ZaLtOn belongs to the Xorist ransomware family. It encrypts victims' files, renames them, changes the desktop wallpaper, displays a pop-up window and creates the "HOW TO DECRYPT FILES.txt" text file. ZaLtOn renames files by appending the ".ZaLtOn" extension to filenames. For example, "1.jpg" is r
ZipConvertAce is advertised as an archive manager, a program that compresses and extracts/zips and unzips files. In fact, its developers distribute it using dubious methods. Therefore, ZipConvertAce is categorized as a potentially unwanted application (PUA). Note also that the installer for ZipCon
msascuil.exe (or MSASCuiL.exe) is a legitimate file/process, which is a part of Microsoft Windows 10. This file can be found in the "C:\Program Files\Windows Defender" folder and is part of the Windows Defender user interface. The purpose of msascuil.exe is (or was) to display the Windows Defender
This deceptive website may appear similar to a legitimate survey from Amazon, however, the official Amazon company has nothing to do with this scam. Generally, scammers behind such web pages attempt to trick visitors into believing that, in return for participation in a survey, they can receive a
This ransomware was discovered by Marcelo Rivero. VAGGEN encrypts and renames files, changes desktop wallpaper, displays a pop-up window, and creates the "AboutYourFiles.txt" text file. This ransomware renames encrypted files by appending the ".VAGGEN" extension to filenames. For example, "1.jpg"
Smashtab is rogue software classified as a browser hijacker. Following successful installation, it makes changes to browser settings to promote smashtab.net (a fake search engine). Additionally, Smashtab has data tracking capabilities, which are used to monitor users' browsing activity. Due to th
Beijing is typical ransomware, which encrypts files, appends its extension to the filenames of all encrypted files, and creates a ransom message with instructions about how to contact the developers. Beijing renames encrypted files by appending the ".beijing" extension to filenames. For example,
Montana is a variant of LeakTheMall ransomware. This malicious program is designed to encrypt data and demand payment for decryption. During the encryption process, all affected files are appended with the ".montana" extension. For example, a file originally named something like "1.jpg" would appe
alltopposts[.]com and similar web pages should never be trusted. Typically, they are opened by browsers that have potentially unwanted applications (PUAs) installed on them, through deceptive ads, or other untrusted pages. In any case, users do not often open/visit these sites intentionally. Some
PDF Mighty is rogue software endorsed as a tool capable of converting files (e.g. Microsoft Office documents) into the PDF format, however, due to the dubious methods used to proliferate this application, it is classified as a Potentially Unwanted Application (PUA). One of the primary purposes of