Have you ever heard the term “Trojan Horse”? You undoubtedly have if you are a frequent web user because this term describes some of the most malicious computer threats available on the Internet. Like the mythical wooden horse used by the Greeks to enter the city of Troy without anyone noticing, these malicious programs try to enter your computer without raising suspicion in order to establish remote access to your computer, that can be exploited by the hackers behind the Trojan. What makes this malware highly effective is that it is presented to the user as a seemingly legitimate and/or harmless program, a link, an email attachment or an ad, which, once executed, launches all kinds of harmful princesses in the background of the OS without the knowledge of the attacked user.

This article is dedicated to one extremely harmful Trojan-based infection named OSX/Linker. If you have landed on “How to remove guide”, we assume that you have most probably been faced with this threat and are now looking for a way to deal with it. That’s why, in the next lines, we will tell you everything that you need to know about the Trojans in general, as well as what you need to do to safely detect and remove OSX/Linker Malware from your computer.

Is OSX/Linker Dangerous?

The Trojans are very versatile threats, which means that they can be used for many different criminal tasks. Every Trojan infection comes with a different mission and can launch different harmful processes in the system it infects. Providing its creators with unauthorized access to your computer is just one of the things that you can expect from an infection such as OSX/Linker, WeKnow.ac or BlackSquid. The objective of this malware, however, could also be something completely different. For instance, keeping track of your activities, corrupting the files present in your computer, weakening the system security, inviting Ransomware, Spyware and other viruses into the OS, and many more.

Stealing confidential and personal information is another specialty of the viruses that belong to the Trojan Horse family. And as you may know, some of the most valuable virtual information is undoubtedly the financial information. For that reason, you should be especially concerned about the possibility of this Trojan stealing your banking data. If OSX/Linker manages to enter your computer, it is within the realms of possibility that, without any visible symptoms, the malware may acquire the username and password of your online banking account, or the numbers of your debit and credit car, thus allowing the hackers to steal your money right below your nose.

Something that further complicates the situation is the fact that a Trojan can be running on a computer for months without the user suspecting anything, but if you follow our recommendations on how to remove OSX/Linker, you may stand a chance of preventing the malware from messing with your data and your machine.

How to deal with OSX/Linker?

• Get a secure and reliable antivirus program and keep it updated.
• Never forget to update the software on your computer and its operating system.
• Always be cautious with emails from unknown senders.
• Do not follow links or attachments if you are not sure who is sending them or what their contents may be

SUMMARY:

[add_third_banner]

Remove OSX/Linker Malware

Step 1: Closing Safari (or any other browser that you may be using at the moment)

First, you will need to close your browser if it is still open. If you can’t do that normally, you will need to Force Quit it:

Open the Apple Menu and select Force Quit to do that. You can also use the ⌘ key + Option Key combination to open the Force Quit Applications dialog box. In this box, select the Safari browser (or whatever browser you are using) and then click on the Quit button. Confirm the action by selecting Force Quit again.

Step 2: Killing suspicious processes

Open Finder and go to Applications > Utilities and then open Activity Monitor. Now take a careful look at the processes there – look for any that seem suspicious, unknown and questionable. If you think that a given process may be the culprit behind the issue or may at least be related to it, highlight it with the mouse and select the i option at its top.

In the box that opens, click on Sample.

Scan the sample files with the online scanner we have on this page and if any of them get flagged as malicious, delete them and then kill their processes.

Step 3: Safely launching the browser

Hold the Shift from your keyboard and then launch Safari – holding Shift will prevent any previously opened pages to load again, just in case any of them were related to the problem.

If any problematic pages still load after you safe-launch the browser, then do the following:

Force-Quit the browser (Safari) again and then turn off your Wi-Fi connection by clicking on the Wi-Fi off option from the Mac Menu. If you are using cable Internet, simply disconnect the cable from your Mac.

Step 4: Uninstalling suspicious extensions

After you safe-launch Safari and are sure none of the previously opened pages load now, go to Preferences > Extensions.

Select and uninstall (by clicking on the Uninstall button) all extensions there that are unfamiliar to you or that you think may be suspicious. If you are not sure about a certain extension, it’s better to uninstall it – no extension is required for the normal functioning of the browser.

Step 5: Cleaning Safari

If you have other browsers aside from Safari, do the following:

In Safari, open Preferences from the browser’s menu and go to Privacy.

Select Remove All Website Data and then Remove Now. Note that this will delete all stored site data including any saved passwords and usernames. In other words, you will have to manually log-in to every site where you have a registration so make sure you remember your usernames and passwords.

Back in Preferences, click on General and see what your Safari’s homepage is. If it has been changed without your permission, change it back to what it used to be or to whatever you like it to be now.

Now go to the History menu and select the Clear History option.

Do the same to all other browsers you may have in your computer – here are examples with Chrome and Firefox.

[add_forth_banner]

Cleaning Chrome

Open Chrome and open its main menu, then go to More Tools > Extensions. Click on the Remove button next to all of the extensions that you do not trust.

Next, from the main menu, go to Settings and type Manage Search Engines in the search bar. Open the result that shows up and then delete all search engines other than the one you normally use by clicking on the three-dot icon next to the other ones and selecting Remove from list.

