Computer Security »

[18 Apr 2015 | No Comment | ]

Reset Search app is part of the Install Mac adware that can display adverts and pop-ups on your computer. Were you aware that even when you’re doing the most normal and mundane things that you do virtually every day you are putting you, and your computer, at serious risk of being infected by this adware?

When you’re online, no matter what you’re doing, you are in peril. You might be eagerly browsing vacation locations, killing time by reading celebrity gossip, updating your Facebook status or – who knows, even working! – but indulging in all these simple activities can wind up with your computer being infected. No longer are dodgy adult content websites, flashing wallpapers and illegal downloads the only places that can result in an infection, the most innocent of websites or downloads can too. And that’s something we all need to be aware of.

What exactly is “Reset Search” app?

It’s adware. Adware, as you may already know, is an amalgamation of the words ‘advertising supported software’ and although it is not the most deadly horse in the stable, it definitely is still very much a type of malware. In its simplest terms, Reset Search adware is a computer software program that displays adverts on your screen or monitor whenever you are connected to the internet. Some of these adverts are fairly easy to ignore yet others will be nightmarish pop-up adverts that won’t go away no matter how many times you close them.

Reset Search is more than just an annoyance

Adware at its most aggressive form is annoying, there is no doubt about that, however many people have a problem with the fact that it also spies on you by monitoring which websites you visit. It then collects this data and sends it to the Reset Search’s programmer or other third party. They are then able to customize the adverts that are being shown to you so that they more closely represent your interests. Obviously, this means you are more likely to then click on them, driving traffic – and potentially sales – to a website that is paying to use adware.

Adware is cunning!

For the most part, you won’t know if Reset Search app is installing itself on your machine, so how does it get there if you are not knowingly downloading it? It (and many other types of malware) are normally downloaded and installed in conjunction with another program. What that means is that if you have just installed an upgrade to your messenger app or downloaded some audio or video files, you may well have also downloaded some adware.

Adware can also infect you in a ‘drive by installation’ which occurs when you visit an infected website. So you see, as mentioned above, you really can be doing almost anything online and be putting yourself in harm’s way.

How do you prevent Reset Search installation?

Reference is often made to adware in software license agreements, so make sure you read those carefully when you’re downloading. You should also install a good anti-adware program. Reset Search app is annoying, an invasion of your privacy and can leave your security in tatters, increasing the chance of something even worse infecting you. Protect yourself, your Mac and your sanity before it’s too late.

If your computer is already infected and you don’t know how to remove Reset Search app, please follow the steps in the removal guide below. If you have any questions, please leave a comment down below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com

Reset Search App Removal Guide:

1. First of all, download anti-adware software and run a full system scan. It will detect and remove this adware from your Mac. You may then follow the manual removal instructions below to remove the leftover traces of this adware. Hopefully you won’t have to do that.

2. Quit the Reset Search, Genieo, Install Mac apps, if they are running. To do so, open Activity Monitor then click the CPU tab, then click Process Name at the top of that column to sort the list alphabetically.

Look for processes InstallMac’, Reset Search, Genieo. Select them, then click the Force Quit button. Quit Activity Monitor.

3. In the Finder, select Applicationsinstall.mac and put it into trash.

4. Move the following items to the trash as well. Some of them, including the Genieo application, may not be present; remove the ones that you do find.

/Applications/Genieo
/Applications/InstallMac
/Applications/Uninstall Genieo
/Applications/Uninstall IM Completer.app
~/Library/Application Support/com.genieoinnovation.Installer/
~/Library/Application Support/Genieo/
~/Library/LaunchAgents/com.genieo.completer.download.plist
~/Library/LaunchAgents/com.genieo.completer.update.plist
~/Library/LaunchAgents/com.genieo.completer.ltvbit.plist
~/Library/LaunchAgents/com.installer.completer.download.plist
~/Library/LaunchAgents/com.installer.completer.update.plist
~/Library/LaunchAgents/com.installer.completer.ltvbit.plist
/Library/LaunchAgents/com.genieoinnovation.macextension.plist
/Library/LaunchAgents/com.genieoinnovation.macextension.client.plist
/Library/LaunchAgents/com.genieo.engine.plist
/Library/LaunchAgents/com.genieo.completer.update.plist
/Library/LaunchDaemons/com.genieoinnovation.macextension.client.plist
/Library/PrivilegedHelperTools/com.genieoinnovation.macextension.client
/usr/lib/libgenkit.dylib
/usr/lib/libgenkitsa.dylib
/usr/lib/libimckit.dylib
/usr/lib/libimckitsa.dylib

