Locky is Back! Notorious ransomware reincarnated in Diablo6

A new spam campaign is circulating around emails as well known Locky ransomware is trying to push a new version of the old virus into the market – Diablo6. As a part of the socially responsible cyber security community, we feel the urge to inform you about the distribution of this deadly infection and raise awareness.

International Business Times (IBTimes) dedicated an article to this infection and disclosed that cyber criminals are asking for $1600 as a ransom payment, which is a lot of money (1).


Diablo6 virus

It is not yet clear if this Diablo6 ransomware is just a shot in the dark, foolish attempt to bring Locky virus back to the life, or it’s a well-planned attack which will have consequences similar to the ones after Locky hit the cyberworld. However, depending on the way it is distributed, it looks like there are some professionals behind it. We have already mentioned, that this virus is distributed as an attachment to the spam emails. Those emails are targeted to the audience that is very wast so basically anyone can become a victim of this dangerous virus. But is it the end of the world if you get hit with Diablo6? Obviously not. It all depends on how good your are prepared for it.

How to protect yourself against Diablo6/Locky?

Cyber security experts at 2-viruses.com issued a decent guide how to eliminate this infection and be prepared not only for Locky, but all kinds of similar viruses (2). Please notice that there is no way to decrypt files that have been encyrpted with ransomware this threatful, yet you can properly prepare and be ready for attacks like this. Some of the main points:

  1. Good back-up is the key. No infection can pose a threat to you if you constantly back-up your files. It can destroy all your operating system with all files and registries, but if you have a back-up, you will be able to restore everything within a minutes. It’s important that the back-up is stored on an external storage or cloud because otherwise the back-up file can get corrupted as well.
  2. Real-time protection. Anti-malware application with a real time protection feature can prevent you from downloading suspicious files or opening attachments that can pose a threat, so it would definitely help.
  3. Avoid unreliable sources. Only visit websites that are officially legitimate, don’t download software from unreliable sources and most importantly – stay away from emails from spam category.


1 – IBTimes

2 – 2-viruses

Cerber ransomware nightmare has returned: its more frightening than ever

Ransomware infections (1) have been around for years now, but their dominance in the cyber-world has only become evident in 2017. There had been local attacks, like infections that focused on people from Ukraine (2), or the ones that broke out in the worldwide level (3). Nevertheless, Cerber crypto-virus remains to be one of the most frightening ransomware threats of all time, and new samples continue to pop out.

Cerber ransomware is back

In August, an elaborate sample of Cerber malware has been detected to haunt people with a new tactic: to infect computer devices and steal users’ bitcoin wallet credentials.(4) As soon as these accounts are accessed and wiped clean, there is no way of restoring the wallet because hackers delete it.

This sample from ransomware category has matured with many developments. To find out more about the way this infection functions, which files it encrypts and so on, we recommend you to read an article from 2-viruses.com. This analysis will provide with all of the essential details that need to be learned about Cerber crypto-virus.

There had been many stages of activity for Cerber computer infection. First of all it debuted as a rather unusual and well-designed ransomware. After some time, it was found available on underground forums and its most popular method for distribution appears to be exploit kits. Shockingly, according to the analysis by Google, hackers behind Cerber have managed to obtain $6.9 million dollars as revenue (5). Sadly, these crooks are still unidentified.

This malware variant does not plan to leave the business of file-encoding anytime soon. As long as authors of these infections will successfully obtain money from these hoaxes, ransomware will never be defeated. According to the reports from victims of Cerber file-encoder, it is clear that people from all over the world are targeted, beginning from Russia, Ukraine, Moldova, Spain, Portugal, France and Denmark.

Of course, infected victims will certainly feel more comfortable if they will be able to read the content in their own native language. You can find instructions for removal and additional information about this infection in Spanish, Portuguese, French and Danish languages.

Please remember that paying for decryption of files only makes ransomware authors continue working on their projects and ruining lives of innocent online surfers. To make sure that you do not suffer from a similar fate, we advise you to always update your software and operating system; if you do this, many security gaps will be fixed. Also, back up your data in online storages as a precaution.


  1. What is ransomware? A guide to the global cyberattack’s scary method. Wired.com.
  2. Hackers who targeted Ukraine clean out bitcoin ransom wallet. Theguardian.com.
  3. ‘Petya’ ransomware attack strikes companies across Europe and US. Theguardian.com.
  4. Now Cerber ransomware wants to steal your Bitcoin wallets and passwords too. Zdnet.com.
  5. Google Study Quantifies Ransomware Profits. Threatpost.com.

Adware infections: prepare yourself for endless streams of advertisements

Ad-based parasites have become notorious for their aggressive and persistent marketing strategies, always aiming at the biggest revenues. Online advertisements, as we hope you know, are not always the most transparent and conforming with the essential rules of cyber security.

