WORM_VOBFUS.SMAC is a worm that compromises your computer to allow criminals to access and control it. Besides spreading via removable devices, WORM_VOBFUS.SMAC has been found to use misleading file names that make references to the US elections; this social engineering-based scam convinces victims to download and launch WORM_VOBFUS.SMAC's installer without even being aware of the danger. SpywareRemove.com malware experts recommend that you allow anti-malware scanners to find and remove all...

HEUR_PDFEXP.E is a general identifier for PC threats that disguise themselves in the form of PDFs to exploit JavaScript-based vulnerabilities and install malicious software onto your PC. Although SpywareRemove.com malware experts are still analyzing HEUR_PDFEXP.E's current payloads, HEUR_PDFEXP.E attacks have been found to originate from PDFs that are named to reference recent US political events such as the presidential campaign between President Obama and challenger Mitt Romney....

ADW_MARKETSCORE is an adware program that claims to enhance your web-browsing speed and content, although ADW_MARKETSCORE's functions are mostly concerned with gathering potentially profitable information from PC users. Recent analyses of search-poisoning techniques have found installers for ADW_MARKETSCORE disguised as executable files referencing US president Obama. Although the information that ADW_MARKETSCORE has been found to gather has limited ADW_MARKETSCORE to a low-level threat,...

Mal/EncPk-AGE is a Trojan dropper that's designed to install other malicious programs by connecting to a wide range of criminal-operated servers. The latest Mal/EncPk-AGE attacks all have involved Mal/EncPk-AGE being promoted as a fraudulent Adobe update. Redirects to Mal/EncPk-AGE start at fraudulent CNN news links, work through a JavaScript redirect ( Mal/JSRedir-H ) and then use the ignominious Blackhole Exploit Kit to expose you to the web page that hosts Mal/EncPk-AGE. Both social...

Mal/JSRedir-H is a malicious web page-based redirect that occurs automatically and forces your browser to load hostile content – currently including Blacole-based drive-by-download exploits. SpywareRemove.com malware researchers have found that Mal/JSRedir-H attacks are being promoted by fake CNN news articles that are distributed through social network sites and spam. Unprotected contact with Mal/JSRedir-H can result in the installation of a Trojan on your PC that may be used for attacks...

The Koda Virus is a ransomware Trojan that strongly resembles similar PC threats from the Ransirac (or Gema 'Access to your computer was denied' Virus ) family. By claiming to be sent from Denmark's Koda, a rights management organization for music artists, the Koda Virus gives ostensible credibility to its warning that your computer is locked down for IP-violating crimes. The Koda Virus then asks that you pay a Ukash fine to receive a code for unlocking your computer. However,...

Windows Antipiracy Virus is a ransomware Trojan that claims to have locked your computer because of illegal file-downloading activities. While Windows Antipiracy Virus's warning message includes references to the Republic of Italy, the RIAA and other IP legislation-related entities, SpywareRemove.com malware research team is happy to confirm that Windows Antipiracy Virus is purely malicious software without any ties to law enforcement of any kind. The pop-up that Windows Antipiracy Virus uses...

For many years Mac computers have been thought to be immune from malware threats, but as of late they have received surges in highly targeted malware attacks according to a unidentified human rights group. Security researcher Seth Hardly, while attending the SecTor conference in Toronto last week, explained that a significant increase in new variants of targeted Mac malware was reported to a human rights organization that he and his University of Toronto's Citizen Lab research center plan...

Trojan.Generic13 is a Trojan that causes unwanted web browser redirect problems on the corrupted PC. Trojan.Generic13 hijacks the targeted Internet browser and redirects search results in any search engine, such as Google and Yahoo to suspicious websites. Trojan.Generic13 blocks search keywords entered by PC users and replaces them with URLs supported by the Trojan infection. Trojan.Generic13 may also change the default home or search page on the infected computer.

Backdoor.Win32.ZAccess.ydb is a backdoor Trojan that's related to multi-component ZeroAccess attacks, which often use rootkits and other subversive techniques to hide themselves and disable security features. In particular, Backdoor.Win32.ZAccess.ydb is associated with functions for protecting other aspects of a ZeroAccess infection, such as disabling anti-malware programs or preventing them from detecting related PC threats via system scans. As of June 2012, attacks involving...

