Departament of Justice Ransomware

united-states-department-of-justice-virusUnited States Department of Justice is an aggressive ransomware that blocks a computer screen and demands for money if one wants it to be unblocked. As many other this type scams it uses official institution’s name for the blocking message to look legitimate. This time the text is supposed to be sent by Department of Justice. Moreover, the message includes a countdown timer, FBI agent name and your case number. Of course all of this is not true and if you actually call the Federal Bureau of Investigation or Department of Justice, you will find out that none of the charges have been put on you.

Alas many cyber criminals‘ victims fall for this scam and pay the money asked in Department of Justice Virus message:

YOUR COMPUTER HAS BEEN BLOCKED
…..Amount of the fine is $300. Payment must be made within 24 hours after the discovery of the violation. If the fine has not been paid, you will become the subject of criminal prosecution.

If you already paid the ransom, contact your credit card bank as soon as possible. It must be done not only because of trying to cancel the payment but also in order to protect your money due to the fact that criminals now know your financial information which you entered when making a payment.

Depending on the version of the infection, there is more than one way for Department of Justice Virus removal. All of them have video guides illustrating the steps that must be done. Please note, if your computer has been infected and you already removed the thread, it does not mean you cannot get attacked by the same virus again. Department of Justice virus is distributed via Internet, injecting it into corrupted websites. These can be any web-pages, even those that you visit every day. If your anti-malware tools have identified a webpage as having infection, inform its administration about the issue.

A negative effect of Babylon toolbar

babylon-redirect-virusBabylon is software that can be added as a toolbar to any of Internet browsers, such as Internet Explorer, Mozilla Firefox or Google Chrome. It offers free translation solutions to more than 75 languages. Babylon is being distributed via company’s official website babylon.com or using affiliate program. Although the software itself is free and might be found as useful the ugly side of it is that together with Babylon you will get a new search tool search.babylon.com which will hijack all of your search inquiries. Note, this web page is not any better than other search tools. On the contrary, it blends paid advertisements with your search results therefore you never know what you click on.

In many cases Babylon might be distributed using unfair or even illegal ways. These can be applied by affiliates that are motivated to get as many users as possible because they get paid for every new client. One of the unfair ways of Babylon distribution is installing it bundled with other software. You might choose to have some program and start an automatic installation process. A small print will say that Babylon will be installed together with it and the option will be marked as a checkbox by default. Many computer users do not notice this option and end up with unwanted program that is difficult to remove.

All legitimate tools have their uninstall wizard and after they are being removed, the changes made by the software should be restored to the ones before the installation. This is not the case with Babylon. Some say that even after removing the toolbar from Control Panel Add and Remove Programs list, checking that there is nothing related to Babylon in add-ons, it still keeps redirecting to search.babylon.com. Uninstalling and reinstalling of Internet browser does not always help as well. Although there are tools available for removing adware automatically, not all of anti-malware programs detect Babylon and all of its related entries. For a complete removal of this toolbar one should use special tools and follow Babylon uninstall procedure.

Beware – Cybercrime Virus Can Rip You Off

Internet_Crime_Complaint_Center_VirusInternet Crime Complaint Center Virus or Cybercrime Virus is an infection that blocks a computer screen and demands for a ransom to be paid in order to unlock an infected PC. It uses Federal Bureau of Investigation or FBI name for scaring its victims. Moreover it might even use a computer‘s webcam trying to convince that your identity will be disclosed because of the crimes commited.

Once a system is blocked you will see a message informing that federal laws have been violated because of illegal using and distribution of copyrighted content, spamming or similar breach of regulations. For the charges to be removed and a computer unblocked one must pay a fine of $500. Here is an extract from the message displayed by Internet Crime Complaint Center Virus:

Internet Crime Complaint Center
Department of Federal Bureau of Investigation
Threat of prosecution reminder
You have been violating Copyright and Related Rights Law (Video, Music, Software) and illegally using or distributing copyrighted content, thus infringing Article 1, Section 8, Clause 8, also known as the Copyright of the Criminal Code of United States of America. Article 1, Section 8, Clause 8 of the Criminal Code provides for a fine of two to five hundred minimal wages or a deprivation of liberty for two to eight years.
You have been viewing or distributing prohibited pornographic content (child porn, zoofilia, etc.) thus violating article 202 of the Criminal Code of the United States of America. Article 202 of the Criminal Code provides for a deprivation of liberty for four to twelve years.

Many fall for this scam due to the wellthought of psychological techniques that cyber gangs use for tricking people‘s money away. Since prepaid payment systems like Ukash are being used for collecting ransom, it is almost impossible to trace back the dollars. Criminals sell Ukash PIN‘s for a reduced price in black market and this way cash their earnings.

If you got blocked by a ransomware, do not pay the money it asks for. It will only fund more of similar infections worldwide. To remove Cybercrime Virus use instructions available from reputable sites. Note that to get infected with a ransomware all you need to do is to go on a corrupted website. It does not necessary has to be related to adult sex sites. Cyber gangs tend to attack and infiltrate the infection to everyday web pages, such as job search pages or similar.

