BugsFighter

Search.queryrouter.com is unwanted search engine with minimalistic design, that resembles popular search engines. Actually, this website redirects search queries to Google. Search.queryrouter.com claims to collect user browser information for purposes to improve its services, however, as we can see on the example of other hijackers, this information is used for advertising purposes, or just sold to third parties.

All-czech.com is website, that is used to hijack browser settings in Google Chrome, Mozilla Firefox and Internet Explorer. From the name of the domain one may think it is aiming Czech Republic, but in fact this is just one of the random names hijackers use to mislead users. This search engine targets international audience and redirects user search queries to cse.google.com, which is Google Custom Search.

Yeabd66.cc is potentially unwanted search engine for Google Chrome, Mozilla Firefox and Internet Explorer. It uses Google Custom Search to deliver search results to user. Main page of this hijacker contains advertising banners, links to popular shopping websites, online games, social networks. If user types search query and clicks "search" button, he is redirected to cse.google.com.

Osiris Ransomware is newest variant of Locky ransomware. According to its name, new virus adds .osiris suffix to encrypted files and modifies filenames so they look like that: [8_random_characters]-[4_random_characters]-[4_random_characters]-[8_random_characters]-[12_random_characters].osiris. Osiris encrypts files with RSA-2048 and AES-128 algorithms that currently cannot be decrypted. Ransom is near 2.5 BitCoins (~$1880) and there is no earthly use to pay it. Osiris ransomware alters desktop background with typical image with text instructions. User can only make payment to anonymous Bitcoin wallets, so that police cannot keep track on malefactors.

.zzzzz Ransomware is another variant of Locky ransomware, that adds .zzzzz extension to encrypted files. Virus encodes user files with asymmetric encryption algorithm and modifies filenames with 32-digit alphanumeric code. This makes it difficult to discern where certain files are and complicates decryption. After completing encryption ransomware creates 3 files (-INSTRUCTION.html, _6-INSTRUCTION.html, and -INSTRUCTION.bmp) and replaces desktop background image. In this files virus contains texts to persuade users to pay the ransom. Ransom is actually quite big - 3 BitCoins or ~$2200.

Plusnetwork.com is minimalistic search engine similar to Google, Yahoo or Bing. It was developed by Zone Media LTD and is distributed along with product of this company: Messenger Plus! Skype Add-on. It is used to hijack search engine and homepage settings in Google Chrome, Mozilla Firefox and Internet Explorer. Finally, all users search queries are redirected to Plusnetwork.com.

EasyPDFCombine Toolbar by MindSpark is unwanted browser extension for Google Chrome, Mozilla Firefox and Internet Explorer. This is toolbar, that provides access to online tools for PDF to DOC conversion, translation and merging documents. But in addition to that, application modifies browser search and homepage settings to hp.myway.com, that is well-known unwanted search engine.

Aesir Ransomware is another crypto-virus in the generation of Locky ransomware family. Virus uses RSA-2048 and AES-128 encryption algorithms. Aesir detects and encrypts more then 450 file types, and most sensitive are user documents, pictures and videos. Now it appends .aesir extension and has some minor technical changes in comparison to previous versions. This crypto-virus renames files with complex and random 24-character alphanumeric code separated by dashes. Ransom amount is huge: 3 BitCoins (~$2200) and there is no earthly use to pay it. Malefactors, who created this malware never send decryption keys. Aesir modifies desktop background with an image that contains information about the infection and instructions for user to pay.