Find the Best solution for PC threats

Category: Cyber Security

A Fake version of MinerBlock Extension plays video within background

Security Alert!! A Fake version of MinerBlock Extension is out…

MinerBlock extension is a legitimate chrome browser extension that is used to block websites that mines cryptocurrency using the built in browser feature. The developer of MinerBlock extension is CryptoMineDev which can be download from chrome web store.

Legitimate MinerBlock Extension


But the security researchers have found a malicious version of the legitimate MinerBlock extension that causes troubles to the users. While the fake extension appears to be similar but it repeatedly keeps on playing videos within the background. The fake version is from egopastor2016 developer. User may get confused or accidentally may download the fake one as they both appear to be same but the main difference is the logo.

Fake MinerBlock Extension

However, the main goals of the fake version is not confirmed yet, but can be used to generate fake traffic by connecting to third-party URLs and playing the videos. Clicking on such videos or clicks could redirect users to linked pages that could download harmful contents on the computer system or device. The fake MinerBlock extension once mounted to the browser will connect to “” and fetch instructions to execute. The instructions could guide which site to connect and at which videos to be played. The played videos are from various Russian video sites. Playing videos constantly consumes 100% CPU power and when it finishes to counts to “0”.
So users, who had unknowingly downloaded the fake version of MinerBlock extension, should quickly choose to uninstall it.

How To Uninstall Fake MinerBlock Extension

For uninstalling you need to go to Chrome’s settings then choose Manage extensions and right-clicking on its icon and select remove.
Users are advised to be very careful while downloading any extension, as this has become a common trick to imitate legitimate programs and distribute over the web. We also recommend you to run a scan to your computer as it detect and remove any traces of malicious programs hidden inside as they could cause issues on your device.


How to Remove W32.Qakbot!gen12 Trojan virus

W32.Qakbot!gen12 can steal away all your private data…know more about this threat…

W32.Qakbot!gen12“W32.Qakbot!gen12” is a risky Trojan virus that once dropped inside the PC manages to steal data without the consent of users. It forcibly shuts down the firewall and the other active anti-virus programs. Together with that, W32.Qakbot!gen12 Trojan virus also changes network settings so as to allow malicious programs like rootkit to hook within the PC and record all keystrokes of the user. It mainly targets the financial data, important logins/passwords of banking accounts and social account activities. These collected data are then sent to remote server for performing evil tasks. It is recommended to delete W32.Qakbot!gen12 Trojan virus as soon as possible.



‘Better History’ – Another Tricking browser extension that found to be hijacking Chrome browser with Ads

“Better History 3.9.8” can silently hijack your browser and snip away all personal data

Web browser extensions is normally designed to enhance our surfing experience and ease the task by providing helpful tools and utilities. But surprisingly many cyber offenders using this trick to cheat users and snip away all important information from their PC.


Yet another browser extension that is now-a-days cheating novice users is “Better History” that claims to provide various filter options to have a better view of the browsing history. Sources says that, Users who have recently updated version of “Better History 3.9.8” have been reported to asking additional permission to “read and change all your data on the websites you visit.” Once updating, “Better History” is causing severe redirections through service where users are forced to see lots of advertisements and pop-ups which further pronounced to make money by clicks and impressions on those ads.


The previous versions of “Better History” extensions were very popular chrome extension for having a clear vision of adding extra filters for browser history access. But now with its latest version out in the market, is causing hijacking issues and driving away all the important data from the background. Thus, users choose to uninstall the “Better History” extensions as soon as possible.


Users may not be aware that, “Better History” is been sold to another unnamed company by its owner two months ago since version 3.9.5. Calculating the issues of hijacking and redirections, the new owner may be the culprit of all these. Due to many complaints against the new version of “Better History” that is 3.9.8, Google has removed it from their store.


Now a days, unwanted Browser extensions have become the main cause of browser hijacking, malware invasion and data stealing. Thus, computer users are advised to be more cautious while downloading any third party applications. As it can take your privacy at huge risk. If you have “Better History 3.9.8” still installed on your computer then quickly go for complete removal of this annoying web extension.

Read more about Adware/Unwanted Program

KeRanger has emerged out as the First Mac OS X ransomware

OSX.Keranger Detected on Mac OS X on March 5, 2016

Threat Defination

KeRanger is first detected on March 5, 2016 on Mac OS X users through downloading compromised version of the installer for the Transmission BitTorrent client. Thus, OSX.Keranger is the new malware that is targeting users of Mac OS X operating system.



The behavior of KeRanger ransomware is similar to that of TeslaCrypt ransomware designed for windows based OS. After getting inside the target Mac OS X PC, KeRanger ransomware will scan through the PC to find important files of more than 250 extensions and encrypts them. After encrypting the files, it then displays the warning message that the victim should pay 1 bitcoin (approximately US$408). The ransomware drops a file that contains the instructions on how to pay the ransom. It is usually done through an unknown TOR network.
KeRanger Ransomware is able to bypass OS X’s Gatekeeper which is a useful MAC utility to block unwanted software programs trying to intrude from untrusted sources.

