Search the Community

Showing results for tags 'malware'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • General
    • News and Announcements
    • SUPERAntiSpyware Blogs
  • SUPERAntiSpyware Free Edition and SUPERAntiSpyware Professional
    • Frequently Asked Questions
    • General Questions
    • SUPERAntiSpyware Centrally Managed Solution
    • Marketing and Promotion
    • Suggestions
    • False Positives
  • Malware Removal
    • Malware Removal Discussion
    • Malware Diagnosis and Help
  • SUPERAdBlocker
  • SUPERAntiSpyware Pre-Release
  • Other
    • Off Topic

Found 29 results

  1. Watch out for fake USPS delivery emails! We at SUPERAntiSpyware have been alerted to scam emails hitting users claiming to be from the US Postal Service (USPS) that contains a link that will infect them with malware. One of the emails being used by this scam is notice@ussp(DOT)com The subject line of the email will typically be titled “Delivery notification – Parcel delivery *NUMBER* failed” containing a message that the user please call the number on the shipping notice we left at your doorstep (which there will be none!) to arrange a new delivery, and a link which you can view the delivery notice online, on the USPS website. This is a fake link to a malware infested website. If you see a link in a suspicious email such as this do not click the links or open the attachments no matter how innocent they sound. If it claims to be from an official organization, call them and ask if the email is legit. Better safe than sorry!
  2. How do I submit spyware samples to the SUPERAntiSpyware team? If you wish to send our Spyware Research Team a sample, please use the SUPERSampleSubmit tool which may be downloaded HERE Submit your spyware samples to our Spyware Research Team Please ONLY submit files that you believe are threats. These samples will be placed into our queue for review and analysis.
  3. Hi, when I scan with superantispyware, it comes up with directories and files on the scanner that say that they exist, and if I search them up on google they are malware, but they don't exist when I go to the directory on my computer. Am I infected with malware? Superantispyware says my system is clean on completion of a scan. My malware definition update is 13379, and superantispyware version is 6.0.1236. Here are some examples: (x86) s-1-5-20\software\zango C:/program files(x86)/newdotnet (x86) wav6com.av office protect (x86) software/Microsoft/windows/current version/uninstall/Alert Spy C:/program files(x86) / spy heal C:windows/ocenuxos.bin (x86) interface/EE836B19-1991-4951-918D-479DB2F0B693} C:/users/my-username/appdata/roaming/Microsoft/windows/startmenu/programs/unigray antivirus C:/program files (x86) / anti spy check 2.3 (x86) s-1-5-18 /software/total secure 2009 (x86) s-1-5-18/ software/GAV C:/users/my-username/startmenu/programs/antivirus plasma C:/users/my-username/appdata/roaming/ microsoft/IE/ quick launch/ virus trigger 2.1.link These all don't appear on my system when I go to the locations. I think (x86) is hkey/local machine? But I'm not sure. Also, when I ran system investigator, it came up with sscprot.DLL and with an invalid signature. It also came up with 5mxxxzbr.dll in my %temp% folder. Thanks for reading! I hope that you get back to me soon =)
  4. “The HoeflerText Font Wasn’t Found” Google Chrome Malware Scam – What it is and how to avoid it! You are browsing the web and accidentally land on a website with nonsensical characters instead of letters and you receive a prompt to download a missing font in order to read the website. You are told in order to fix the error and display the text, you have to update the “Chrome Font Pack”. Whatever you do, please do not click that blue Update button! Fake Google Chrome Prompt asking you to install the malware It is a scam designed to trick users into installing malware onto their systems. This malware is ranging from Ransomware, to Trojans, to various adware bundles. How to avoid it The fake dialogue box informing you that the “The HoeflerText Font Wasn’t Found” will claim you are using Chrome version 53 even if you are not using that version, which tells you something isn’t right and that the prompt you are seeing is fake. Make sure you are using the latest version of Google Chrome which you can download by clicking here Make sure you are also using the latest version of SUPERAntiSpyware with Real-Time Protection enabled, a feature only available for SUPERAntiSpyware Professional users.