5. Restart your Mac.

Computer Security »

[17 Apr 2015 | No Comment | ]

It’s no great secret only known to tech boffins or IT experts that the more time we spend online, the more chances we have of being infected by HELP_RESTORE_FILES.txt ransom virus (ransomware) which is very similar to the CryptoLocker ransomware. As anti-virus software gets increasingly sophisticated, so to do the yin to their yang: ransomware. It’s an endless cat and mouse game between good and evil – with us poor unfortunate internet uses stuck in the middle as unwilling pawns. What that really means for us is that we need to increasingly be on our guard if we are to prevent ourselves from falling victim to an infection or attack.

The problem is that with there being so many different varieties of malware that it can be hard to know what we need to do to stay safe online. Malware is created for different end purposes and has different traits and ways of operating so the best thing you can do to protect yourself is – as well as installing a great anti-virus program – to learn as much as possible about the different types. And in this instance, that is ransomware.

Ransomware is a strange one: one minute it’s everywhere, the next no one is talking about it – but one thing is for sure, it will rear its ugly head again at some point in the not too distant future. So, stay safe and learn a little more about ransomware now and give yourself a better chance of avoiding it the next time it’s doing the rounds.

A closer look at HELP_RESTORE_FILES.txt ransom virus

So what actually is ransomware? No prizes for guessing that it is a type of software program which has been designed to hold you – or more specifically your files or even your computer’s operating system – to ransom. Your data will be kidnapped and held hostage until you cough up some of your hard earned cash for its release. HELP_RESTORE_FILES.txt and other files have been identified only by a few anti-virus engines as malicious: TROJ_CRYPTESLA.CAG, Win32:Crypt-RXH [Trj], Win32/Filecoder.EM, Trojan.Agent.ED. Once installed, it encrypts your files, changes your desktop image and displays a red encryptor window saying “Your personal files are encrypted”. It installs itself for autorun at Windows startup, so you will get this message every time you turn on your computer. It also drops a few text files called HELP_RESTORE_FILES.txt with information on how to pay the ransom and restore your files. The text file reads:

All your documents, photos, databases and other important files have been encrypted
with strongest encryption RSA-2048 key, generated for this computer.

Private decryption key is stored on a secret Internet server and nobody can
decrypt your files until you pay and obtain the private key.

If you see the main encryptor red window, examine it and follow the instructions.
Otherwise, it seems that you or your antivirus deleted the encryptor program.
Now you have the last chance to decrypt your files.

Open [edited] or [edited] in your browser.
They are public gates to the secret server.
Copy and paste the following Bitcoin address in the input form on server. Avoid misprints.
[edited]
Follow the instructions on the server.

If you have problems with gates, use direct connection:
1. Download Tor Browser from [edited]
2. In the Tor Browser open the [edited]
Note that this server is available via Tor Browser only.
Retry in 1 hour if site is not reachable.
Copy and paste the following Bitcoin address in the input form on server. Avoid misprints.
[edited]
Follow the instructions on the server.

What is more, HELP_RESTORE_FILES.txt ransom virus preforms some HTTP requests and connects to TOR hidden services through Tor2Web. It even creates an alternative data stream.

Okay, I definitely want to avoid this happening to me. How do I get infected?

This is something that ransomware does actually have in common with its other malware buddies. You will either become infected by downloading an app or program that has HELP_RESTORE_FILES.txt ransomware bundled with it, if you’ve visited an infected website, or if you open an attachment or click on a link that has been sent via email or in a chat app in a deliberate attempt to infect you.

What will happen if I’ve been infected by this ransomware?

First of all you’ll find that you are not able to open a specific document, program or file; they’ve been held to ransom. Of course, just like in the story books of our childhoods, the kidnapper will then send you a ransom letter which is just a plain text document HELP_RESTORE_FILES.txt. Rather than being written in blood or cut out of a newspaper, this ransom note will be in the form of an email or displayed on your computer’s screen.