Their content could be misleading and deceptive, aiming to trick into believing clickable ads. If you decide to press a button on an ad, you could be auto-transferred to a remote website, possibly making it its mission to scam you or find out some personal and valuable information about users.

One specific question is constantly asked by people that have to battle adware infections: how did I become infected? Ads can be triggered by all sorts of applications: rogue browser extensions, add-ons, or desktop applications that receive a spot in one of the folders of your operating system. We have learned that banners. Pop-ups, widgets, in-texts ads can bother people every time they decide to explore the Internet. Some malicious tools can even modify the content of visited websites and implant sponsored material as if it belongs in the website.

Adware malware continues to implement similar strategies that it has engaged through the years. Have you ever encountered ads, stating “Warning! Computer Infected!” “Free scan! Your computer is full of Trojans and spyware!”? These pop-ups are called technical support scams that aim to lure people with guarantees to have their computer devices properly checked for malware viruses.

However, if you agree to allow an unknown executable/program to be set up in your OS, Trojan or other type of infection will be brought in as well. In some cases, helpline numbers are incorporated into these scams and concerned people can contact alleged Microsoft technicians. This might create some level of credibility, but even if you engage in a conversation with an actual person, this will only mean that the scam is more elaborate and aims to swindle money in more convincing ways.

One specific theme for advertisements is online shopping coupons and rivalry prices from other vendors. While browsing through items from Amazon or other online shop, you could be presented with a list of similar merchandises. Therefore, many adware applications take a form of “online shopping assistants” and hope that people will feel more eager to utilize them. Ad-networks are mostly obsessed with monetization possibilities. Every new client is probably seen as a dollar bill and not a person to be assisted during his/her online shopping.

One specific tool is called DealPly: it is advertised as a free, safe and friendly browser app which will eagerly present more affordable alternatives for the items users have recently reviewed. Lowest deals from Amazon, eBay and other online shops are guaranteed. However, the tool fluctuates between being a potentially unwanted program (PUP) and a adware tool. Read more about this add-on on 2-viruses.com. 

WinDealist adware

WinDealist is an adware program displaying tons of annoying content. These are popup ads displayed when visiting a lot of commercial web-sites like Amazon, Walmart, BestBuy, etc. These ads are displayed when you move your mouse towards some items being sold, and then you will see “See Similar” button popping up. Soon WinDealist window appears with several proposal for you to buy.

Continue reading

Desk 365 Adware – how to avoid popups

Desk 365 is an adware program that infiltrates into computers bundled with free programs from the Internet. The program was developed by 337 Technology Limited few months ago. It claims to be a tool that will help you managing your programs, desktop shortcuts and provide you easier access to the applications you are using the most.
Desk 365 adware is often installed with 22find browser hijacker which is also known as a nasty application. Together these programs cause many of changes in your browser. For example, it replaces your homepage with 22find.com and also alters your default search provider. As a result your search results will include many sponsored links that Desk 365 is responsible to promote, you will be frequently redirected to unknown websites, receive numerous ads, etc.
In addition, the program can track your browsing activity and even send it to the third parties which later can use it for malicious purposes. After finding out certain information about your browsing habits, it can later display various targeted ads on your system which is an efficient way to promote things but very annoying for you.
You should always be very careful about your installations and try to avoid any unwanted programs reaching your system. As you see this can lead to many unpleasant activity on your system. If your browser has already been affected, remove Desk 365 from your system as soon as you detect it on your computer. You can find full removal instructions on 2-viruses.com.

RegClean Pro – How to Remove it?

regclean-proRegClean Pro is a rogue anti-spyware program (a rogue registry cleaner), very similar to RegClean or RegClean 2008. It works as follows: a free trial version of the program is installed to a computer; it imitates a system scan and uses various psychological techniques in order to convince its victims into buying a full version of the program.

After RegClean Pro performs a registry scan, it displays a false and exaggerated report full of registry errors. The only solution to the problem that the messages suggest is purchasing of its full version. There is no need to tell that your computer does not have any issues listed in these warnings except for RegClean Pro itself. Please note that even though it displays Microsoft Gold certificate in its webpage, the application is in no way related to the latter company.

In order to fix your PC you should remove this rogue application as soon as possible. Although rogue anti-spyware removal is typically a difficult task there are legitimate tools and removal guides available that can help to get rid of RegClean Pro.

Smart Address Bar is Responsible for Redirections

Smart_Address_BarMany computer users complain that their home page, default search engine and new tab page has been changed to search.smartaddressbar.com or smartaddressbar.com out of nowhere. They think it is a virus responsible for these redirections. The truth is that unwanted changes are caused by Smart Address Bar – a browser extension that gets installed to computers without a clear user‘s consent.