  5. Tax Season is here – Watch out for Identity Stealing Spyware! Keep your personal information safe this tax season by doing a Free scan with SUPERAntiSpyware Free Edition We want to remind everyone that tax season is the time of increased attacks from spyware, various methods of phishing , and scams. Spyware and Malware authors significantly increase their activity during the tax season in order to try to steal data and withdraw money from bank accounts, steal credit cards, passwords, and other malicious acts. During this tax season its important to do a few things to help protect yourself online: 1) Make sure your Operating System and software applications such as web browsers and email clients are up to date. 2) Run a Complete Scan with SUPERAntiSpyware regularly with the latest updates, at least twice a week during this period of increased activity. 3) Be cautious before visiting strange websites, or opening strange email attachments. Think before you click! 4) Manually erase, or use privacy software, to delete sensitive data from you PC. Spyware cannot steal what isn’t there! 5) Lookout for spam phishing email impersonating government, bank, or tax company officials asking for sensitive information. Do you have any security recommendations that help you stay safe during the tax season? Feel free to leave a comment below! -SUPERAntiSpyware Team
  6. Facebook Malware Attack We’re receiving reports that Facebook is being used as a new vector for executing malware attacks, specifically as a means to distribute the Locky ransomware. While the ransomware variant is not being hosted directly on Facebook, this new version is being hosted in a peculiar way. The attack starts by a presumably infected machine sending out a message to people in your friends list. This message is actually a SVG (Scalable Vector Graphics) file that is being masqueraded as an image for you to download to view. Once the file has been downloaded and opened, the payload is delivered. Because of the way SVG files work, JavaScript can be embedded into those files and opened with a modern web browser. That JavaScript will then execute and direct the user to a website that mimics YouTube, but with a completely different URL. Once on that site, a popup is pushed to the user asking them to download a certain extension on your machine in order to view the video. After the extension has been installed, the attackers have the ability to view and alter data regarding the websites you visit, as well as access your Facebook account in order to message all of your friends with the same SVG file. The payload is delivered through the Nemucod downloader Trojan, which has been known to download copies of Locky on victim’s PCs. While Google and Facebook have been made aware of this attack, it is possible that proper remediation could take time. The best course of action if you receive such a message is to ignore it, clear your conversation history with that person, and report them to Facebook as having a compromised account. If you have already been infected by this attack, there’s not much you can do outside of removing the offending extension in Chrome by going to Menu > More Tools > Extensions and check to see if either Ubo or One extensions are listed. This is also a good time to remove any unknown extensions that are installed as well. Remember, once you have been locked out of your system by a piece of ransomware, your options for recovery are only as good as the backups you have made. Keep your backups up-to-date, and save your data on an outside drive as frequently as possible. Once a ransomware infection has taken place, any attached drives to your network are at risk. Never keep your backup drives attached to your machine when they are not in use.
  7. Think you have a virus? Here's what to do: First Download: SUPERAntispyware Download:http://www.superantispyware.com/download.html (free or Pro trial) Malwarebytes: https://www.malwarebytes.com/ (Free or Premium) Then: Install SUPERAntispyware and Malwarebytes. (Restart computer if prompted) Run SUPERAntispyware as administrator (right click the programs Icon -> Run as Administrator). Wait for it to load. Update your database by clicking 'click here to check for updates' on the main home screen of SUPERAntispyware. Now: Click on 'Scan this computer' in SUPERAntispyware. Recommended Pre-Scan Actions: Check/Tick all the Recommended Pre-Scan Actions boxes. (Pro needed for Malware Database updates option) Scanner Options: Check/Tick the 'Enable Rescue Scan' box Check/Tick the 'Active Scan Boost' and also choose the 'High boost' Option Check/Tick the 'Scan Internet browser tracking cookies' box Check/Tick the 'Scan inside ZIP archives' box Start the scan by clicking on the 'Complete Scan' option. Now wait for the scan to finish. Once the scan has finished, it will give you some options if any issues were found: Remove/Delete Quarantine (recommended) - Then If prompted restart the computer. Next: Run Malwarebytes as Administrator (right click the programs Icon -> Run as Administrator) Click the update option if it doesn't update automatically. Click on the 'Scan' tab at the top of the program's window. Click on 'Threat Scan' and wait for it to finish. Once finished, if there was anything found you will be prompted to: Delete (Recommended) Quarantine - Any issues found. If prompted, restart your computer. Finished! Hopefully, by this point, any Viruses/Malware etc. will have been removed. I hope this helped. If you continue to have problems, please feel free to let me know below, and I will try to provide help the best I can. I do not work with SUPERAntispyware nor am I part of the SAS forum staff I just thought I'd make this as it has always worked for me.
  8. If you wish to send our Malware Research team a sample, please use the SUPERSampleSubmit tool which may be downloaded here: SUPERSampleSubmit Sample Submission Utility Please ONLY submit files that you believe are threats. These samples will be placed into our queue for review and analysis.
