THOR Locky Ransomware

.Thor Virus

THOR is the newest manifestation of the much feared Locky Ransomware. With the latest version of these malicious programs being released under the name of .Thor Virus, the Ransomware family has gotten even bigger and the danger it represents to all internet users is growing at an ever increasing rate. Once Thor gets inside your machine, it locks all your files via the method of encryption and requires you to pay ransom if you want to make the data accessible once more. No one is safe from Ransomware and due to its high effectiveness and extremely low risk for the cyber-criminals that are using it, it is sure to remain a major issue for quite some time.

Understanding Ransomware

Unlike other malicious programs, typical Ransomware would not harm neither your system, nor your files. The means it uses to lock your files is the method of encryption, which is, in fact, not an actual malicious process. Many programs that are legit use encryption on their files. Therefore, it is often impossible for anti-virus programs to tell the difference between a Ransomware encryption and one coming from a non-malicious piece of software. This devious strategy is what enables viruses like .Thor to remain under the radar of the user, right up until all the important data has been locked by the Ransomware code and the user is left with very few possible courses of action.

During the encryption process

As we said, anti-virus software might often prove to be ineffective against spotting a Ransomware threat. Therefore, you need to learn how you can manually detect the encryption process and potentially intercept it. First of all, understand that the process of encryption can take quite some time, because the virus first needs to make a copy of all targeted files. It is actually the copies that have been locked by the virus code. Once this is done, the original files get deleted and you are left with a pile of inaccessible data. If .Thor is still not done with locking your documents, you can notice its presence by paying close attention to the behavior of your machine and the system resources that are being used. If you see that unusually high amounts of RAM, CPU and hard-drive space are being used along with a general PC slowdown, it might be worth shutting your PC down and bringing it to an IT professional. Note that if there is in fact a Ransomware infection, all devices connected to your machine might get attacked by the virus as well, so make sure there is nothing connected to your PC if you suspect that there’s something malicious going on.

After the encryption

Most users do not notice anything before it’s already too late. In fact, after .Thor is done locking your data, it will probably display a message on your screen demanding a ransom payment if you want to get the decryption key and be able to access your files once again. If that is your current case, we need to tell you that paying the ransom is usually a very bad idea. Not only is there no way to know if you’ll actually be sent the key, but you would also be encouraging the hacker to keep on terrorizing more users. Therefore, what we would advise you to do is to give our Ransomware removal guide a try. While due to the specific nature of Ransomware viruses we cannot guarantee that it will fix everything, it is still a much better alternative to the ransom payment.

Battling Ransomware

As stated above, the Ransomware virus family is bound to get bigger and scarier. Thus, we must make sure that our readers are well informed on how to protect their computers from any future infections:

  • Equip your PC with the latest high-quality anti-virus software and detection tools. Keep in mind that oftentimes Ransomware viruses can get inside your system with the help of some other malicious program such as a Trojan Horse.
  • Make sure to back-up your data. This is a very effective way to neutralize any potential Ransomware infections.
  • Avoid illegal or shady-looking sites. Download stuff only from reliable sources. Do not open any spam letters or suspicious hyperlinks – those are some of the most frequently employed methods for distributing harmful software.

Anti Adware miss most Malware

Anti Adware Solutions miss most disruptive Malware

By Brian Livingston

Now that 80% of home PCs in the U.S. are infected with Adware and Spy-ware, according to one study; it turns out that nearly every anti-Adware application on the market catches less than half of the bad stuff.

ware tests conducted recently by Eric Howes, an instructor at the AdThat's the conclusion of a remarkably comprehensive series of anti University of Illinois.

Howes, a well-known researcher among PC security professionals, collected 20 different anti Adware applications. He then infected a fresh install of Windows 2000 SP4 and Office 2000 SP3 with several dozen Adware programs in separate stages. Finally, he counted how many active Ad-ware components were removed by each anti Adware product.

(Note: I use the single term "Adware" in this article to refer to both "Adware" and "Spyware." Since it's not necessary for a Spyware program to "call home" to be disruptive, the distinction between Adware and Spyware is meaningless. All such programs display ads or generate revenue for the Adware maker in some other way. )

Unbelievably, however, none of these commentators bothered to print a simple chart showing which anti Adware application did the best job at removing the unwanted components. Even Howes himself hasn't posted such a summary. In a telephone interview, Howes exhibited both modesty and perfectionism, implying that his work wasn't yet done to his satisfaction — despite the fact that his tests are some of the most extensive I've ever seen.

The test results sprawl over six long Web pages, with no overall totals or summary of the figures. It's a daunting body of data, but its bottom line is explosive. Ad-ware seems to be evolving much faster than anti Adware, and the battle is so far being won by the Adware side.

For this issue of the Windows Secrets Newsletter, therefore, I've complied Howes's figures into a straightforward chart, shown below. I removed five products that didn't complete all of Howes's tests for a variety of reasons. What's left is a revealing rating, from the top to the bottom of the anti-Ad-ware heap.

Each anti-Adware application, according to Howe, removed a certain percentage of "critical" Adware components. These are executable .exe and .com files, dynamic link library (.dll) files, and Windows Registry entries (autorun commands and the like).

Almost all the anti-Ad-ware programs that were tested removed fewer than half of the hundreds of Adware components Howes cataloged.