It is not a virus and does not cause any direct harm to your PC but it might be very annoying due to redirections and advertisements displayed. Moreover, it collects information about your Internet browsing habits and sends it to a remote server. The data is usually used for targeted marketing campaigns. Now many know that such search tools like search.smartaddressbar.com or smartaddressbar.com display advertisements among search results without marking them any different. As a rule of thumb the owners of the tool do not take any responsibility for the content displayed therefore it is not surprising that some of the links promoted might be corrupted or lead to malicious websites this way infecting your computer with viruses.

Please note that having Smart Address Bar installed to your computer and experiencing redirections does not add any value to your computer using. On the contrary, it only increases a risk of getting system infected with malware. It is strongly recommended to remove this browser hijacker and any other unwanted applications that might have come with it as soon as possible. For more information please refer to Smart Address Bar removal guide here. In order to avoid similar changes in the future be careful when installing any free applications as many adware and browser hijackers come bundled with them. We recommend using custom installation, reading installation wizard very attentively and removing any check boxes for the applications that are unfamiliar to you.

System Doctor 2014 Virus- How to Remove the Infection?

System-Doctor-2014System Doctor 2014 Virus is yet another rogue antivirus that aims to swidle your money away from you. As many similar programs, it immitates a work of a legitimate antivirus. To make it even more realistic cyber criminals draw a professionally looking interface, programmed the virus to cause various system errors such as blocking applications and access to Internet, not talking about popup warnings, the text of which is similar to this:

Warning! Infected file detected!
Location: File system
File name: chrome.exe
Level of threat: 4
Behavior description: Destroys and infects system files
To keep the computer safe, the threat must be blocked
Recommendation: You are using a limited version of System Doctor 2014. Please activate System Doctor 2014 to resist all virus threats efficiently.

System Doctor 2014 Virus is usually distributed using Trojans. After it is injected into the system, the program makes changes for it to be launched every time a computer is turned on. It immitates a PC scan, supposedly finds infections and informs about them a computer user. As a solution to the problem it offers a full version of System Doctor 2014 to be bought. This is how cyber criminals get money and credit card information. If you already made a payment, contact your credit card bank as soon as possible in order to protect your financial information and dispute the charges made.

There is no need to tell that paying for the complete version will not fix your computer. You may wonder how to remove System Doctor 2014 Virus if your antivirus is blocked and you can not download anything from Internet. Please read System Doctor 2014 Virus removal instructions and watch a video before taking your computer to a technician. You may fix PC yourself by following the steps available and using reliable antimalware removal tools.

Hotstartsearch.com Hijacker

hotstartsearch-comHotstartsearch.com hijacker is an unwanted application responsible for redirections to its promoted website as well as displaying of advertisements while browsing the Internet. Although it is possible to download application from its official website, usually computer users do not know how these redirections started and what caused them. One of the most common ways of getting Hotstartsearch.com hijacker installed to your computer is by adding it bundled with freeware or shareware.

Besides the obvious inconveniences caused by this application such as replacement of your home page, default search engine and new tab page with its own, Hotstartsearch.com also alters your search results. Instead of relevant links you get advertised ones mixed in the top results making you click on them and this way generate money for the search engine developers. Another issue related to having this unwanted application is breach of your privacy when your Internet browsing habits are recorded and later sold to third parties or used for marketing campaigns.

Those that want to get rid of Hotstartsearch.com hijacker should know that it is not a virus therefore will not be detected by many antimalware tools. For more information about this browser hijacker’s removal please visit 2-viruses.com. In order to avoid similar infections in the future always select custom installation when adding any free application. Read carefully installation wizard steps and remove checkboxes for any unfamiliar applications to be added by default.

ILivid – a Browser Hijacker Responsible for Redirections to iLivid.com

IlividILivid is a browser hijacker that causes redirections to iLivid.com or other websites being promoted. Usually a computer user does not know how and why her home page, default search engine and new tab page are changed to those unfamiliar to her. Moreover, if she tries to reset the preferences via browser settings, these do not stay active. It is not surprising that many think their computer got infected with a virus.

Yet you should know that iLivid is not a virus and does not cause a direct harm to your computer. This is one of the main reasons why many antivirus tools do not pick it up and once you scan your system, do not show any threats. Besides being very annoying due to constant redirections iLivid also causes pop-up ads to be displayed. It also uses various tracking technologies, for example, cookies for monitoring your online behavior, such as what websites you visit, how long you stay there, what keywords you enter, etc. All of this information is sent to a remote server and might be used for various purposes, most often for targeted advertising. Please note that this data might also be sold to third parties.

It is recommended to remove iLivid not only because it is an irritating application but also due to the fact that it increases a risk of your computer getting infected with viruses via malicious links and advertisements. As mentioned above, not all of antivirus tools can detect this type of threat. For more information and removal tips please refer to iLivid removal guide here.