  9. If you wish to send our Malware Research team a sample, please use the SUPERSampleSubmit tool which may be downloaded here: SUPERSampleSubmit Sample Submission Utility Please ONLY submit files that you believe are threats. These samples will be placed into our queue for review and analysis.
  10. Prevention is the best way to ensure you are never infected with spyware and your data is never lost or stolen. It is possible to clean up an infected machine and remove spyware but sometimes the damage from certain spyware, such as ransomware, cannot be fixed as files become encrypted or otherwise corrupted. While no single solution available is a silver bullet, the following list outlines some of the best practices in lessening the risks of losing data after an infection: Backup your files and software! Having backup copies of your photos, documents, software, and other files can make sure you never lose them to a malware infection such as ransomware encryption. Many people choose to use external drives or the cloud for their backups, but keep in mind that if you use external drives, the data can still be at risk if you leave your backup drives connected to your machine at all times. We at SUPERAntiSpyware offer an Online Backup Solution as an optional service when purchasing SUPERAntiSpyware at $6.95 a month. This subscription allows you to backup and protect your important files and documents onto a cloud-like server so you always have copies of your important files. You can read more about our backup services here: https://www.backup.support.com Keep SUPERAntiSpyware up to date and run regular scans. We update our definition list twice a day to make sure our users catch the latest threats, as well as periodically release software updates. It is imperative users keep up to date so their software continues finding the latest threats. In order to make sure that nothing creeps in between scans, we recommend regular scanning at least once a week, if not every day. Update your Windows Operating System and Software you use. Make sure you always are using the latest version of Windows with the latest updates and security fixes. Most Windows updates are patches for existing and/or potential vulnerabilities, so keeping these holes filled is crucial in stopping the spread of malware. Additionally, using unsupported operating systems (anything older than Windows 7 as of right now) can leave you just as unprotected. If you are using web browsers such as Firefox, Chrome, or others, always make sure you are using the latest versions, and don’t forget to update any add-ons, plugins, or extensions you use to the latest editions. Double Check Emails before opening them. Check the sender of every email you receive. If you do not know them, or the email looks suspicious, do not open it! Delete it! Do the suspicious emails include links to click or strange attachments? Do not click the links or open the attachments no matter how innocent they sound. If it claims to be from an official organization, call them and ask if the email is legit. Better safe than sorry! Use strong passwords and/or multi-factor authentication. Good passwords are long. Good passwords also contain capital and lower case letters, numbers, and special characters. Do not use an easily guessable password that contains personal information like your birthday or the name of your pet, and do not use the same password for every website! This makes it harder for hackers to gain access to your personal information, especially when you use different passwords for every site. It might be a bit more to remember, but it diminishes the risk and the headache of sorting everything out after your information is stolen. Many sites, such as banks, often will have multi-factor authentication available. With these systems, you not only need a password, but you also will need a special code that is often randomized on a dongle or smartphone app. These types of systems are more secure than just a typical password, as the extra step is incredibly difficult to hack into. Use an Ad blocking Extension. Software such as Adblock Plus and uBlock Origin for your internet browsers are free, cross-platform browser extensions that filter unwanted content such as ads, pop-ups, rogue scripts, and even IP leaks. Using an ad blocking extension on your web browser will greatly lessen the impact of “Malvertising”, website ads that drop rogue programs onto your PC without your knowledge. While these programs might not block every ad you encounter, the chances of you running into something particularly malicious will be reduced dramatically. Remove unsupported software. Many software programs, such as Flash or QuickTime, are no longer supported by their publishers, or are no longer supported by modern web browsers. This means that existing versions can have massive security flaws, despite there being many users who still have the software installed on their computers. It is recommended that users uninstall software that has been abandoned by their creators, especially if it is something that deals with content on the web. At the same time, many newer pieces of software cannot run on older operating systems such as Windows 98, Windows ME, and even Windows XP. Keep your operating system up to date! When Microsoft stops supporting an old operating system, they stop all updates, which can lead to vulnerabilities being exploited. Don’t talk to tech support scammers. If you’re on the internet and suddenly get a pop-up or email claiming your PC is infected with a virus, and that you need to call a listed number immediately, do not do it! A real security company wouldn’t sell their services from sketchy pop-ups or emails. These companies typically list a 1-800 number for you to call so they can try to lure you into spending potentially hundreds of dollars and giving them remote access to your PC. More likely than not, they will try to infect you or steal personal information during their remote access “work”. Make sure you are on secure connection when purchasing products online or entering in personal information. You can tell you are on a secure website when the URL reads “https” and not just “http.” This is also referred to as HTTP over SSL which is encrypted. This protects against eavesdropping and tampering. Often, the address bar will change color or display a lock icon next to the URL you are visiting if you are connected through a secure HTTPS connection. Use a firewall. Since Windows XP, every Microsoft operating system has come with a firewall. It is recommended you make sure this is always enabled. If you use a third party firewall, it is also recommended you always keep it up and running. Firewalls use rules and examine network traffic as it passes in and out of your PC. If a connection does not follow the firewalls rules, it will be blocked. This also allows you to monitor activity on your network from intrusion attempts or if rogue software on your PC is trying to reach out to a hacker. Even the most cautious of people can get infected; however, by following these tips your risk of getting infected or being unable to recover from an infection will go down dramatically. Remember to stay safe, exercise caution, scan regularly, keep everything up to date, and backup your data often.
