понедельник, 18 июня 2018 г.

BurstService.exe was detected as trojan virus

A few days ago, Windows defender identified BurstService as a malicious trojan a.zpevdo. But according to virustotal, the virus is not dangerous and only three antiviruses mark it suspicious. Moreover, all these antimalware tools decided that the file is dangerous only because of  "behavioral methods". For example, McAfee named the infection Artemis[id]. It means that they don't know exactly what executable file does. It seems to me, that BurstService is safe and only reason of its block is a mistake.

пятница, 8 июня 2018 г.

New wave of malware attacks: fake info sites

Last ten days, I can see many common info websites that try to readress users to their subdomains. Subdomains look like home(dot)concreasin(dot)info. Among suchlike sites are: concreasun(.)info, estylesee(.)info, livermony(.)info. Of course, I did the video with these viruses removal.


It's sad, but the adware are spead all over the world. The good news that hijackers are very similar, so it's not diffucult to erase them.


Text guide about one of the virus Concreasun(.)info: adware removal.

пятница, 27 апреля 2018 г.

Where mail.ru virus comes from?


Mail.ru is an advertising program that was developed to earn money for web-scammers and inconvenience - to other users. There are plenty of opportunities for suchlike program to get into the system, but the best of them is bundled installation. This way is so perfect because web-criminals don't have to risk. Users willingly download a virus and become acquainted with all its functions. To make things work, swindlers need to upload the viral bundle on few most visited torrent trackers. Let's describe this system step by step. Firstly, swindlers need a suitable software to create a bundle and name it by its name. This software needs to be effective and toll-free. It could just be a cracked copy of the paid software. Fraudsters add 3-4 viruses to the package and make that the resulting file can’t be revised. The only available procedure is the installation. Actually it's a pure fraud, since hackers tell you that you will get a decent program and you get adware in addition. If you don't remember that you downloaded Mail.ru, but remember that you downloaded other unpaid utilities - probably Mail.ru has entered your computer through this method.
After entering the machine, adware begins to change the browser settings, trying to provide advertising most efficiently. Such alterations involve the built-in browser pop-ups such as warnings about harmful substance of the website. Also, adware often switches the default search provider and new tab pages to suspicious website. After that, Mail.ru appends some lines to registry that are responsible for reinstallation of adware in case of removal. According to these measures, Mail.ru defends itself from elimination, and continues to display ads even if victim resets the browser settings. After accomplishing this, Mail.ru keeps on showing ads. Now you know for sure that none of the adware's functions is intended to be helpful. The only thing swindlers care about is money, so they'll generate ads until you remove Mail.ru.
Mail.ru installs on computer with Amigo browser, Puls extension and other: Mail ru and Amigo browser.

четверг, 23 ноября 2017 г.

Are there any differences between Chrome Search win and ChromeSearch today

Last month, there were two different, but very similar browser hijackers: Chromesearch.win and Chromesearch.today. I think that they have one developer, that change only there names. Look at the home page example of Chromesearch.win


...and compare it with Chromesearch.today

The same sh..t.
Removal process for this redirects is the similar too. You need delete extention, switch homepage and update Group Policy.
Virus infectes the most famous browsers: Google Chrome, Mozilla Firefox, Edge and Opera.
So, they have only different name ends and nothing more. 

пятница, 21 апреля 2017 г.

YeaDesktop virus

YeaDesktop is a classic example of an advertising program that is used in standard schemes of ad fraud on the Internet. This program can display advertising proposals individually or as part of large ad units, call up pop-up windows with links, and redirect the user to untrusted sites in the browser. Most likely this program was developed by Chinese scammers, or those who are trying to impersonate them. Unlike most other adware, YeaDesktop does not operate autonomously, and it constantly receives instructions from the remote server xiaobingdou.com. This server is the core of the entire system that directs traffic to certain sites.

четверг, 30 марта 2017 г.

Startpageing123 virus removal

Startpageing123.com is a browser hijacker, that infects computer by free downloaders. User wants to delete this virus as soon as possible. These programs are created to earn money on advertising, with the help of a huge number of display advertisements and redirect users to suspicious websites. Earnings carried out thanks to the system on which the payment is valid online advertising services.


Step 1. Uninstall StartPageing 123 from the system
Step 2. Check browser shortcut
Step 3. Remove StartPageing 123 from browser settings
Step 4. Remove elements that stayed after StartPageing 123 deletion