Author Archives: Max Lehmann

Whether has hijacked your homepage or your New Tab page – or both – you cannot ignore this browser hijacker. In most cases, users acquire this suspicious hijacker by installing an extension that goes by the name “Speed Tester BRS.” Both the hijacker and the extension were created by Polarity Technologies Ltd. Have you downloaded the extension from an official website or the Chrome web store (if you are a Google Chrome user)? If you have, we would appreciate it if you shared information about this source in the comments section because, at the time of research, official installers did not exist. Of course, it does not mean that the hijacker is not spreading if an official installer does not exist. In fact, even if it existed, it is much more likely that users would use third-party sources. If you have downloaded the extension/hijacker using a third-party installer, it is very possible that other infections exist, and if they do, you must remove them immediately. Hopefully, that is not something you have to worry about because deleting is important as well. Read more »

Magic PC Cleaner

Magic PC Cleaner is one of those applications that come forth offering to clean your system and improve your computer’s performance. The problem is that such programs seldom live up to their promises. In fact, computer security experts always point out that system optimization tools usually just cause more harm, instead of actually fixing your system. If you happen to have Magic PC Cleaner installed, and you do not know how this program entered your PC, you should definitely remove it once and for all. While you are at it, check your computer for more applications that might have arrived uninvited. Read more »

If your all browsers load a new website when you launch them, it means that they have all been hijacked. Some users do not find the changes applied to their browsers a huge problem because they do not really care which search tool to use. We are sure they would care if they knew that is a browser hijacker which might cause a bunch of problems to them. The fact that it does not need permission to replace a default homepage immediately makes this search tool untrustworthy. Second, it has been noticed that it might perform other undesirable activities. For example, it might collect various details about users and present them with the modified search results, research carried out by specialists at has revealed. This does not sound dangerous at all, but we are sure you will change your opinion if you read this article till the very end. Read more »

Darkodercrypt0r Ransomware

Just by looking at the window represented by Darkodercrypt0r Ransomware, it becomes clear that the creator of this malicious infection is trying to copy Wana Decrypt0r Ransomware. Are you familiar with this infection? It is the one that has hit NHS, FedEx, and a bunch of other organizations in over 150 countries. Although, at first sight, it looks like Darkodercrypt0r is just as malicious, in reality, it does not compare. First of all, it appears that it is only capable of encrypting files found on the Desktop. Second, it seems like it only can encrypt .txt type files. Now, we cannot claim that this will not change with time; however, at this stage, the ransomware is not classified as a critical infection. That being said, it is crucial that you delete Darkodercrypt0r Ransomware from your PC immediately because you do not want to wait for it to be potentially upgraded. If you continue reading this report, you will learn how to remove the ransomware, as well as how to protect your operating system from the more dangerous infections that might attempt to slither into your PC in the future. Read more »

Boravid Extension

Boravid Extension is usually referred to as a potentially unwanted application although it claims to be very beneficial. Information available on its official website tells users that it will enable them to get the best Vimeo recordings, so it should not be very surprising that there are many users who download and install it deliberately from its official website or the Chrome Web store ( Of course, there are people who cannot explain why they have this Chrome extension installed too. No matter you have downloaded it willingly or it has sneaked onto your computer in a software bundle, you should know that it is advisable to remove this extension because it is not fully trustworthy and might perform undesirable activities. Read the next two paragraphs to find out why it has been classified as a potentially unwanted program and then make up your mind whether or not it can stay. We hope that you will arrive at a rational decision. Read more »

If you have noticed a change in your web browser's default settings, it could be a sign that your personal computer has a program called active on your PC. This application might seem like a useful tool at first. That is so because it is advertised as a tool that you need to have active on your personal computer if you wish to improve your online searches. While it might seem tempting to download and install this program, you should know that it is a suspicious search engine, which can ruin your online experience, to put it lightly. If that was not enough, you must also know that it could prove to be a major virtual threat because it might expose your operating system to suspicious and even potentially malicious websites. If you want to maintain a fully secure operating system at all times, do not take any chances with and conduct its complete removal as soon as it is found active on your PC. Read more »

Globalweather Ads

GlobalWeather Ads can annoy you and disrupt your usual browsing experience when a potentially unwanted program (PUP) called GlobalWeather manages to sneak onto your system. This PUP has no use or benefit at all; at least, not for you but the creators. It makes money by generating web traffic to websites that may not always be trustworthy. Thus, you can be presented with unreliable third-party web content, which could be the next step towards letting more PUPs and malware infections on board. Even if this PUP did not put your virtual security at risk indirectly, it would be best not to keep it on your system since it is totally useless. Therefore, we recommend that you remove GlobalWeather Ads, which we will explain late on. But first, let us tell you more about this PUP so that you be more aware next time you surf the web. Read more »

WanaCrypt0r Ransomware

If your operating system was not updated in the past months, WanaCrypt0r Ransomware could slither in without any warning. Although the vulnerability patch that is necessary to prevent this infection from entering the computer has been created in March 2017, many users have failed to install it, which is the main reason the malicious ransomware is spreading. Once it slithers in, it demands a ransom of $300 to be paid to one of three Bitcoin Addresses, which include 115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn, 12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw, and 13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94 (at the time of research, they had collected a staggering sum of $65,970.35, or 38.89 BTC). You are given 3 days to make a move, and that is a long period to think things through. The bad news is that the cyber crooks who have created this ransomware are not reliable, and so it would be naive to expect them to provide their victims with appropriate decryption keys in return for ransom payments. research team warns that it is most likely that your files are locked permanently, and there is nothing you can do to decrypt them. Despite that, you MUST remove WanaCrypt0r Ransomware. Read more »

Fatboy Ransomware

Fatboy Ransomware, also known as PyCL Ransomware, is a new RaaS ransomware discovered by malware analysts. It has fallen into the group of RaaS (Ransomware as a Service) ransomware because it is available for download somewhere on the DarkNet, and those people with bad intentions can easily personalize it, for example, decide upon a size of a ransom. Also, they are the ones responsible for distributing this ransomware-type infection too. At the time of writing, the infection rate of Fatboy Ransomware is quite low. Additionally, it seems that its C&C server is down and, in consequence, the ransomware infection cannot reach it. Because of this, at present, this threat does not encrypt any files, and there is no information about the amount of money or the Bitcoin address (it is necessary to know it to transfer money) provided to users. Unfortunately, we cannot guarantee that it is the end of the campaign. Specialists at say that this threat might steer itself in any direction, i.e. it might never revive or start working again in full swing soon. We hope that you are reading this article not because your PC is infected with a properly-working version of Fatboy Ransomware. If our worst fear has become a reality, i.e. you have discovered a ransomware infection on your computer, delete it without the slightest hesitation even if your files have been locked. Read more »

Nm4 Ransomware

Perhaps Nm4 Ransomware is not as dangerous as WannaCry Ransomware, but it is still one of the many malicious applications out there that want to rip you off. Also, it just proves how dire the situation is right now, and how “popular” ransomware programs are at the moment.

Unfortunately, there is no public tool at the moment that would help you restore the files affected by this infection, so the best way to solve this problem would be retrieving your files from a file backup. As for the ransomware removal, it is not that hard to delete Nm4 Ransomware from your PC. Read more »