Latest Microsoft Update Patches New Windows 0-Day Under Active Attack
With its latest and last Patch Tuesday for 2019, Microsoft is warning billions of its users of a new Windows zero-day vulnerability that attackers are actively exploiting in the wild in combination with a Chrome exploit to take remote control over vulnerable computers.
Snatch Ransomware Reboots Windows in Safe Mode to Bypass Antivirus
Cybersecurity researchers have spotted a new variant of the Snatch ransomware that first reboots infected Windows computers into Safe Mode and only then encrypts victims' files to avoid antivirus detection.
Avast and AVG Browser Extensions Spying On Chrome and Firefox Users
If your Firefox or Chrome browser has any of the below-listed four extensions offered by Avast and its subsidiary AVG installed, you should disable or remove them as soon as possible; Avast Online Security, AVG Online Security,Avast SafePrice and AVG SafePrice.
Malicious Android SDKs Caught Accessing Facebook and Twitter Users Data
Two third-party software development kits integrated by over hundreds of thousands of Android apps have been caught holding unauthorized access to users' data associated with their connected social media accounts.
First Cyber Attack 'Mass Exploiting' BlueKeep RDP Flaw Spotted in the Wild
Cybersecurity researchers have spotted a new cyberattack that is believed to be the very first but an amateur attempt to weaponize the infamous BlueKeep RDP vulnerability in the wild to mass compromise vulnerable systems for cryptocurrency mining.
Mysterious malware that re-installs itself infected over 45,000 Android Phones
Over the past few months, hundreds of Android users have been complaining online of a new piece of mysterious malware that hides on the infected devices and can reportedly reinstall itself even after users delete it, or factory reset their devices.
New PHP Flaw Could Let Attackers Hack Sites Running On Nginx Servers
If you're running any PHP based website on NGINX server and have PHP-FPM feature enabled for better performance, then beware of a newly disclosed vulnerability that could allow unauthorized attackers to hack your website server remotely.
Stealthy Microsoft SQL Server Backdoor Malware Spotted in the Wild
Cyber security researchers claim to have discovered a previously undocumented backdoor specifically designed for Microsoft SQL servers that could allow a remote attacker to control an already compromised system stealthily.
Attention Linux Users!
A new vulnerability has been discovered in Sudo—one of the most important, powerful, and commonly used utilities that comes as a core command installed on almost every UNIX and Linux-based operating system.
Apple iTunes and iCloud for Windows 0-Day Exploited in Ransomware Attacks
The cyber criminal group behind BitPaymer and iEncrypt ransomware attacks has been found exploiting a zero-day vulnerability affecting a little-known component that comes bundled with Apple's iTunes and iCloud software for Windows to evade antivirus detection.
Shortcut Virus Removal
Shortcut Virus Removal tool
The malware has different names but they all start with "cc" and has extension of one of the following.
It hides contents of removable drives and creates a shortcut and sets its name as target of the shortcut. It creates a hidden nameless folder and then moves all the removable drive contents in to the nameless folder. It always stays on memory and detects when a removable media is inserted.
It copies itself on to temp directory and creates registry value to enable automatic startup of the malware when computer starts.
It also communicates with other malicious servers and sites around the world to download and spread more malware.
- Start task manager
- Find one of the following two processes (if they are running) under explorer.exe process and then kill (terminate) the process.
- Wuauclt.exe (for 32 bit windows)
- Svchost.exe (for 64 bit windows)
- Checkthe current "user account" name and then use it as Userprofile on the next step also, Check the "all users account" name and then use it as Allusersprofile on the next step
- Check paths of registry keys (Userprofile\local settings\Temp or Allusersprofile\local settings\Temp) and look for malware path value. (\local settings\temp\cc(variable_name).(exe, com, cmd, scr, pif, bat)
- Go to the malware path and delete it
Using shortcut removal tool
- Download ShortCutFixer.zip file
- Unzip ShortCutFixer.zip file
- Run the tool with administrator privilege and then click remove virus button
About Shortcut removal tool
- Developed using C
- It first checks whether the processes (\windows\system32\wuauclt.exe or \windows\syswow64\svchost.exe) are running and infected. It does this by retrieving the load address of the process on the memory and check the PUSHfollowed by RET signature, If found it will kill the infected process.
- Then opens the registry key values (Userprofile\local settings\Temp or Allusersprofile\local settings\Temp) and checks "\local settings\Temp" is present on the path. Also checks "cc" is present on the name of the file from the path value and the extension is one of (exe, com, cmd, pif, scr,bat). If case is matched, it will delete the malware and then correct the registry settings or removes the value entry from registry