Category Archives

Today we’re revisiting the topic that we briefly discussed in email problems – spam. Spam emails are annoying, but they can also be dangerous. Malicious actors use email spam to steal our personal information and to spread malware. How can we recognize and avoid malicious spam?

Types of Malicious Spam Emails

Phishing

Phishing emails are scam emails that impersonate trusted companies (such as Microsoft and Apple). Usually, they seek to convince recipients that there’s a problem with their account. To solve this made-up problem, they link to a fake website, one that also impersonates the trusted company. This website asks the victim to provide their personal information. If they do, the data is sent to the scammers who were responsible for the phishing email.

One unfortunate example of dangerous spam is the many sketchy emails from “Apple”. Warnings that “your Apple ID is locked!“. Receipts of nonexistent iTunes and App Store purchases. Calls about iCloud accounts being hacked.

These fake messages are sent to Mac users with attachments and links to phishing websites – sites that ask them to reveal personal information. This information might include:

• Name
• Address
• Demographic information
• Credit card number and other payment information
• Usernames and passwords.

And people fill out those forms! And unwittingly send their very personal information to scammers. Because those phishing sites are very convincing. They copy the design of the site they’re impersonating and they use encryption (the padlock next to the address).

Malware

Other fake emails bring malware. Infected documents carry the Emotet trojan. Offers for free software hide ransomware inside them.

These emails could be about anything! An invoice, a document from your work, a shipping delay, a confirmation for an online purchase, a random link from an unknown person… The only condition is that there’s an attachment or a link to download the malicious file.

Ransomware commonly spreads via emails. It can cause terrible problems by destroying all user-created files on the infected computer.

Trojans also use email spam to infect PCs. They then turn those PCs into bots, install advertising malware, and steal passwords.

How to Stay Safe?

It’s important to be aware of the dangers that spam emails pose. So, how can you protect yourself?

Our old advice still applies. Don’t share your email address with just anyone. You can set up a special email account for use with untrustworthy sites. That way, you don’t have to reveal your personal and job emails when you don’t want to.

Using an email provider with a good spam filter is a great help. Staying vigilant is important. Trust your gut and don’t reveal your personal information when you aren’t comfortable doing so.

Use antivirus programs to scan your attachments and the sites you visit. But don’t solely rely on them, as malicious actors are always finding new ways to trick us.

If you have questions or worries, don’t hesitate to ask for help online. Even if it’s a small thing. Various community forums are always ready to offer advice. We’re also ready to help on any technical topic. Be careful and stay safe online.

Internet search engines like Google, Bing, DuckDuckGo, and others help us find information online. We only need to open our web browsers, type a query into a search bar, and the search results appear. Accurate, relevant, sometimes with a few unobtrusive ads.

But what if, one day, you type your search query and the results that appear are… wrong? What if your search queries are redirected to an unknown search engine?

Unknown and unwanted search engines

Bizarre search engines like Search Lee and Search Marquis take over people’s browsers, unwanted and unwelcome. Frustrated users wonder what could be causing this issue. Some say that their browsers are configured correctly, and yet these strange websites still appear (Discussions.apple.com).

Other examples of search engines that take over search results without permission are:

• Search Mine
• Safe Finder
• Search Baron
• Mybrowser-Search

These are just a few examples. There are too many of these sites to list. And these sites aren’t some brave pioneers in the field of internet search. They don’t have any unique features to make them worth using. Instead, they have a lot of spam ads.

You probably already suspected it, but these search hijackers are nothing more than advertising sites. They make money by forcing people to use them.

But how do these bizarre sites infect our search results?

Web browsers are the programs that we use to browse the internet. Google Chrome, Safari, Microsoft Edge, and Firefox are a few popular examples. The job of these programs is to download and display webpages and let you interact with them.

Web browsers also help you search the web by letting you type search queries into your address bar. By default, Google Chrome links to Google, while Microsoft Edge links to Bing.com. They never link to unknown, poor-quality websites.

What causes search redirects?

So, what’s causing these ad-filled, unwanted search engines to take over your search? It’s certainly not normal browser behavior.

Unfortunately, it’s not always easy to say what exactly the problem is. It could be a bad browser extension (that was out topic last week) or a misconfigured setting. It could also be something quite a bit worse, such as a trojan app that intercepts all of your internet traffic.

As usual, our advice is for you to seek help online. Community support forums can help, as can we here on Remotepcfix.com. Individual cases benefit from direct communication.