Potential Risk Involved

Since KeRanger malware has only one way to compromise the Mac OS X by malicious software, but the attackers are roaming out to find the other ways for spreading the first ever Mac OS X Ransomware KeRanger. If this attempt gets successful, then it will encourage the makers of such threats to design more number of them.

Precautions on preventing Ransomware attacks.

  • Users must keep their operating system and other recommended software up-to-date. This will fill the vulnerabilities that could compromise the software and attackers could not be able to find any flaws to get inside.
  • Keep a regular back up of your important files stored on your computer. Thus, if your computer gets infected with ransomware, those can be restored once the malware has been removed.
  • Always keep your security software up to date to protect yourself against any new variants of malware.
  • Do not open ant suspicious mail or its attachments, ignore clicking on untrusted websites or links.

How to detect OSX.Keranger on the Mac PC

It is strongly suggests that all Transmission BitTorrent app users should check whether their Macs have been infected with the aforementioned ransomware. We strongly recommend following the steps below.

  1. Use the Finder or Terminal to determine whether any of the paths exist:
    • /Applications/ General.rtf or
    • /Volumes/Transmission/ General.rtf exist.
    If you find any of the above mentioned paths, delete the Transmission application as soon as possible.
  2. Open the Activity Monitor utility and check if any process called “kernel_service” is running.

Double check each process, click “Open Files and Ports” and make sure that you don’t see“/Users/<username>/Library/kernel_service”. That’s the main process of KeRanger, so in case you have it running, choose“Quit > Force Quit”.

Check the “.kernel_pid”, “.kernel_time”, “.kernel_complete”, and “kernel_service” files in the ~/Library folder. If you locate any of these, delete them.

Note: If you are not aware of the internal structures of the files then, please do not attempt the manual instructions as it could harm other files on the computer.

  1. Scan the PC with the MacKeeper Scanner to detect the threat  and clean it completely from the PC.
  2. To restore the corrupted files Stellar Macintosh Data Recovery

DROWN Attacks left more than 11 million of the open Https domains vulnerable


DROWN stands for “Decrypting RSA with Obsolete and Weakened eNcryption.”

Is a new vulnerability that could risk the open SSLv2 websites more prone to be decrypted. This means that your crucial data including bank logins, passwords and email accounts could be at risk. The DROWN is actually attacking the loopholes of the SSLv2 certificate servers against the TLS and decrypt the collected data from the attacked servers. The report state that 25% of the top most website could be attacked by DROWN which includes Yahoo, BuzzFeed, Flickr and Samsung.

“We’ve been able to execute the attack against OpenSSL versions that are vulnerable to CVE-2016-0703 in under a minute using a single PC. Even for servers that do not have these particular bugs, the general variant of the attack, which works against any SSLv2 server, can be conducted in under 8 hours at a total cost of $440.”

“You’re just as much at risk if your site’s certificate or key is used anywhere else on a server that does support SSLv2,” security researchers noted. “Common examples include SMTP, IMAP, and POP mail servers, and secondary HTTPS servers used for specific web applications.”

SSLv2 certificate has been offered since 90s and noted to be vulnerable to get years, so most servers now use a distinct protocol. Nevertheless, it’s right now emerged that even permitting SSLv2 is actually a threat to modern servers and consumers.

The DROWN website details to the weakening of cryptography by US federal government policies in recent years, causing the third main internet security vulnerability in a year following FREAK and Logjam.

To find out more about the DROWN attack or check is your site vulnerable then visit DROWN Attack.

If your website is found to be vulnerable, then without any delay take preventive measures immediately.

How to prevent against DROWN attack

“To protect against the attack, server operators need to make sure that their private connections are not used anywhere with server software which allows SSLv2 connections,” matching to the FAQ upon the DROWN website. “This includes web servers, SMTP servers, IMAP and POP servers, and some different software that supports SSL/TLS. ”Although, there is assurance that cybercriminals are taking the advantage of SSlv2 vulnerability but it is important to take precautions as such thing could happen.

A Rise against Progressive Malware attacks-Now It’s time to Go further than Just protecting your PC with Antivirus

cyber safetyThe days are now gone when we thought that if we have an Anti-virus installed, we are ready fight against cyber threats. The world of cyber-crimes is being much advanced and much evil minded then just to infect the PC. As new technologies of accessing Internet have been diversified, the malware creators are becoming more vigorous and eager to attack our PC. It is a matter of concern for all internet users and we should take it is a challenge to spread the word among users widely.


Welcome To, we will provide users with latest news and information about computer threats like Adware, Spyware, Trojan, Browser Hijacker and Ransomeware. Here at, you will get all minute information about latest threats and manual removal instructions. We Hope our guides and articles help you troubleshoot your PC issues.

TotalSystemSecurity © 2015-2018