  11. Typosquatting is a type of internet scam that relies on end users making mistakes, such as spelling errors or entering the wrong domain name when entering a websites URL. It is also commonly known as URL Hijacking. There are many motivations for a hijacker to take the Typosquatting approach to deceiving unsuspecting victims: 1) To redirect web traffic to their own or a competitor’s product. 2) Installing malware to infect the user’s machine, typically with ad-hosting pieces of malware. 3) Freeze the web browser for a fake Tech Support scam, scaring the user into calling a fake tech support number claiming the user has a virus infection. These scams potentially cost the users hundreds of dollars. 4) To steal user information by running a phishing scheme to mimic legitimate website. 5) Making revenue from the user clicking on advertisements (either in plain site or disguised as legitimate search links) on the Typosquat website. 6) To blackmail or strong-arm payment from the company they're Typosquatting in order to force a purchase of the website from the Typosquatter. A scammer who runs a Typosquat scam typically registers a website address with spelling close to the legitimate websites address. This is typically something simple like omitting a letter, adding a letter, or using a different Top Level Domain. For example if a user wants to go to our website, they may end up typing superaantispyware[dot]com with double a’s. This will end up showing a user a Typosquatting website such as this: Another type of Typosquat scam would be due to the person improperly typing out the full URL, typing something like google [dot] om , rather than typing google [dot] com. In this instance, the person typing the .om domain would actually be viewing a page hosted on Oman's Top Level Domain, rather than the basic .com domain. In some instances, large corporations will buy up as many associated domains as they can in order to prevent this type of mistake (Google, for example, has variants of their site containing multiple o's and different Top Level Domains); however, not all companies have the foresight and/or money to do this. It is easy to avoid falling prey to a Typosquatting scam. Here are a few easy things you can do to prevent this. 1) Never open links in emails from unexpected senders, and exercise caution when visiting sites you're not familiar with. 2) Bookmark your favorite websites so you can easily access them. 3) Use a search engine like Google, Bing, or Yahoo when looking for a specific website if you are unsure about the spelling or if the business' website is the same as their name. Some car dealerships, for example, use dealer names or slogans as their website. 4) Double check the URL you are typing before loading the page 5) Make sure Real-Time Protection is turned on in SUPERAntiSpyware Professional 6) If you are starting a web-based business, consider buying multiple domains that are similar to your primary site to preemptively stop Typosquatters. Most domain registrars will offer bulk rates when you purchase more than one domain at a time. While this type of attack is somewhat uncommon by today's standards, it still happens every once in a while. By practicing safe browsing habits, keeping your web browsers up-to-date, and running regular scans of your machine, you should not be impacted by most of these types of attacks.