We also encourage you to try to discover the problem manually, though it can be a little daunting.

If you feel like there’s a problem with your computer or your browser, it’s always good to look into it. Dealing with small problems will help you protect yourself from bigger cyber threats.

Extensions – Useful but Risky

Browser extensions are great. They’re like mini-programs that add features to web browsers. There are many that are tremendously useful: remote desktop add-ons, ad blockers, price comparison tools, add-ons that transform the color schemes and layouts of web pages, and many more. And many of these incredible extensions are completely free to use.

And sure, there are also plenty of extensions that are not worth using: buggy, unfinished, outdated, or lacking in features. But there are some that are even worse: dangerous.

There are spyware, adware, and miners. They log your data, which can include personal information, and share it with third parties. They inject ads into the pages that you open. And they even display ads on your home page. And they intercept your web browsing to redirect you to partner websites so that they can display advertisements.

Extensions promise to make your browsing safer and more private – but instead, they spy on you and open malicious sites for you.

For instance, fake cryptowallet extensions were used to steal users’ credentials. People would use these extensions to log in to their online wallets, thus revealing sensitive information to malicious actors. Stolen credentials could then be used to rob the victims.

Google and other browser developers work constantly to remove malicious extensions, such as ad injectors, from their stores. But the battle is never over. Malicious actors continue to upload bad extensions.

Recognize Unsafe Browser Extensions

So, how to recognize a browser hijacker that’s harmful? How to avoid installing them?

We’ve already talked about this before in the post How to avoid browser hijacking. Be careful while installing free programs. And when you notice something wrong with your browser, check it over without delay.

But it’s best to avoid browser hijackers before they can start causing problems. And now that the landscape of online threats has changed a bit, we need to update the advice.

When you find yourself on the Chrome Web Store or another add-on store, be patient and keep a level head. Pay attention to these extension features:

• Who is the developer of the extension? Is it a trustworthy company? What else have they released?
  If you can’t find out who the developer is, that’s a red flag.
• What does the privacy policy say? Are you comfortable with the data that is collected?
• What are the reviews? Be suspicious of fake reviews, such as large numbers of extremely short reviews all posted within a couple of days.
• What permissions does the extension ask? If it wants to read your data on all sites that you visit, do you believe that it has a good justification?

None of this advice is perfect. Extensions with extremely modest permissions can still interfere with your internet search. Genuinely good extensions can suddenly release malicious features. And truly malicious extensions can be disguised as coming from a reputable and trustworthy developer.

Still, being careful will help you avoid the vast majority of browser infections and stay safe on the internet.

We’ve written before about constant error messages displayed by your computer (If You’re Constantly Receiving Error Messages). Error messages are shown when your Operating System (Windows, macOS, Android, iOS, etc.) encounters a problem that it can’t solve.

You can use error messages to diagnose a problem with your PC. These messages also help PC technicians and tech support staff help you.

In addition, your OS will report such errors to its developers. These developers then will try to solve them and deliver the fixes in future updates.

How to Deal With Fake Error Messages

But what if your computer constantly displays error messages that seem… unusual? Maybe the error number does not refer to a real error? Maybe the warning includes strange and absurd claims?

Take the Error #268D3 alert as an example. It gives you an error number, that seems legit. But it also tries to scare you, which is strange for an error alert.

Fake error reports often threaten that your PC is horribly infected, that your photos and passwords are being stolen RIGHT NOW, and even that your computer will be blocked. And they can be genuinely stressful and intimidating.

They are not real error messages. They are scam or prank sites trying to scare visitors.

So, what to do?

If you see a computer error on your screen, should you seek help from tech support? Or should you ignore it because it might be fake?

The answer is the former – you should ask for help and advice.

Constantly seeing real computer errors heralds a genuine problem with your PC’s settings or hardware. Similarly, seeing fake errors indicates a problem with your PC’s security. A problem is a problem – and it needs to be solved.

Djvu, also known as STOP, is one of the most popular types of ransomware. It infects Windows computers all over the world. 

Ransomware programs are malicious programs. They restrict access to your computer or your data and demand a ransom.

You might have heard of various ransomware attacks of large businesses. Some of those attacks also resulted in data leaks. One of the most devastating crypto malware attacks was NotPetya. It crippled international companies and disrupted the daily life of millions of people (The Untold Story of NotPetya, the Most Devastating Cyberattack in History).