So what do you do? Try not to panic – and definitely do NOT pay any money unless you don’t have a choice and those files are very very important to you. In order to retrieve at least some of your files and remove this ransom virus from your computer, please follow the steps in the removal guide below. If you backup your files regularly then there won’t be any difficulties. If you don’t have any backups then you can try Windows previous file version tool or Shadow Explorer. If you have any questions, please leave a comment down below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com

Step 1: Removing ransom virus and related malware:

Before restoring your files from shadow copies, make sure HELP_RESTORE_FILES.txt virus is not running. You have to remove this malware permanently. Thankfully, there are a couple of anti-malware programs that will effectively detect and remove this malware from your computer.

1. First of all, download and install recommended anti-malware scanner. Run a full system scan and remove detected malware.

>
2. Then, download ESET Online Scanner and run a second scan to make sure there are no other malware running on your computer.

That’s it! Your computer should be clean now and you can safely restore your files. Proceed to Step 2.

Step 2: Restoring files encrypted by ransom virus:

Method 1: The first and best method is to restore your files from a recent backup. If you have been regularly performing backups, then you should use your backups to restore your files.

Method 2: Try to restore previous versions of files using Windows folder tools. To learn more, please read Previous versions of files.

Method 3: Using the Shadow Volume Copies:

1. Download and install Shadow Explorer. Note, this tool is available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8.

2. Open Shadow Explorer. From the drop down list you can select from one of the available point-in-time Shadow Copies. Select drive and the latest date that you wish to restore from.

3. Righ-click any encrypted file or entire folder and Export it. You will then be prompted as to where you would like to restore the contents of the folder to.

Hopefully, this will help you to restore all encrypted files or at least some of them.

Computer Security »

[17 Apr 2015 | No Comment | ]

In case you suddenly start seeing all kinds of advertising materials brought to you by CouponsMachine, it is possible that the application was accidentally installed on your PC. In other cases, users may willingly download CouponsMachine because they were led to believe that this is a useful application that might bring their online shopping to [...]

Computer Security »

[17 Apr 2015 | No Comment | ]

In case your web browser suddenly starts displaying annoying pop-ups from Statiecedj.click asking you to download and install a particular software update, you are not advised to do so. Typically, adware infections might lead to experiencing annoying pop-up windows that disrupt your online activities. Pop-ups from Statiecedj.click are considered unreliable and clicking on the pop-up [...]

Computer Security »

[17 Apr 2015 | No Comment | ]

Primary Color is one of those Potentially Unwanted Programs (PUPs) that exhibits adware capabilities. Habitually, a PUP such as Primary Color is not going to mess up your entire PC. Yet, Primary Color is not as useful as it’s advertised. Users may find Primary Color bundled with other free apps or download it themselves. Computer [...]

Computer Security »

[17 Apr 2015 | No Comment | ]

Chromevideo.ninja is a pop-up window that is typically caused by installing adware. In general, an adware infection occurs when users are not attentive enough during the installation process of free apps. It is also possible that the user was misled to believe that a certain application provides more than it does. In any case, an [...]

Computer Security »

[17 Apr 2015 | No Comment | ]

KeepersExt is yet another adware browser extension that might promise you to ensure your browsing experience is enhanced to the maximum. At first glance, KeepersExt may seem like a useful addition to your web browser, but in reality, it is employed as a monetization platform. Habitually, adware applications such as KeepersExt try to mislead users [...]

Computer Security »

[17 Apr 2015 | No Comment | ]

DiscountSmasher is adware that claims to provide users with products and deals around the Web. At first glance, DiscountSmasher might try to convince you that the best deals are going to be brought to you. In reality, all the ads and deals by DiscountSmasher are based on your IP address, browsing history, and habits. In [...]

Computer Security »

[17 Apr 2015 | No Comment | ]

Virus-scanner3.biz is an adware-related domain that is known to appear as a pop-up page within your web browsers. If your PC suddenly starts displaying a pop-up from virus-scanner3.biz, it is highly likely that your computer is infected with adware. Customarily, adware applications are distributed using questionable marketing methods. It is possible that you have installed [...]

Computer Security »

[17 Apr 2015 | No Comment | ]

AutoDealsApp is an adware browser add-on that misleads users into installing it. Typically, users may find AutoDealsApp bundled with another free application such as Media Player or codec packs. Adware creators have developed AutoDealsApp extension to make revenues by displaying deals and offers. Typically, there is a choice whether to install AutoDealsApp alongside the other [...]

website statistics