  12. Some of the earliest computer viruses and malware were created using macros in Microsoft Office documents. These pieces of malicious code would run once the document was opened, and the infection would happen without the user even being aware that their machine had been compromised. While these types of attacks had fallen out of favor over the years, they've come back in style and are more popular than ever before. What exactly is a macro? While you've probably heard the term thrown around before, most people don't actually know what they are, or what they're capable of. In short, macros are little snippets of code that run through your office software. Many people use macros to speed up a repetitive processes, like formatting items. Unfortunately, the same type of code that is used to perform the mundane can also be used to perform the malicious. Due to the ease of abuse, Microsoft removed the automatic enabling of macros many years ago. This is ultimately what lead to the majority of these types of attacks going by the wayside. Because there was no longer a way to abuse this on most machines, would-be attackers changed their methods to more traditional programs, which are far easier to detect with a normal malware scanner. With the recent surge in ransomware, new methods of delivery were needed by would-be attackers. The anti-malware engines had been able to detect many variants, and it was only getting easier. This meant that stealth was needed. What better way to do that than to bring back a tried-and-true method in Office Macros. Few people expected it due to the fact that these infection types hadn't really been seen in years. The basic attack is carried out like this: 1) An infected person sends you an email with the subject similar to "ATTN: Invoice Attached" that has a Word document attached. 2) The person downloads and opens the file, only to see a garbled mess of characters with a notice that says "Enable macro if the data encoding is incorrect" in big bold red letters at the top of the window 3) The unknowing victim enables macros, thereby initiating the malicious code 4) The code runs, sending out an email to your Outlook contacts (attempting to infect them), downloads whatever payload(s) it wants, then runs the ransomware (locking your files) Because of the sharp increase in these types of attacks, Microsoft, SUPERAntiSpyware, and many other security vendors recommend that all users disable macros if they do not need to use them. While Macros should be disabled by default, it is worth double-checking your preferences in order to ensure that you are protected as best as possible. For more information on how to disable macros in Office files, please visit this Microsoft Support article. NOTE: This is a recommendation specifically for home users, if you are in a work environment please contact your IT department first before making any changes!
  13. A lot has changed in the world of ransomware since we last talked about it on this blog back in 2013. For those who are new to ransomware, this post should provide a primer of what this family of malware is and what it does. For those who are more well-versed, some of our best practices at the end of this post should help provide some extra prevention methods. TeslaCrypt, Locky, CryptoLocker, CryptoWall, and other ransomware families are making their way around the internet at break-neck pace. If you find yourself in the unfortunate place of having fallen victim to this type of malware, you’ve essentially got two options: pay up or start from scratch. While this is not something that most people want to hear, it’s the unfortunate reality for a machine that’s been ravaged by these types of infections. Even the FBI has come out and stated that your best option at data retrieval is to pay the ransom (if you do not have proper backups)! What is Ransomware? Ransomware is a designation given to families of malware that encrypt your personal files, and then demand a ransom payment in order to be given the decryption key. The types of files that ransomware targets range from generic text files and documents, to pictures, to video games, to music, and even beyond. Unfortunately, the type of encryption that’s used is so strong, that newer versions of some ransomware are completely impenetrable. Most ransomware families are spread by a special type of Trojan called a “dropper”. The purpose of a dropper is to run processes in the background of your machine to download and execute code from a remote server. That code then searches your computer for files of a specific type (or types), then modifies those files by scrambling them with high-end, two part encryption. After a critical mass of files have been encrypted, the ransomware will then typically create a few different unencrypted documents and/or display a dialogue on your machine telling you that you’ve been locked out of your files unless you pay the price. To add fuel to the fire, many different variants will have a timer imposed upon you for when payment is “due” to them. If you don’t pay in time, they either increase the ransom, or delete the encryption key from their server, thereby making it impossible to retrieve your files. To make matters worse, many different ransomware variants will disable the Volume Shadow Copy Service on your machine. This service is used by Windows to perform automatic backups and create restore points. These backups are what you would typically use to “roll back” your computer to before a major change happened. How did I get infected? Ransomware droppers come in all different shapes and sizes, but one thing that’s true about them is once they’ve been started, it’s almost always too late. These droppers typically are files that you download from your email, other websites, or p2p servers (such as torrent sites). Unfortunately, this is changing rapidly, and we’re starting to see “drive-by” exploits occur in the wild through infected ad-streams on popular sites many people visit on a daily basis. One of the most frustrating parts of ransomware infections are that they’re extremely difficult to clean up. Even if you run antivirus and antimalware scanners, once the damage has been done, there’s nothing that these pieces of software can do to reverse the damage. These tools, including SUPERAntiSpyware®, can remove the underlying cause of the infection (the dropper) in many instances, but the encryption itself can’t be reversed. Some versions of ransomware will display messages saying that they are from the FBI, NSA, INTERPOL, or other law enforcement agency. They’ll accuse you of possessing illegal documents and/or visiting illegal websites. This type of scare tactic has fallen out of favor, as people have gotten wise to it. Most modern ransomware will simply display a page admitting freely that you’ve been infected and display instructions on how to pay the ransom. If you have a home or office network, it’s also possible that your machine got infected due to sharing a network with another infected machine. Because of how these infections work, they simply spread out across the drive space they can see, encrypting whatever data that can be found, regardless if it is on the machine that was initially infected. What about my data? If your machine has fallen prey to a ransomware attack, there’s not a whole lot that can be done with the files that were encrypted. Creating new files without removing the underlying infection is a fool’s errand, as they will quickly become encrypted as well. After coming to terms with the fact that your data has been encrypted, you will find yourself in the middle of an ethical quagmire. If you pay the ransom that is demanded, you will most likely get your files back; however, you’re actively giving these attackers what they want, which is your money. There’s also no guarantee that by paying, your files will be restored; however, if people didn’t get their files back by paying the ransom, why would people continue to pay? If you don’t pay the ransom, you will lose access to all of your files, some of which may be irreplaceable. This is probably one of the most difficult decisions you will make after an infection. While we can’t tell you one way or the other to pay the ransom or not, one thing that makes it extremely easy to rebound from is the availability of recent backups. If your backups are good, it is far more palatable to format your machine and reinstall the operating system than it is to pay the ransom. There are a few older variants of ransomware that can be decrypted by special software; however, these versions aren’t found in the wild much anymore for that very reason. How can I protect myself? There are many different steps you can take in order to help ensure that your machine doesn’t fall victim to a ransomware attack. Below you will find some of the best practices we have to offer: Back up your data frequently on an external hard drive AND in the cloud. One set of backups is very rarely going to provide you with 100% coverage, either due to timing differences between when you back up your data and what you’re working on, drive failures, or infection of files in your backup. If you network computers in your home or office make sure that each machine has its own set of backups. Most ransomware infections can not only infect drives that are connected directly to the infected machine, but also the drives of machines that are connected to the same network as the infected machine. Always disconnect physical backup drives from your machine when not in use. If you constantly have your backup drive plugged in, there’s a strong chance that the ransomware can find and encrypt files on your backup drive. Don’t ever download from a site that tells you that something is outdated on your machine. Websites aren’t able to detect outdated software or drivers unless you give them access to your machine. If you think that you have outdated software, download the latest version directly from the publisher’s website. Practice caution when downloading files of any kind, even if it’s something that your grandmother sent you. Many variants of ransomware will send out emails to logged-in accounts with copies of itself attached. Always make sure to save files to your machine before running them, and always scan those files with your antivirus and antimalware scanners. Keep your antivirus and antimalware scanners up to date with both the most recent versions of the programs themselves and the most recent versions of the detection databases. You should also take this practice a step further and make sure to keep your operating system up to date as well, as many attacks rely on exploiting bugs that have already been patched. Leave macros in Microsoft Office disabled if you do not use them regularly, and do not turn them on if you don’t. One of the most common attack vectors of ransomware is to have unknowing victims turn on macros in order to “fix” a document that appears to be corrupted. In actuality, once the macros are enabled, the dropper begins its work. Don’t give yourself (or other users) more login power than you need. Having administrator rights to your machine is definitely something most people overlook. Unfortunately, if a ransomware infection sees that you have administrative access, it makes the computer much easier to infect. (OPTIONAL) Use adblocking software while browsing the web, disable scripting within your web browser, disable Flash, and disable Java. Many of the drive-by attacks are distributed through infected advertisements, Javascript commands, or through the downloading of files automatically when you open the page. By turning off this vector of attack, you might limit some of your web browsing capability, but will be that much more secure against attacks.
