Ploutus is a family of Trojans that force ATMs to eject bills, allowing a physically present con artist to misappropriate from the machine. New versions of Ploutus include improved anti-security and compatibility features, but mandate a strong physical element that business entities can counter with appropriate security monitoring protocols. Since this Trojan is a sophisticated and frequently updated threat, update your anti-malware protection regularly to help it detect and remove Ploutus...

The people involved in the promotion of fraudulent technical support services often rely on misleading browser pop-ups and pages to convince users that their computers are infected with threats, or there have been numerous problems detected on their computer's hardware and software. Often, these pop-ups may feature a phone number that is advertised as a helpdesk operated by certified Microsoft experts. This is exactly the case with the '0-800-090-3853' pop-ups, corrupted browser messages...

GhostAdmin is an updated version of CrimeScene, a family of backdoor Trojans that incorporate infected PCs into botnets so that con artists can collect information from them. Although GhostAdmin's 'robot network' still is new, the Trojan includes a diverse range of attack features for exfiltrating data or giving remote attackers control over a PC. Since this Trojan shows no symptoms to the PC user, you should use appropriate security software to identify and eliminate GhostAdmin without...

Balkan.ba's landing page hosts an Eastern European news portal that appears to host legitimate news articles and similar media content. However, the domain name also may be used to host a search engine that may end up as your Web browser's default new tab even though you've never heard of it before. The unpopular search engine in question can be found at Balkan.ba/speshl/search.html/, and it is very likely that its operators rely on browser hijackers to bring more users to the page. The...

The Havoc Ransomware is a Trojan that encrypts your files, uploads the decryption key to an external server, and sells access to the decryption process to its victims. Since encryption can damage your local files permanently, keeping a non-local backup is paramount to preventing this Trojan's payload from causing any harm that you can't reverse. Malware experts also encourage using dedicated anti-malware products for blocking the Havoc Ransomware before its attacks or deleting the Havoc...

The VBRansom Ransomware is a Trojan that makes your files look as if it's locking them with an encryption-based cipher. Malware experts observe current versions of this threat being incomplete and incapable of a real encryption, although its developer is likely to change that in the future. Protecting your PC from attacks of this type includes both using backups regularly and uninstalling the VBRansom Ransomware with anti-malware products that can detect it immediately. Although there are...

The iMedia Start is a Web browser extension that claims to improve productivity and provide users with entertainment by suggesting relevant online media content. However, users who install the iMedia Start browser extension may be disappointed to find out that this content is only accessible if they opt to preserve the new tab page that the iMedia Start sets. This new tab page features a search engine, quick links to popular Web destinations, time and weather widgets, and a weird Facebook...

Trojan.Wdfload (including aliases such as CertLock or Ceram) is a Trojan that blocks you from using specific brands of anti-virus scanners and related security software. Although this threat is specific to Windows, for affected users, it prevents them from analyzing the presence of other threatening software on their PCs or implementing a disinfection strategy. Use standard security protocols and specialized utilities, if necessary, to disable this Trojan before removing Trojan.Wdfload with...

The LambdaLocker Ransomware is a file-encrypting Trojan that can lock your files so that it may sell its threat actor's decryption assistance to you. This form of extortion is preventable by keeping backups that the LambdaLocker Ransomware can't wipe, although free decryption solutions also may be viable. Malware experts recommend anti-malware protection for blocking or removing the LambdaLocker Ransomware to limit its access to your files. January sees new Trojan campaigns with...

The HakunaMatata Ransomware encrypts your files and creates messages for extorting Bitcoins in return for the decryption solution. The Trojan's threat actors currently deploy this Trojan against entities in the business sector primarily, most likely using e-mail or brute-forced account access to infect the servers. Good password practices, backup strategies, and anti-malware protection can remove these infection routes, mitigate the encryption damage or remove the HakunaMatata Ransomware...