All this might make ransomware seem like a distant threat, something that only large businesses and governments need to care about. But Djvu proves this wrong. It is remarkable because it is so small and so incredibly widespread. Djvu infects PCs all over the world and asks for a ransom that is high, yet affordable. This makes it a real threat to individual users and very small businesses.

How to recognize a Djvu infection

Ransomware infections are characterized by data on the infected computer becoming inaccessible. By your files being broken.

When it’s Djvu ransomware at fault, it encrypts those files and adds a new extension to their names. Usually, it’s a meaningless four letter combination, like “coos”, “pola”, or “djvu”. This letter combination is appended to the names of all encrypted files.

Scan.pdf.djvu

In addition, those files change icons to the blank page icon. The new file names confuse Windows. The operating system can’t recognize what file type they’re supposed to be.

You can read more about the specific Djvu effects, including fake Windows update pop-ups and spyware infections, in this article – DJVU Virus (Ransomware). It also lists a few possible solutions for getting your files back, such as data recovery and file repair.

Unlike many other ransomware infections, Djvu does not change your desktop background. It does create text files with a ransom note, including the contact details of the people responsible for the attacks.

We don’t know who these people are. Only that they’re responsible for one of the most infectious ransomware strains out there.

While ransomware researchers have made efforts to help the victims of Djvu (Emsisoft releases new decryptor for STOP Djvu ransomware), there is no free and easy solution for the majority of victims.

Djvu gets uploaded online disguised as a free version of a commercial program, such as Microsoft Office. Meaning, it preys on those who are already financially vulnerable. And it makes them pay hundreds of dollars for a chance to get their data back. If you want to talk to people in the same situation, visit the forum for Djvu victims: STOP Ransomware Help & Support Topic.

Long story short, Chromium is legitimate open source web browser and cyber criminals took advantage of that name, using it to distribute malware.

However, things are not that clear in this case – there is actual Chromium virus that looks just like original Chromium web browser and users tend to have a hard time figuring it out.

Perhaps the biggest downside of this problem is that users just keep using malicious application while thinking that they are using trustworthy open source web browser and that puts them in actual danger. It is very important to realise if your computer is infected with virus – then you can evaluate possible consequences and take action.

You might think why it is dangerous? Well, Chromium virus can possibly collect information about you and steal it, track every step you take online and even display you sponsored content, such as pop-ups or banner advertisements, as if the web is not already full of annoying ads, right?

This unpleasant situation is the result of the open source – anyone with enough knowledge can modify the code of this browser and then distribute it. Crooks love that, as they simply edit some code of original Chromium web browser and turn it into Chromium malware, then just bundles it with other freeware to spread it to users.

In fact, Google Chrome itself is based on Chromium open source web browser, only it is owned by Google and they don’t allow anyone to make changes to it. So the easiest solution in keeping your computer secure if you don’t want to spend time finding out whether your Chromium browser is legitimate or malicious – just use Google Chrome instead.

The answer is hidden in “About” section

Actually, it’s not that hard to learn about Chromium origins if you know what to do. Cyber security researchers from 2-viruses.com described it as this:

That [learning origins of Chromium] can be done by simply opening “About” page on the web browser. If it is not Chromium, you will see text “eFast . a web browser built for speed, simplicity and security”

While eFast is just one of many companies using Chromium name to distribute malware. It also can be Fusion, MyBrowser, Olcinium, Palikan, Qword, Tortuga, Chedot or any other malware developer.

You should only use Chromium if there is original “Chromium” logo and slogan in “About” page. Any other case means that you are currently running a malware on your computer. You do remember that it is dangerous, right?

Windows 8 system freezing can be characterized by not functioning of some controls. For example it might be impossible to execute such commands as clicking on buttons, closing of windows or scrolling in the task manager. This can happen to a computer after updating some applications.

Read More→

Many PC users are complaining about seeing File Restore popups that claim that their PC is heavily corrupted and needs fixing. The program lists various hardware errors. Do not believe in them! File restore is a well known Fake HDD scam, that plaques thousands of PC.This virus attacks computers with a help of Trojan horses therefore a computer user does not notice infiltration in most cases. For the installation of File Restore virus you do not have to give any special permission and have no control over the process.
File Restore scam is distributed through infected websites and fake shareware downloads. You might visit completely harmless site and still get infected if the site gets hacked or displays unchecked advertisements. In many cases File Restore is installed without any confirmation of your part, thus it is nearly impossible to prevent without good antivirus. Luckily, it is still possible to remove and fix PC infected File Restore for good.