2018 has been a very busy year at the level of viruses and malware. Do you want to know some of the most destructive of this year? Do not stop reading. I will reveal five.
We left 2018, a year that, unfortunately, we can not say that the presence of viruses and malware has been small. The techniques continue to be perfected and cybercriminals do not rest for a second to achieve the ir purposes. In the best case, get the identity of the user and get sensitive data, such as email and bank card number. To all this we must add that your goal is no longer focused only on computers. For several years, mobile devices, with the Android system at the helm, are an easy target, especially through malicious apps.
1. CrossRAT
CrossRAT, a Trojan type RAT (remote access Trojan for its acronym in English) able to enter without problem in any type of operating system, including Linux or macOS. Once the victim falls on the hook, he begins to control his system, take screenshots, as well as steal personal data (including passwords and bank details). In addition, it gives the possibility to the cybercriminal to connect to the computer remotely.
The real problem with CrossRAT, and what makes it completely dangerous, is that it is a very difficult Trojan to detect. To all this we must add that it has advanced mechanisms that not only allow you to circumvent the antivirus, but also to install itself in the system. permanently. In this way, even if the main file is deleted, the threat is still present.
If you want to know if your Windows system is infected by this Trojan, you just have to check if in the registry path "HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run \" you find the following entry "java, -jar or mediamgrs. jar ". In macOS you should find a JAR file in the "~ / Library" directory. Finally, in Linux a similar file in the path "/ usr / var".
solutions
Usually, manual removal requires time and the risk of damaging your files if you are not careful!
I recommend to scan your PC with symantec endpoint
Keep in mind, that the Symantec scanner is only for malware detection. If symantec endpoint detects malware on your PC, run the debugging without any mishap.
2. BackSwap
In recent years, banking malware (better known as "Bankers") has been declining due, above all, to the rise of ransomware. However, this year a new type of Banker emerged, discovered by researchers, baptized as BackSwap. This new malware is not only able to escape to a large part of the antivirus, since it does not use a code injection process like its predecessors, its method is also so easy that you do not need to know much about Windows to implement it in attacks .
The malware simplifies the injection process by monitoring the message loop of the Windows windows system and injects the code into the browser's JavaScript console at the moment it detects that the victim has connected to the bank's page. Although initially the malware was distributed through spam campaigns aimed exclusively at Polish users, at the end of August it began to do its own in Spain.and in certain parts of the world.
solutions
Complete the manual process To Delete Trojan.BackSwap De Compromised OS
Process 1. Know how to Restart your OS In safe mode with networks To Delete Trojan.BackSwap
Process 2. Delete Registry Entries created by Trojan.BackSwap
Process 3. Delete Trojan.BackSwap Malicious Processes from the Windows Task Manager
Process 4. Delete Trojan.BackSwap From Browsers
Process 5. Delete Trojan.BackSwap From the Windows control panel
Process 6. Reseting Browsers To Delete Trojan.BackSwap Easily
3. Typeframe
Directly from North Korea, one of the most controversial places on the planet, came Typeframe, a new type of malware, designed to wreak havoc on any computer you enter. This virus is capable of downloading and installing additional malware such as Trojans and proxies, as well as making changes in the way antivirus or firewalls act to connect to the servers of hackers and obey their orders.
It is a very common malware profile, just like the popular Wannacry, which is thought to have also arrived from this country. Wannacry caused real headaches all over the world, especially in Ukraine and Russia.and other parts of the world
solutions win 10
Step 1: Delete Typeframe Malware related files in hidden folders as indicated
% Temp% \ [adware name]
% AppData% \ [adware name]
% LocalAppData% \ [adware name]
% LocalAppData% \ [adware name] .exe
% CommonAppData% \ [adware name]
% AllUsersProfile% random.exe
Step 2: On the Win 10 screen, click on the Start Menu and select All apps.This will show the entire list of applications installed in Win 10, Find Typeframe Malware or any other suspicious program in the list. Right click on the selected item to uninstall it.
4. Virobot
discovered in September Virobot, a threat of type ransomware, that encrypts all the files that are in the equipment of the victims to demand an economic rescue. In this way, the only solution to recover the files is to pay the amount indicated by the cybercriminals. However, in many cases the payment is not worth anything, because they finally end without returning them. Virobot encrypts the computer and sends a rescue message, which requires about $ 520 in bitcoin. The truth is that while the computer is blocked, the virus is also made with the command of Microsoft Outlook to send email messages to the contact list of the victim. These are spam messages that also include a copy of Virobot. The objective is more than evident: to expand to as many people as possible. The files pointed to by Virobot usually have the following extensions, so the threat usually goes unnoticed: TXT, DOC, DOCX, XLS, XLSX, PPT, PPTX, ODT, JPG, PNG, CSV, SQL, MDB, SLN, PHP, ASP, ASPX, HTML, XML, SWP, PSD and PDF.
solutions
Maximize your security power on your PC because it is a powerful virus normally imperceptible for almost all antivirus
5. Osiris
After spending a few years lethargic, Kronos returned to the scene last July renamed Osiris. It is a highly dangerous banking Trojan, which, moreover, now does it with more force. Osiris has been sent in phishing campaigns via email, from where, on the other hand, they send Word documents specially designed for the occasion. The new Kronos update uses Anti-VM or Anti-Sandbox mechanisms to avoid the detection of any type of antivirus. It is also capable of reducing browser security to inject malicious code into web pages.
It should be noted that Osiris can copy itself in different locations on our computer, as well as shortcuts in the home folder. Today it is marketed in the deep web at a fairly high price. It has been located at about 6,000 euros to change
solutions
Use ghost volume copies In case you do not know, the operating system creates so-called ghost volume copies of all the files while the system restore is activated on the computer. As restore points are created at specific intervals, screenshots of the files are also generated as they appear at that moment. Keep in mind that this method does not ensure the recovery of the latest version of your files. However, it is worth trying. This workflow can be done in two ways: Manually and through the use of an automatic solution. Let's take a look at the manual process first.
Use the previous versions
The Windows operating system provides an integrated option to recover previous versions of the files. That can also be applied to folders. Simply right click on a file or folder, select Properties and click the tab called Previous Versions. Within the versions area, you will see the list of backup copies of the file / folder, with its respective time and with the indication of the date. Select the last entry and click Copy if you want to restore the object to a new location that you can specify. If you click on the Restore button, the item will be restored to its original location.
verify if the Osiris / Locky ramsomware has been completely removed
Again, removing malware on its own does not lead to the deciphering of your personal files. The methods of restoring data highlighted above may or may not help, but the ramsomware itself is no longer within your computer. Incidentally, it usually comes with other malware, which is why it makes sense to repeatedly scan the system with automatic security software to make sure that no harmful debris remains of this virus or its associated threats within the Windows Registry and other locations
possibly you as my person get bored of our security system at the moment of playing any online game or entering pages that our antivirus or firewall prevents us and we deactivate it. and is a mistake that commits a high percentage of the population from the richest to the poorest are not exempt from a bad attack. after having burned 3 hard drives for the responsibility of the viruses I learned !!! that it is always necessary to have our defense. it sounds trite because I mention it a lot but until now the one that has given me satisfaction at the moment of protection has been symantec endpoint. I hope you are well and enjoy your week if nothing more to say. affectionately says goodbye to his beloved neighbor krossfox