Back in Settings, type Reset and clean up and open the option that shows up (Restore settings to their original defaults). Confirm by selecting Reset Settings.

Cleaning Firefox

Open Firefox and then open its main menu. Go to Add-ons and open the Extensions menu from the left. Look at the extensions and Remove the ones you do not trust.

Next, open the menu again, go to Help > Troubleshooting information and in the page that opens, select Refresh Firefox and then confirm the action in the window that opens.

The post Remove OSX/Linker Malware (Mac Guide) appeared first on Malware Complaints.

BlackSquid Malware is a very stealthy computer infection, created by hackers with malicious intentions. The purpose of this malware is to secretly sneak inside your computer without showing any symptoms and to start launching different harmful activities in the background. If not detected and removed on time, BlackSquid might have fatal consequences for your system. For instance, it may mess with your files and the software that you have installed on your PC, as well as introduce some unwelcome and potentially harmful modifications in your settings and in the way the system operates. Such malware may also replace certain system components and install other ones that may damage the computer.

It is typical for most Trojans to perform activities that allow their creators to establish remote access to the infected computer or to secretly steal data from it. Generally, the types of harm caused by infections like BlackSquid may include online fraud, theft of important or confidential data, credit or debit card fraud, online banking attacks, draining of bank accounts, theft of identity, espionage and more. Unfortunately, it is very difficult to predict what exactly the malware can do while inside the computer because a given Trojan may be used differently in different situations depending on what the hackers behind it want to accomplish.

Nowadays, such infections are oftentimes used to insert other malware in the system and to create security holes which can be exploited by Ransomware, Spyware or other viruses.  Another common use of Trojans is related to their ability to turn the infected machine into a bot and use it to spread spam and malware. Additionally, an infection like BlackSquid and  Cve-2019-0708 BlueKeep may be designed to steal specific information, keep track of your keystrokes, hack into your webcam and mic and collect details that could later be used for blackmail and personal harassment purposes. That’s why it is highly recommended to remove such threats as soon as you detect them and thus block their attempts to cause even more harm.

Unfortunately, detecting a Trojan Horse can be a real challenge, especially for those of you who have never dealt with this type of malware in the past. The reason is, advanced infections like BlackSquid typically don’t show any obvious symptoms of their presence and try to remain undetected inside the system for indefinite periods of time. Therefore, if you rely only on being observant, you may not notice anything unusual unless some actual damage occurs as a result of the Trojan’s activity. If you have an updated and reliable security tool, however, you may have a better chance at catching the infection on time and preventing it from messing up your PC (or Mac). That’s why we always advise our readers to invest in professional software protection and run regular scans of the system to keep it safe and sound. If the antivirus is not able to deal with an infection like BlackSquid (yes, some advanced Trojans may have the ability to block security programs), here we have prepared a manual removal guide that you are advised to use. It contains instructions that when followed may help you remove the Trojan and all of its traces. Also, you can find a professional removal tool for quick automatic detection in the guide in case the antivirus that you currently have isn’t effective against this particular infection.

BlackSquid SUMMARY:

[add_third_banner]

Remove BlackSquid Malware Exploit

1: Preparations

Note: Before you go any further, we advise you to bookmark this page or have it open on a separate device such as your smartphone or another PC. Some of the steps might require you to exit your browser on this PC.

2: Task Manager

Press Ctrl + Shift + Esc to enter the Task Manager. Go to the Tab labeled Processes (Details for Win 8/10). Carefully look through the list of processes that are currently active on you PC.

If any of them seems shady, consumes too much RAM/CPU or has some strange description or no description at all, right-click on it, select Open File Location and delete everything there.

Also, even if you do not delete the files, be sure to stop the process by right-clicking on it and selecting End Process.

3: IP related to BlackSquid

Go to c:\windows\system32\drivers\etc\hosts. Open the hosts file with notepad.

Find where it says Localhost and take a look below that. 

If you see any IP addresses there (below Localhost) send them to us here, in the comments since they might be coming from the BlackSquid.

[add_forth_banner]

4: Disable Startup programs

Re-open the Start Menu and type msconfig.

Click on the first search result. In the next window, go to the Startup tab. If you are on Win 10,  it will send you to the Startup part of the task manager instead, as in the picture:

If you see any sketchy/shady looking entries in the list with an unknown manufacturer or a manufacturer name that looks suspicious as there could be a link between them and BlackSquid , disable those programs and select OK.

5: Registry Editor

Press Windows key + R and in the resulting window type regedit.

Now, press Ctrl + F and type the name of the virus.

Delete everything that gets found. If you are not sure about whether to delete something, do not hesitate to ask us in the comments. Keep in mind that if you delete the wrong thing, you might cause all sorts of issues to your PC.

6: Deleting potentially malicious data – BlackSquid

Type each of the following locations in the Windows search box and hit enter to open the locations:

%AppData%

%LocalAppData%

%ProgramData%

%WinDir%

%Temp%

Delete everything you see in Temp linked to BlackSquid Ransomware. About the other folders, sort their contents by date and delete only the most recent entries. As always, if you are not sure about something, write to us in the comment section.

The post Remove BlackSquid Malware Exploit appeared first on Malware Complaints.