  14. The internet today is just as dangerous of a place as it ever was. Sure, there are plenty of trusted websites you visit on a daily basis that pose little to no risk to your computer. The worst that happens to most people are unwanted tracking cookies from ad servers being placed on their machine, which is a small price to pay for free access to these sites, especially since they are so easy to remove with programs such as SUPERAntiSpyware®. Today we’re going to talk about Potentially Unwanted Programs or PUPs for short. What are PUPs? PUPs live in the grey area of the software spectrum. Sometimes, they can provide a service that you want, such as coupons or the ability to download videos from popular sites like YouTube; however, sometimes the programs that we classify as PUPs can be the underlying cause of unwanted behavior, such as displaying ads, installing other pieces of software, or modifying your web browser’s homepage. The most common sources of PUP “infections” are download websites that bundle other pieces of software in with the software that you are really trying to get. Unfortunately, many of the companies that make legitimate software don’t have a say in this bundling of software, as the download host is the one that is making a special installer that will offer up these other pieces of software before you can, or in order to, download and install the piece of software you want. Many people just click the next button over and over again until they get the software they want installed. The downside to this method of installing software is that you leave yourself susceptible to PUPs on your machine, oftentimes not realizing what has been installed until it is too late. This is what many of these bundled installers are hoping for. They want you to blindly click through so they can get paid for the install of software, as these sites get paid for each piece of software they are able to distribute to end-users, even if they don’t necessarily want what they’re getting. Once a computer has been “infected” by a PUP, the user may notice some major performance slowdowns or other erratic behaviors. The most common side-effects of PUPs include unwanted or unknown software popping up on your screen telling you there’s a problem, advertisements taking over your screen (either through the web browser directly, or through pop-ups outside the main browser window, system resources being hogged (slowing down the computer), toolbars being installed without your knowledge, and your browser’s homepage being redirected to an unknown/unwanted website. How can I protect myself from PUPs? The easiest way to avoid installing PUPs is to make sure that you’re downloading programs from trusted sources (always from the software publisher, if possible), you’re reading each of the screens on install wizards (removing any unwanted options from the installation), and do your research on whether or not the software that you’re looking for is safe and held in high regard by members of the community. One of the biggest traps that are out there in the wild is the ubiquitous “Big Button”. You have probably seen these before. Say, for example, you’re looking for new media player software to play movies and music. In order to get that software, you go to a file hosting website, and you’re immediately greeted with three green buttons, a red button, and a yellow button, all with the word “DOWNLOAD” in bold capital letters across the center of it. Which one is the correct button to press? Sometimes reading through the website isn’t enough to show you exactly which button is the real button, and which is an advertisement for another piece of software that’s been embedded near the correct button. Some websites even offer two different versions of the software: one that’s a clean installer, the other is an ad-supported/bundled installer. This is why we recommend trying to download the software you want directly from the company who makes it. They want you to use their software, so they’re going to make it as easy for you as possible to get what you want. That means no bundled software and no ads that are disguised as download links. Keep in mind that not all bundled software is bad. Many programs will offer downloads of legitimate products, such as Google Chrome or Dropbox. It’s a common occurrence in the software industry; however, if you’re not familiar with the name of the product a company wants you to install, you should always err on the side of caution and opt out of having that software installed. How do I get rid of PUPs? Most PUPs can be removed by going into your control panel and uninstalling them just as you would any other piece of software. In some cases, this unfortunately doesn’t always work. Programs such as SUPERAntiSpyware® try to remove these PUPs before scans, and most of the time we’re successful; however, new PUPs, new malware/spyware threats, and variants of existing threats, are created daily. A couple easy ways to try to get rid of these PUPs before running more in-depth cleaning are to make sure you remove any unknown browser extensions in your web browser, and using the add/remove programs feature within Windows. Typically these PUPs will have their own uninstall files that can easily remove the threat once it is known. As always, make sure you exercise caution when removing programs, as not all “unknown” programs are malicious. If you think that your machine might have PUPs that you can’t seem to get rid of, or any other malware infection for that matter, the best course of action is to first figure out exactly what you’re dealing with. If there is any distinguishing information you can see (like the program name), do a quick search to see how to remove the program. Most of the time, there will already be a removal guide available for the specific PUP or threat you’re dealing with. Dealing with pesky PUPs can be time consuming, but remember, the time you take to fix the issue when you first notice it is time you save dealing with a computer that’s been slowed down by these unnecessary and unwanted programs. Why are you calling <Software Name> a PUP? There’s nothing wrong with it! There are many different criteria that go into classifying a piece of software a PUP. Keep in mind that the first letter of the acronym stands for POTENTIALLY. If a piece of software you want or use on a regular basis is being detected as a PUP, you’re more than welcome to keep using it or ignore the detection within SUPERAntiSpyware®. We try to not remove anything from your machine unless we know that it has un-welcomed side effects. Some of the criteria we use for determining if a piece of software is a PUP is outlined below: - The software is known to display advertisements. This covers everything from pop-ups, pup-unders, ad overlays, inserting in-text ads, and replacing existing advertising streams. - Hijacking one or more installed web browser. This covers everything from redirecting the homepage (with or without permission), altering search results, inserting bookmarks, installing unwanted add-ons/extensions, and installing toolbars that bring value to the maker rather than the user. - Bundling other software. This covers everything from including other software as a bundle (optional or otherwise) with a desired piece of software, being included in a bundle from another software or download site, making it difficult/impossible to opt-out of bundled software. - The overall sentiment of the program is bad. This covers install and uninstall trends for particular pieces of software based on reviews and removal guides from trusted sources, using alarmist notifications to trick the user into purchasing, forcing a purchase to clean or fix issues with or without explaining what the issues are, and using misleading uninstallers to either force download more undesirable software or trick users into keeping the software. While this is by no means a comprehensive list, it is definitely a good starting point as to why we consider a program as being undesirable. There are plenty of other software review websites out there that will probably echo our sentiments; however, as always, if something is working for you, feel free to ignore the detection.
