK is a Trojan that is included in a malware campaign, which attacks German PC users. The unsolicited emails written in German, which, in truth, contains a few mistakes, with the subject line 'Luftfrachsendung AWB' carry an attachment, which masquerades as a PDF file, and state to be sent by an air shipment company. A file called 'AWB-Avis 123-12345678.pdf.zip' (the numbers can differ), which involves the malicious payload, found as Troj/Agent-AANK, is attached to the spam emails.

Mal/ExpJS-AL is a malware threat, known as the exploit kit that is used by attackers to compromise legal websites. Mal/ExpJS-AL drives website traffic to suspicious websites hosting the exploit kit, detected as Mal/ExpJS-AL. Mal/ExpJS-AL is used to inject a malicious JavaScript into legitimate websites to start the drive-by download attack.

TR/Pirminay.aehr is a Trojan that destroys computers and anti-virus software. TR/Pirminay.aehr is able to stay on the infected computer with the help of a special tool used by cybercriminals. TR/Pirminay.aehr is accompanied by a rootkit running in the boot sector, which helps it to remain on the compromised PC. TR/Pirminay.aehr uses other PC threats to block its removal from the affected machine. TR/Pirminay.aehr is difficult to detect and remove from the targeted computer; therefore, a legal and effective security application should be used to uninstall TR/Pirminay.aehr from the...

The POLITIE Belgique Police Fédérale Virus is a Police Ransomware Trojan that claims that your PC is being used for illegal purposes, blocks you from using other applications and asks for a fine before your PC will be returned to normal. However, since the POLITIE Belgique Police Fédérale Virus also is a fraud that's copied from other Police Trojans from its family, SpywareRemove.com malware research team doesn't recommend paying the POLITIE Belgique Police Fédérale Virus's fine and emphasizes the POLITIE Belgique Police Fédérale Virus's inability to cause further harm to...

FinSpy is the spyware component of FinFisher, a legal spyware application that supposedly only is marketed to law enforcement agencies and used for the purpose of monitoring criminal activities. However, recent analyses have indicated that FinSpy also is used in more questionable circumstances than the above – such as in monitoring the actions of government protest groups in both Vietnam and Ethiopia. Although FinSpy isn't designed for illegal purposes, malware researchers still consider FinSpy to be malware that should be removed from your PC as long as you place any value in...