Why CouponDropDown Ads Come Up On Your Twitter or Facebook

CouponDropDown is an annoying adware that floods your computer screen with pop-up or in text ads. It can get installed to any of Internet browsers therefore if you use more than one, you might have the toolbar in Internet Explorer, Google Chrome and Mozilla Firefox. It‘s not only advertisements that people complain about when having CouponDropDown. After the add-on appears on the browser it also replaces your home page as well as search engine with coupondropdown.com. It might also add websites to your bookmark list. All of the changes are made without a user‘s consent.

CouponDropDown announces that it will change the way you shop online. It promises to show coupons available automatically:

NEVER MISS ANOTHER COUPON OR SALE!
CouponDropDown will change the way you shop online.
Buy one Get one free home accessories
Free standard shipping on all bath and beauty purchases.
40 % OFF EXTRA, includes all items, even already on sale!

Affected computer users complain that advertisements of CouponDropDown start appearing on any page, e.g. Twitter, Youtube or Facebook. As many of those having this toolbar did not install it intentionally, it‘s not much fun having work with computer interrupted by pop-ups. Usually CouponDropDown comes bundled with other software and gets installed because a victim does not opt out a checkbox marked by default. This unfair way of toolbar distribution is used for many other browser hijackers and adware. It is very likely that more than one unwanted program is installed at once.

If you suffer from this toolbar, you can remove CouponDropDown ads using antimalware tools. These should help to identify the problem and uninstall it together with all the files related automatically. Although it is possible to remove adware manually, it is often complicated and time consuming because the toolbar hides itself from deleting in Control Panel.

Should I Remove Yontoo Layers Client?

Yontoo Layers Client also known as Yontoo is a browser add-on that creates virtual layers on the website you visit and allows you to control it. These change the appearance of the original webpage. It works on any site on the Web. There is more than one Layer application such as PageRage, Buzzdock, DropDownDeals and Sanity Switch. The add-on itself is free of charge. To earn money for its development and maintenance advertisements are displayed for the computer affected. These may include search, banner, inline text or transitional ads which are not related to the website one visits.

If you read Privacy Policy, you will see that such information as your IP address, operating system, unique identifier number, browser information, pages viewed, URLs visited, search queries entered, and other software and hardware information is being collected and might be sent to third parties. Moreover, if you install the add-on to your mobile device, you will have to give access to the following data:

…you will be asked to allow us access to certain information on your device, including your address book, contact data information, SMS messages, SD card contents, and other system tools. If you do not want us to have access to this information, please do not install or use the Software.

If you have this program installed and do not use the features it offers, it is recommended to remove it in order to protect your privacy. You may also want to uninstall it due to the regular advertisements’ display that interrupts your work. You may choose to remove Yontoo and extensions related to it automatically or manually, depending on if you see the application in Control Panel section. Please note that in a case when you do not know how the add-on got into your computer, it is highly recommended to perform a full system scan because some adware is distributed using malicious infections.

Vista Antivirus Plus 2013 – Fake Antivirus Infection

Vista Antivirus Plus 2013 is another name for rogue antivirus. This one belongs to FakeRean family and attacks computer having Windows Vista operating system exclusivelly. Otherwise it does not differ that much from other fake antivirus. As soon as it gets inside a computer, Vista Antivirus Plus 2013 starts a system scan. Although it looks like a legitimate program and all it pretends to want is to help identifying infections, do not get deceived by it. The only aim Vista Antivirus Plus 2013 was programmed for is to get your money and it uses well thought of psychological techniques to accomplish its goal.

First of all this fake antivirus is designed to look very professional. As soon as it gets inside your computer, Vista Antivirus Plus 2013 will start searching for viruses. Note, even though all looks like the usual antivirus is doing, there is one difference with this one. You did not install it intentionally nor initiated a system scan. This is a clear sign that you are dealing with a scam.

After a scan is completed, as a rule of thumb for all rogue antiviruses, Vista Antivirus Plus 2013 will show you a list of infections supposedly found. Pop-up allerts like this one will interrupt your work and make you feel worried about your computer‘s condition:

Action Center
Review recent messages and resolve problems
Action Center has detected one or more issues for you to review.
Security
Virus protection (Important)
XP Antivirus Plus 2013 reports that it is turned off
Turn on now
Turn off message about virus protection

With allerts like this one, Vista Antivirus Plus 2013 wants to make you buy a full version of the program and this way take your money away from you. Alas, a full version will not remove any viruses because it does not have virus database. If you already paid for it, try contacting your bank and dispute the charges.

To remove Vista Antivirus Plus 2013 you should use legitimate antimalware programs and removal instructions. Note, it is usually distributed using Trojan horses therefore it is very important to get rid of this fake antivirus as soon as you notice its activity. You should also scan for any other related threads that could have been brought in with it.