  15. Does anyone know what eSQ1zrkb download is? It keeps going into my downloads folder when I am on my yahoo mail, which is most of the day when I'm in the office. I don't think the program has run, just keeps placing itself in my downloads folder.
  16. After scanning using urlvoid.com, the website (superantispyware.com) contains malware by Quttera. Please answer if your website contains malware. I'm doubtful of using your product, even though I've used it many times, and detected, and removed spyware using your product.
  17. Hello, I am having lots of problems with ads popping up and slowing down my computer. They seem to originate in malware called Getprivate. I have tried various things to try to remove it but with no success: the Superantispyware removes the threats after a scan but they immediately reappear. I cannot identify the program in the Uninstall Programs option nor in the running processes in order to delete it. There seems to be much discussion recently on this malware on the web, but also with suspicious links, procedures and indications to scan computer with Spyhunter and then buy it. Help would be greatly appreciated! Quick scan log attached in case it is helpful. SUPERAntiSpyware Scan Log.pdf
  18. I keep getting pop ups and when I place my cursor anywhere on any page it creates a new tab with an ad. I ran SAS, and it found threats, but the problem still exists. I ran bitdefender and it found adware but it still happens.
  19. A couple of browser extensions that I did not willingly install and Superantispyware does not detect keep buggin me. These are called NettoCoUPaon en uNisaLess. They show popups and redirect my browser to unwanted pages. I removed them manually but they keep reappearing every time I restart the browser, be it Chrome, Firefox or IE (all latest versions). Is there a solution? Pierre
  20. I'd like to point your attention to a recent malware infection I suffered that SUPERAntiSpyware did not detect. The annoying PUP eDealspop was installed on my computer and could not be removed until I discovered that it had unwantedly (of course) changed my proxy settings. After changing them back manually, the annoying popups stopped. Maybe checking a change in proxy settings is a nice feature to ad in future versions of your great software.
  21. I need help ASAP please... My AVG has picked this thing up and secures it and it keeps coming back!!! Its destroying my resources and taking away user\admin rights and has restricted SEVERAL system files... I have looked in Registry but I dont know enough to make any changes with out find the exact name and file... Thanks for any help!!
  22. Hi, I am unable to sign out from some sites such as 'readingpack' (http://awesomescreenshot.com/03e3gwxl24) and can't scroll up and down in 'facebook'. google's malware specialists told me that this is due to some malware or spyware in my system. I used different antiviruses and some are caught by the malware itself. Today I have scanned using superantispyware for a number of times and found a malware which cannot be deleted. but I got some other malwares are deleted by your product. thanks for that. How can I completely delete or remove this spyware and enjoy my browsing activity? If you can help it is much appreciated. Thank you.
  23. When it comes to spreading malware and swindling money from the victims, cybercriminals have many ways to achieve their malicious goals. In recent years, cybercriminals have become increasingly inventive in terms of writing, designing, and distributing malware. In one of our previous blog posts, we discussed about ransomware and how it is being used by cybercriminals to extort money from its victims. In this blog post, we’ll discuss about a new type of malware called ‘Rogue security software’, which closely resembles ransomware, but follows a little different approach to attack its victims. [Read more...]
  24. My Pc has been crashing a few times recently.Not sure how this software called PC HealthBoost got installed but I always try to keep away from installing such fake softwares which ruin your system like anything.After installation of this software, a scan through this software showed me tons of problems and when i clicked on fix error button it fixed only few errors(I don't know whether it fixed or made my system more prone to other malwares like itself) and asked me to buy this bogus software. I am terrified and totally annoyed by this crap software. Please Help. Thank you.
  25. The modern malware landscape is huge, and it’s growing more and more sophisticated every day. In one of our previous blog posts, we discussed the different types of malware, their infection mechanisms and how they act within a system. Currently, there is one category of malware that is becoming increasingly more popular called “ransomwar.” In this blog post, we will discuss what ransomware is and what strategies and techniques are used in creating and propagating this latest trend in internet crime. http://www.superantispyware.com/blog/2013/08/all-you-need-to-know-about-ransomware/