BugsFighter

Zloader (also known as DELoader and Terdot) is a malicious piece of software classified as a virus-type program. Research shows that it is distributed through third parties web pages displaying fabricated error notifications like this 'The Roboto Condensed' font was not found. There has been an investigation conducted and it turned out that it is bundled in another malvertising program called Zeus, a banking trojan designed to gain access to confidential information stored or processed through online banking systems. When a malicious page is opened, it displays a message saying that the page failed to upload properly because the Roboto Condensed font was not detected for some reason. Depending on the browser you are using It offers visitors to fix this error by downloading and installing the font through either Mozilla Font Pack or Chrome Font Pack. These folders contain Chrome_Font.js or Mozilla_Font.js. The extensions stand for JavaScript file that is meant to install Zloader and thereby distribute Zeus banking trojan which is able to hijack passwords along with other credentials hence leave you without a penny in the back. In this article, we are going to discuss the most acute reasons and solutions you can apply to get rid of this virus.

Many experts consider VK+OK AdBlock to be an unwanted browser extension. Such an assumption is true as long as it runs suspicious activity without the consent of users. Initially, VK+OK AdBlock is the name of a Google Chrome extension available for download in the official store. Its main goal is to improve the browsing experience by blocking ads across all social media popular in Russia. However, despite it is able to perform this feature indeed, some actions taken by the extension are shady and do not consent users. At first, VK+OK AdBlock keeps sending information to its server in Russia even when users stop using any social media websites. This says there is a risk of data surveillance, which can be gathered by the developers and used in illegal needs. The second suspicious thing is why VK+OK AdBlock ads itself to the exception list of Windows Defender. Apparently, the extension has some security issues and does not want to be removed by the antivirus program. Lack of transparency, as well as unwanted distribution methods, puts VK+OK AdBlock onto the list of potentially unwanted extensions that should be removed from your system.

GABUTS PROJECT is a ransomware virus that encrypts system-stored data to extort money for its return. It does so by appending the .im back extension to each modified file. Files like music, videos, pictures, and documents will acquire the new extension and reset their original shortcut icons. Here is an example of how encrypted files will look like - 1.pdf.im back; 1.mp4.im back; 1.png.im back, 1.docx.im back, and so forth. After this, the virus features a pop-up window and creates the "gabuts project is back.txt" file containing ransom instructions. The text is written in first person with requests to send 100 BTC for data decryption. This is exactly the price victims should send in order to restore the data. It is also mentioned this payment has to be done within 1 day after infection. To begin communication, victims should write to the pinned e-mail address. According to the text, there is also an option to decrypt 1 file by accessing the tor link. Unfortunately, nobody will pay the price of 100 Bitcoins (5,712,670$) unless it is a big corporation that lost extremely important data.

Also known as Ranzy Locker, ThunderX 2.1 is a new ransomware sample that runs thorough data encryption. Depending on which version attacked your system specifically, you may see one of these 3 different extensions assigned to data - .RANZY, .RNZ, .tx_locked or .lock. To illustrate, an innocent file like 1.pdf will change to 1.pdf.ranzy, 1.pdf.tx_locked, or 1.pdf.lock at the end of encryption. It will also reset its shortcut to blank. Right after this, the virus creates a text note named readme.txt that contains ransom instructions. Cybercriminals call victims to follow the listed instructions as this is the only option to recover your data. All files have been rendered inaccessible with the help of secure encryption algorithms. To revert these consequences, victims are guided to contact developers through e-mail and buy unique decryption software. While sending a message, it is also required to attach a key string and personal ID from the note. In addition, they offer to send 3 files and receive them decrypted for free. They claim this is a guarantee of their trustworthiness and ability to restore the data. Nobody apart from victims knows how much money extortionists behind ThunderX 2.1 demand.

Babyduck is a ransomware infection that encrypts data by assigning the .babyduck extension. The word encryption means users will no longer be able to open system-stored files because they are blocked. Those files will undergo two visual changes - a new extension and a reset of shortcut icons. To illustrate, a file like 1.pdf will be altered to 1.pdf.babyduck and drop its icon to blank. Right after this, Babyduck creates a text note with ransom instructions (README.babyduck). Research related to this ransomware version has been temporarily frozen and not yet updated. The only thing that stands out clearly is how encrypted data will look after the ransomware attack. Despite there is no precise information on ransom instructions, they are more likely similar to other file-encryptors. Cybercriminals will probably ask you to pay for special decryption software that will access your data. The payment can be usually done only in cryptocurrency like Bitcoin. Apart from this, it is also common to see extortionists offer free file encryption.

Sometimes users may have restricted permissions that prevent Windows from updating correctly. For this exact reason, access can be denied resulting in errors like 0x80070005. In most cases, the update will reach 100% but refuse to restart your PC to finish the installation. The same problem with permissions can happen when trying to install a program. Luckily, there are ways that can help you resolve this issue and succeed in getting the necessary updates. Scroll down to our list of solutions and perform all steps below.

SUPERSUSO is a ransomware program that uses strong encryption algorithms to cut users from accessing their own data. Such a change is meant to stimulate people into paying the so-called ransom to recover encrypted files. Victims will learn about file encryption by new extensions assigned to them. SUPERSUSO developers use the .ICQ_SUPERSUSO extension to rename all the blocked data. For instance, a file like 1.pdf will change to 1.pdf.ICQ_SUPERSUSO and reset its original icon. The same will be applied to all data blocked across your system. After this, SUPERSUSO issues a text file named #Decrypt#.txt to explain recovery instructions. At first, victims are instructed to install ICQ software for PC, Android, or IOS and write to cybercriminals' recipient address, which is mentioned in the note. ICQ is a reliable and legitimate messenger used by cybercriminals to establish anonymous communication with their victims. Should victims fail to contact developers within 72 hours, the compromised information will be gathered and leaked to darknet markets.

Shasha is the name of a ransomware virus that encrypts and changes data with the .shasha extension. The new extension is not an essential part of the encryption, but rather a visual aspect meant to highlight the blocked data. If you see this extension assigned to most of the data like this 1.pdf.shasha, then you are undoubtedly infected with ransomware. The developer's next step after blocking access to files is to explain how to recover it back. For this, cybercriminals in charge of the Shasha virus create a text note called READ_ME.txt and change desktop wallpapers. Inside of this note, extortionists claim they are the only figures able to decrypt your files. To be more precise, they are the ones holding private keys and decryption software that can unlock the data. Victims are requested to buy it for 50$ in BTC. The payment has to be sent through the Bitcoin address attached in the note. Unfortunately, it is quite uncertain how cybercriminals are going to send the purchased decryption software to you.