The 'Your Connection Is Not Safe' pop-ups are misleading messages that may appear in your Web browser and urge you to call a phone number to get in touch with a reputable computer technician who'll help you solve computer issues that may threaten your online safety or your computer's performance. The Your Connection Is Not Safe' pop-ups are designed to look as if they warn you that you are attempting to access an unsafe website and you may have threats installed on your computer. One of the...

Are online advertisements labeled 'Extminooop Ads' or 'Ads by Extminooop' disturbing you while you browse the Web? This is a problem that some users might encounter while browsing the Web, and not so tech-savvy users might have no idea why they are being bombarded by these advertisements regardless of the websites they attempt to access. The reason for the sudden influx of the 'Extminooop Ads' is the installation of a Web browser extension that malware researchers recognize as adware. It is...

The Kaandsona Ransomware is a Trojan that tries to encrypt your files to force you into paying a ransom fee for them. Current samples of the Kaandsona Ransomware leverage poorly-coded payloads and will crash without causing any file damage. However, this threat may see updates to full functionality in the future, and malware experts still advise using backups and anti-malware solutions for eliminating encryption damage and uninstalling the Kaandsona Ransomware. Although the choice of...

The Email Access Online is a Potentially Unwanted Program (PUP) by EIGHTPOINT TECHNOLOGIES Ltd. This software publisher is often linked to Potentially Unwanted Programs whose installation may do some unexpected changes to the system Web browser's settings, such as replacing the default new tab page with a website affiliated with the EIGHTPOINT TECHNOLOGIES' product. The case with the Email Access Online is practically the same, and users who install this software might be surprised to find...

The CryptoSweetTooth Ransomware is a Trojan that blocks your files by enciphering them through an algorithm such as the AES-128. Although the symptoms of the CryptoSweetTooth Ransomware infections are easily identifiable, the fact that your data may not be decryptable afterward causes malware experts to stress using preventative security protocols whenever practical. If those steps are insufficient, use standard anti-malware tools to remove the CryptoSweetTooth Ransomware and seek assistance...

TrojanDropper:JS/Exjaysee.A is a detection named used by some security software vendors to describe a corrupted JavaScript file that may be used to download threats on the victim's machine. It is not uncommon for threat authors to use multi-stage methods to deploy threats to the computers of their victims. For example, the crypto-threats distribution may be executed with the help of macro-laced Office files that create a JavaScript which, once launched, connects to a remote Command &...

DirectionsBuilder is a Potentially Unwanted Program (PUP) developed by Mindspark Interactive Network. The software is installed in the form of a Web browser extension, and it is supposed to provide users with access to global maps, as well as an easy way to set-up their route and receive driving instructions. However, to take advantage of these features, users would have to agree to allow DirectionsBuilder to change their default new tab page to a website that features a search engine, as...

The Marlboro Ransomware is a Trojan that uses encryption to block your files so that its author can sell the bundled decryption service to any victims. Because some of the Marlboro Ransomware's encryption routine includes glitches that cause irreversible file damage, the only certain way to recover your content is to restore it from a backup. Use standard anti-malware protection to monitor this threat's infection vectors and remove the Marlboro Ransomware when another threat tries to install...

Search.ydserp.com is a search engine that, according to the privacy information published there, is owned by Web Bar Media, the company behind Web Bar, a low-quality browser extension whose installation may bring some undesired changes to the user's Web browser. It is unknown whether Search.ydserp.com is related to the Web Bar extension directly, but the fact that it is associated with its publisher is enough to reconsider Search.ydserp.com's trustworthiness. The homepage of...

Package Track is a browser extension that is supposed to provide its users with a neat way to track their packages and deliveries. However, this download page of Package Track does not mention that their 'service' does not work with all delivery companies – only with UPS. In addition to this, this extension does not offer a one-click feature for this purpose. Users who wish to take advantage of Package Track's features are required to set Search.searchpackaget.com as their default new tab...