BugsFighter

Aesir Ransomware is another crypto-virus in the generation of Locky ransomware family. Virus uses RSA-2048 and AES-128 encryption algorithms. Aesir detects and encrypts more then 450 file types, and most sensitive are user documents, pictures and videos. Now it appends .aesir extension and has some minor technical changes in comparison to previous versions. This crypto-virus renames files with complex and random 24-character alphanumeric code separated by dashes. Ransom amount is huge: 3 BitCoins (~$2200) and there is no earthly use to pay it. Malefactors, who created this malware never send decryption keys. Aesir modifies desktop background with an image that contains information about the infection and instructions for user to pay.

SurfBuyer is unwanted advertising program that displays ads and pop-ups in Safari, Google Chrome and Mozilla Firefox browser on Mac. Ads can promote various things, like rogue software for Mac, discounts, shopping deals and other type of doubtful offers. Application installs without user permission and starts generating advertising content. In some cases adware installs "SurfBuyer" extension in browsers.

Amisites.com is malicious search engine, that alters browser settings in Google Chrome, Mozilla Firefox and Internet Explorer. It overwrites values of homepage and default search engine in all this browsers and modifies browser shortcuts. Hijacker adds "amisites.com" to the "Target" field in shortcut properties and browser always open this website in the new tab. Amisites.com redirects user search queries to "google.com" or "yahoo.com", but collects typed data and users browser information to sell this data to advertisers.

Play-bar.net is questionable website by Via Advertising Group Limited, that acts like search engine. It is distributed with freeware and installs as default homepage, newtab and search engine in Google Chrome, Mozilla Firefox and Internet Explorer. This search redirects user queries to search.safefinder.com and then to search.yahoo.com. Main page can be customized by color and offers links to various games and shows local weather.

Thor Ransomware is the newest version of the file-encryption virus. It comes from "Locky" ransomware family, that uses asymmetric cryptography (RSA-2048 and AES-128 encryption algorithms) and appends various file extensions to encrypted files. This family uses names of Thor comics character: .locky, .odin or some other random names. Now it uses .thor extension, and modifies the name to the set of 32 random letters and numbers. Technically, new virus uses same technology, but updated security keys, so old decryptors won't work. Ransom amount is the same: 3 BitCoins. Thor ransomware substitutes desktop background with image with information about the infection and instructions to pay the ransom.

Web-start.org is another malicious search engine from the series of hijackers for Google Chrome, Mozilla Firefox and Internet Explorer. This threat replaces default settings in this browsers, such as homepage, search engine and new tab and redirects search requests to plusnetwork.com. This website is related to Messenger Plus! software and notorious Reimage Repair. One of the tricks this hijacker does, is that its URL is written into browser shortcut properties.

From a technical point of view, Webstarts.biz is not a virus, but the infection that modifies browser settings. Its main feature is that after penetrating the computer, it changes the settings of your web browsers such as Internet Explorer, Google Chrome, Opera as Mozilla Firefox, installing web site Webstarts.biz as your homepage and search engine. It also infects browser shortcuts on the desktop. Thus, if you run any of the browsers will always be open this site.

Appearing of Footybase.com in your browsers as a homepage is a sign of hijacker infection. Browser hijackers are not very harmful, but quite irritating and unpleasant. Footybase.com resembles Google.com and substitutes homepage and search engine in Google Chrome, Mozilla Firefox and Internet Explorer. It also makes changes to the properties of the browser shortcuts on the desktop. Due to that, browser still open Footybase.com even after you removed it and reseted settings.