How to defend Yourself against Adware
First, let me make my opinion clear: The installation of Adware should be illegal and harshly punished. Ad-ware has exploded because it offers big economic incentives for its sponsors. They'll never adequately inform PC users about their software before it's installed. This troubling aspect of Adware will never be wished away.

Only software that a PC user specifically consents to should legally be able to install — and "end-user license agreements" that stretch off the screen should never be counted as consent. (This isn't a knock on "ad-supported software," such as the Opera browser. Such legitimate software is clearly integrated with its advertising and makes it easy to shut off the ads by registering.)

In reality, today's tech-illiterate legislatures will never ban Adware — if they could even think of an effective legal approach to do so. We need to engage the battle on a technical level instead.

“Antivirus Pro” is fake virus protection

How Did “Antivirus Pro 201x” Infect My PC?

There's actually a number of ways this annoying/dangerous little bugger got on to your PC, but the most common, is from downloading & sharing music from torrent related websites, or visiting other sites that ask you to install javascripts to watch certain videos etc. Plainly put, Spyware creators are smart and its a hard job to defend yourself at all times, when you don't even know where to start.

Antivirus Pro is a fake antivirus program (rogue antispyware software). Antivirus Pro 201x uses system warnings and alerts, pop-ups, false scan results in order to trick you into buying the software. The scareware does not offer any protection to computer!

Once Antivirus Pro 201x installed, it will automatically start every time Windows is started. Once running, Antivirus Pro 201x will scan your computer and display false scan results that state the PC is infected with a lot of Trojans and viruses. All these scan results are fake! These infections do not exist on your computer, so you can safely ignore them.


When Antivirus Pro 201x is running your PC will show fake security alerts from Windows taskbar and nag screens. Some of the alerts:

Trojan detected!
A piece of malicious code was found in your system which can replicate itself if no action taken. Click here to have your system cleaned by Antivirus Pro 201x.

Privacy alert!
Your system was found to be infected with intercepting programs. These can log your activity and damage your privacy. Click here for Antivirus Pro 201x spyware removal. Also the program will display fake Windows
Security Center that will recommend you use Antivirus Pro 201x.

What are Superfish?

Superfish and its certificate may be on PC

What are Superfish and why are they so dangerous?

Superfish is a piece of software that PC Retailers admitted to pre-installing on many of its laptops and PCs to "enhance the shopping experience" of its users. However, the U.S. Computer Emergency Readiness Team calls Superfish a "man-in-the-middle attack" because of how it "intercepts users' web traffic to provide targeted advertisements."

Superfish snoops in on your web browsing and secretly slips ads into webpages. But the really dangerous part is that it's pre-installed with root certificate authority, which allows it to impersonate any server's security certificate.

If this certificate is compromised by hackers, you could be tricked into logging in to a fake website and giving hackers your password. Because of Superfish, any of your accounts, including encrypted bank accounts, could be easily compromised.

Will restoring from a backup help?

Superfish is pre-installed by PC Retailer. Therefore, restoring your computer to factory condition from either a backup partition or a backup DVD will not solve the problem if Superfish is also part of your backup. Superfish would only be reinstalled, too. So if you ever use a backup to restore your system, you may need to again remove Superfish and its root security certificate from your system.

All Acer laptops and PCs have malware pre-loaded which must be removed before windows updates can install. According to Lenovo, Superfish may have been pre-installed on the following models:

E Series:         E10-30

G Series:         G410, G510, G710, G40-70, G50-70, G40-30, G50-30, G40-45, G50-45, G40-80

S Series:         S310, S410, S40-70, S415, S415Touch, S435, S20-30, S20-30Touch

U Series:         U330P, U430P, U330Touch, U430Touch, U530Touch

Y Series:         Y430P, Y40-70, Y50-70, Y40-80, Y70-70

Z Series:          Z40-75, Z50-75, Z40-70, Z50-70, Z70-80

Edge Series: Edge 15

Flex Series:     Flex2 14D, Flex2 15D, Flex2 14, Flex2 15, Flex2 Pro, Flex 10


MIIX Series: MIIX2-8, MIIX2-10, MIIX2-11, MIIX 3 1030

YOGA Series: YOGA2Pro-13, YOGA2-13, YOGA2-11, YOGA3 Pro

Remote control of your computer

Phone Scam via remote login to your PC

If anyone calls you on the phone and claims there from Microsoft or McAfee or Nortons (etc)… Well their not! Scammers and telemarketers use the legitimate company names to gain your trust. Believe me when I say no company has the money to employ hundreds (100s) of operators to help random customers over the phone. If anyone calls YOU on the phone, it is for their benefit not yours. If any phone call gets to a point there the CALLER wants to login to YOUR computer, DON'T DO IT!


Example: Lets say you forgot your Email password for YAHOO, AOL, Gmail, MSN, HOTMAIL, or any other FREE Email account. You find a phone number on the internet that claims to be customer support for one of these free subscribers, and you call it. The person that answers the phone may have a foreign acsent (first sign of a scam) but aggrees to help you if they can login to your computer.

  1. NO password reset requires remote access to your computer! Legitimate companies like ATT, TWC, Comcast, Frontier, Verizon, Bell South will never need access to your PC. If they do; you have called a wrong number and are being spoofed.
  2. Free Email accounts do not come with Customer Support! Think for a second; who is paying these people if the service is free.
Tagged with: ,