Critical Error. Hard drive controller failure notice

“Critical Error. Hard drive controller failure” alert displayed in the right-bottom part of your computer screen might signal about your system infection. Most likely you will see more than this one message informing about your PC malfunctioning or even discover that some of your files are gone. Although the symptoms seen are worrisome, there is a completely different problem related to them than the one these notices try to tell you about. You have a Fake HDD program and most likely its version called File Restore. It pretends to be an antivirus although it is a rogue by itself. Cyber criminals who created it use strong psychological techniques such as making an infected computer user believe that the system needs urgent repair which is supposedly to be made by a paid full version of the program. Do not believe File Restore virus messages and remove it as soon as detected.

Complete quotation from File Restore Virus notification:

Critical Error
Hard drive controller failure

Screenshot:

Removal guide:

To eliminate the reason of messages like “Critical Error. Hard drive controller failure” displaying you should remove the File Restore virus. A detailed removal guide is available at the following address: http://www.2-viruses.com/remove-file-restore .

Why XP Antispyware Pro 2013 is a fake antivirus?

XP Antispyware Pro 2013 is classified as a rogue antivirus because it matches all of the symptoms for being such. Even though its graphic user interface is made to look professional and legitimate one should not get tricked by this first impression. It only uses a well known brand‘s name to convince infected computer users into spending their money but actually does not have any virus database and is not capable of detecting nor removing infections.

One of the signs indicating that XP Antispyware Pro 2013 is a fake antivirus is that it initiates a system scan without any interference of a computer user. This is done every time you turn on your PC and as a rule of thumb lots of threats are supposedly found after such a scan. This is a psychological technique used by cyber criminals to convince people into paying for the so called full version of the program.

Another sign that you are facing a rogue antivirus is that XP Antispyware Pro 2013 installs itself without initiating this. In many cases a computer owner does not even know how it got there. Moreover, XP Antispyware Pro 2013 is known to block existing PC security which leaves your machine unprotected and exposed to other infections. This fake antivirus also blocks all of browsing sessions this way hindering searching of help on the Internet. The trick to overcome this blocking is by downloading the software from start menu.

There is no doubt XP Antispyware Pro 2013 should be removed as soon as detected. In some cases fake registering might help to deactivate the program but this will not delete it from the system. Only using legitimate antivirus programs will ensure its complete elimination.

SweetIM Virus – How Damaging Is It?

SweetIM Virus is an adware program that gets installed to all of major Internet browsers such as Google Chrome. Internet Explorer, Mozilla Firefox. Although sweetim.com marketing team assures that they offer a 100% clean product having TrustE certification for trusted download programs, one could fine many complains about the ad-on calling it by various names from unwanted program to even spyware. Probably the most common and obvious accusation towards the virus is redirections to search.sweetim.com and pop-up ads which interrupt a usual work.

Yet there are more issues related to being infected with SweetIM Virus. Not many of us know that when giving your search results on search.sweetim.com this search engine shows paid advertisements among the top ones. It means that you get not exactly what you looked for. Another issue is related to your privacy breach. SweetIM Virus is known to monitor an infected computer user’s Internet browsing behavior. The data is later sent to a remote server for a further analysis. It will be used for targeted advertising campaigns on you.

Once a computer user having SweetIM Virus has made up her mind to remove the toolbar, she faces difficulties. Some complain that they tried to get rid of the toolbar and changes made by it for several days. We recommend using anti-malware programs to remove SweetIM Virus and following removal guides available. After a toolbar is removed, one should be careful when installing any new software. SweetIM Virus just like many other unwanted programs is distributed bundled with other programs. It is strongly recommended to read carefully everything during installation and not to leave checkboxes marked indicating that one agrees upon installing additional software.

Lavasoft Browser Redirect – How To Remove It?

Lavasoft Browser Redirect is a browser hijack that can change Internet Explorer, Mozilla Firefox, Google Chrome or any other browser’s settings. After a toolbar gets installed into a computer it replaces original home page and search page with safesearch.lavasoft.com. Once you get redirected to this webpage, you will see that it uses Blekko search engine. The latter is a completely legitimate program. All seems fair if a person chooses to install the toolbar because of its additional features offered. But if a browser extension is installed without a user’s permission and it makes changes that impede work with PC, such a code can be called a browser hijack or redirect.

Lavasoft Browser Redirect is distributed bundled with freeware or shareware. A computer user does not even know about its installation before the hijack starts working. Main complains about Lavasoft Browser Redirect encompass constant redirections to safesearch.lavasoft.com and pop-up advertisements. It becomes almost impossible to make any search or concentrate on your work when Internet is turned on.

If you want to remove Lavasoft Browser Redirect, you should follow the same removal instructions as for Blekko Redirect Virus. If you still cannot restore your original computer settings, you may need to read how to fix your search provider. It is also recommended to remove any other unknown programs installed on the same day as Lavasoft Browser Redirect.