пятница, 13 июля 2018 г.

How Powzip infected the computer?

Web-criminals, or whoever maintains this advertising tool, are willing to to ensure that it's as nasty as nothing else before, to make you click on ads. By making this you allow new advertising tools into the system. This method is too plain. Powzip only provides plenty of ads, pop-ups, banners and links, and as they appear in the middle of user's monitor, he wants to remove them. Needless to mention that these links cannot be closed. There is no "hide" function for them, so any click launches another tab or a separate window with a viral website. Except that, it could initiate a download of some file, so if the device is already infected and the browser settings are changed – the virus will get into it. That’s how you receive annoying adware until Powzip works in the system.

To understand how the system runs cluttered with malicious utilities you have to know how Powzip gets into the computer. The word is the affiliate installation. It’s literally the plainest method to infect the one’s computer. Web-criminals usually copy the dangerous folder on a few portals and temporize, until operator downloads it. When it happens, it’s a matter of chance, so hackers can only trust that the operator will not read the EULA and will not bother to understand what he’s currently downloading. If you want to miss the infestation via affiliate download – here are the tips that may help:
  • Under any circumstances, do not shut off your antiviral software, especially if you see a suggestion to;
  • Don’t install tools, which conceal their goals;
  • Do not use unlicensed utilities;
  • Pay attention to everything in the windows while you're installing any tool.
Article how to delete Powzip: removal guide.

понедельник, 18 июня 2018 г.

BurstService.exe was detected as trojan virus

A few days ago, Windows defender identified BurstService as a malicious trojan a.zpevdo. But according to virustotal, the virus is not dangerous and only three antiviruses mark it suspicious. Moreover, all these antimalware tools decided that the file is dangerous only because of  "behavioral methods". For example, McAfee named the infection Artemis[id]. It means that they don't know exactly what executable file does. It seems to me, that BurstService is safe and only reason of its block is a mistake.

пятница, 8 июня 2018 г.

New wave of malware attacks: fake info sites

Last ten days, I can see many common info websites that try to readress users to their subdomains. Subdomains look like home(dot)concreasin(dot)info. Among suchlike sites are: concreasun(.)info, estylesee(.)info, livermony(.)info. Of course, I did the video with these viruses removal.


It's sad, but the adware are spead all over the world. The good news that hijackers are very similar, so it's not diffucult to erase them.


Text guide about one of the virus Concreasun(.)info: adware removal.

пятница, 27 апреля 2018 г.

Where mail.ru virus comes from?


Mail.ru is an advertising program that was developed to earn money for web-scammers and inconvenience - to other users. There are plenty of opportunities for suchlike program to get into the system, but the best of them is bundled installation. This way is so perfect because web-criminals don't have to risk. Users willingly download a virus and become acquainted with all its functions. To make things work, swindlers need to upload the viral bundle on few most visited torrent trackers. Let's describe this system step by step. Firstly, swindlers need a suitable software to create a bundle and name it by its name. This software needs to be effective and toll-free. It could just be a cracked copy of the paid software. Fraudsters add 3-4 viruses to the package and make that the resulting file can’t be revised. The only available procedure is the installation. Actually it's a pure fraud, since hackers tell you that you will get a decent program and you get adware in addition. If you don't remember that you downloaded Mail.ru, but remember that you downloaded other unpaid utilities - probably Mail.ru has entered your computer through this method.
After entering the machine, adware begins to change the browser settings, trying to provide advertising most efficiently. Such alterations involve the built-in browser pop-ups such as warnings about harmful substance of the website. Also, adware often switches the default search provider and new tab pages to suspicious website. After that, Mail.ru appends some lines to registry that are responsible for reinstallation of adware in case of removal. According to these measures, Mail.ru defends itself from elimination, and continues to display ads even if victim resets the browser settings. After accomplishing this, Mail.ru keeps on showing ads. Now you know for sure that none of the adware's functions is intended to be helpful. The only thing swindlers care about is money, so they'll generate ads until you remove Mail.ru.
Mail.ru installs on computer with Amigo browser, Puls extension and other: Mail ru and Amigo browser.

четверг, 23 ноября 2017 г.

Are there any differences between Chrome Search win and ChromeSearch today

Last month, there were two different, but very similar browser hijackers: Chromesearch.win and Chromesearch.today. I think that they have one developer, that change only there names. Look at the home page example of Chromesearch.win


...and compare it with Chromesearch.today

The same sh..t.
Removal process for this redirects is the similar too. You need delete extention, switch homepage and update Group Policy.
Virus infectes the most famous browsers: Google Chrome, Mozilla Firefox, Edge and Opera.
So, they have only different name ends and nothing more. 

пятница, 21 апреля 2017 г.

YeaDesktop virus

YeaDesktop is a classic example of an advertising program that is used in standard schemes of ad fraud on the Internet. This program can display advertising proposals individually or as part of large ad units, call up pop-up windows with links, and redirect the user to untrusted sites in the browser. Most likely this program was developed by Chinese scammers, or those who are trying to impersonate them. Unlike most other adware, YeaDesktop does not operate autonomously, and it constantly receives instructions from the remote server xiaobingdou.com. This server is the core of the entire system that directs traffic to certain sites.