One of September's new entries into the vast armies of questionable search engine sites, Search.starburnsoftware.com has been found to provide suspicious search results even if Search.starburnsoftware.com is not obviously malicious in nature. Our malware analysts have also raised their heads at indications of Search.starburnsoftware.com being promoted by PC threats that include browser-hijacking attacks. These attacks tend to lock your homepage to Search.starburnsoftware.com, although other...

W32.Phopifas is a worm that circulates through Skype and Windows Live Messenger. Once executed, W32.Phopifas sends one of the numerous messages, depending on the locale setting on the infected PC, to all contacts in Skype and Windows Live Messenger. The message also contains the link [http://]goo.gl/[REMOVED]sx?img=[USER ID], where [USER ID] is the Skype/Windows Live Messenger user ID. The link downloads either a copy of W32.Phopifas or W32.IRCBot.NG .

Backdoor.Rabasheeta is a backdoor Trojan that has acquired significant press in Japan due to the confirmation of some of its attacks being used in the creation of death threats and terrorism-related messages. Residents of Japan are particularly at risk of being infected by Backdoor.Rabasheeta, which has been found to have at least three variants and appears to have ongoing development support. Malicious websites appear to be Backdoor.Rabasheeta's primary means of distribution, and...

Trojan.Ransomlock.Y is a Trojan that is a part of the FBI Green Dot Moneypak Virus ransomware threat. Trojan.Ransomlock.Y locks the desktop of the compromised PC and makes the computer unusable. Trojan.Ransomlock.Y then asks the PC user to pay a ransom to unlock it. Once executed, Trojan.Ransomlock.Y creates the certain file on the affected computer system. Trojan.Ransomlock.Y creates the certain registry entry so that it can run automatically every time you start Windows....

Skodna.BitCoinMiner.AD is a Trojan that exploits an infected computer's resources to generate fraudulent digital currency. Because allowing Skodna.BitCoinMiner.AD to remain on your PC encourages destructive financial activity, Skodna.BitCoinMiner.AD should be removed quickly and by anti-malware products that are capable of detecting obfuscated PC threats. BitCoin miner Trojans like Skodna.BitCoinMiner.AD are often associated with system instability, although Skodna.BitCoinMiner.AD may be...

Trojan.Fakesig is a Trojan that pretends to be a legitimate and useful application. Trojan.Fakesig enters the targeted machine without a PC user's permission and knowledge. Trojan.Fakesig may download and install other malware threats on the corrupted PC. Trojan.Fakesig allows attackers to gain remote access and control over the infected computer system. Trojan.Fakesig spreads via removable hard drive, spam emails, and malicious downloads, links or websites.

Mal/SEORed-A is a malware threat that is detected as a malicious website created by attackers to drive traffic to suspicious target websites, specifically malicious Blackhole exploit v2.0 websites. Mal/SEORed-A redirects affected PCs user to another remote malicious website, which spreads other malware infections such as scareware. Internet users can face websites blocked as Mal/SEORed-A when clicking on links on search results, mostly fake image search results, in search engines including...

Troj/Agent-YDC is one of two variants of the Dorkbot worm that have been noted for their distribution through Skype spam messages. While the messages linking to Troj/Agent-YDC claim to be linking to a personal picture, the .zip archive installs either Troj/Agent-YDC or Troj/Agent-YCW , which will then open a backdoor on your computer. This backdoor allows criminals to engage in additional attacks through a remote server. SpywareRemove.com malware researchers have two primary pieces of advice...

Troj/Agent-YCW is a Dorkbot variant that's spread primarily by instant messages through Skype and similar programs. Like other Dorkbot worms, Troj/Agent-YCW can also use secondary means of distributing itself – such as USB drives – and attempts to conceal itself from the PC user. After Troj/Agent-YCW is installed, Troj/Agent-YCW creates a backdoor vulnerability and allows criminals to access the infected computer. SpywareRemove.com malware research team classifies Troj/Agent-YCW as a...

Searchwebresults.com calls itself only a 'premiere spot on the web' to search for other websites, but unlike popular alternatives, Searchwebresults.com displays results for the purpose of acquiring profit from traffic, rather than sorting its links according to how relevant they are to your search terms. Malware experts have also noted that Searchwebresults.com, like many sites that are cloned from the same template, benefits from browser-redirecting attacks that are caused by various PC...