eSolutions presents with new and more convenient design is one of eSolutions projects launched several years ago with a pure desire to help PC users fix their computers. After reading our guides, users can solve their problems without a need to go to tech experts and pay them money. If bothered, they can fix annoying errors, uninstall unwanted programs, recover lost files, improve their functionality and solve the entire list of other PC-related problems. Besides, our team has been trying to include every important event to Ugetfix “News” category to help its visitors keep up with the latest tech changes.

We are very happy that our efforts haven’t been forgotten – since the first day, our site has been gaining more and more trust from our users. So, we decided to improve it a little bit and help people get the best experience. After the latest changes, you can add your question to Ugetfix project just by hitting “Ask” button (you cannot miss it now). All topics are listed in front of your eyes, and recently added questions with answers can be seen just by scrolling down the site. So, if you found yourself in trouble related to your computer, go ahead and leave your question to Ugetfix team!

Small and medium size businesses have become the main targets of ransomware

Recently, security experts reported about a new tendency showing that small and medium size businesses have become the main targets of ransomware authors. The explanation is very simple: scammers are aware of the fact that employees are curious creatures who can hardly resist the temptation to look at the attachment sent to them by an unknown sender. Besides, they know that after using the virus to encrypt the entire network of the company they can make more – owners of small and medium size businesses are much more vulnerable than home users, so they are ready to pay larger sums. However, you should NEVER think about paying a ransom to cyber criminals because you can be left with no money and no files.

Last month was especially active for hackers trying to mislead random companies and infect them with Spora, BTC ransomware, and many others. To make their employees to open an infected attachment and/or extract the attached file, they have set a bunch of spam campaigns using such titles: Office, Support, Sales, Cleints, Credit Control, Customer Support, etc. Beware that such emails are usually filled with real companies, telephone numbers, names and addresses, so you can easily find them on Google. However, these people have no idea that someone has just started using their names and similar information to mislead users and infect them with malware. Before opening the attachment, you should try to contact the sender first. Also, enable the protected view and disable macros on your and colleagues computers to protect yourself from social engineering.

Fake Flash Player ads on Skype push malware to users

According to several users’ complaints that recently appeared on Reddit and Twitter, the official Skype application pushed malicious Adobe Flash Player ads to users. It appears that users received a malicious ad right after logging into their Skype accounts, which suggested installing FlashPlayer.hta file. Now what happens next can shock you. If the user agrees to install it, thinking that a legitimate software like Skype suggests installing required piece of software or update, the malicious JavaScript code inserted into the .hta file runs a PowerShell script, which connects to a website that hosts malware and downloads it from there. Currently known domains that hosted the final payload were oyomakaomojiya(.)org and cievubeataporn(.)net. However, both domains were taken down quickly; therefore malware analysts were not able to reach them and download a sample of the malware from any of them.

Researchers also discovered that both domains were registered using email accounts that were used to set up numerous questionable websites, and IP addresses used to host some of them led to servers that were used to host even more infectious websites. Reportedly, these sites were used for malware distribution and helped to propagate malicious JavaScript files. If you didn’t know this yet, such files could deliver ransomware, Trojans, or other malicious programs right into your computer system.

It goes without saying that the attack against Skype users was carried out by a well-organized cyber crime gang. It seems that this group continuously registers new domains and shuts down the old ones daily, trying to keep malware researchers away from the malware samples they push to victims. Although no more malicious ads were spotted in the next few days, we recommend you to be careful and stay away from any suspicious ads that might appear on Skype. Make sure your anti-malware software is running, and if you want to be aware of tricks scammers use to attack Skype users, read this article about Skype viruses. Recently, a big number of users complained about a suspicious virus that hijacks their accounts and arbitrarily sends out odd hyperlinks to all contacts.

Improving your company’s security

Business can connect people for different challenges. However, when people are working on improving their company’s financial grow and similar indicators, they usually forget about security. It is a shame because nowadays there are various risks related to the entire company, its clients, and employees. What could be done to improve the security level of your organization? Here are the main things to take care of:

  1. Educate your employees about Internet malware and its capabilities. Make sure you let your coworkers know about the latest viruses spreading on the Internet and their distribution techniques. Each of your employees should know the latest techniques used by ransomware, adware, tech support scam viruses and similar malware that can easily put your business to danger.
  2. Ask your colleagues to start using strong passwords and help them understand that business security is different from the personal security. When using your business profiles, they should forget about “12345”, “password” and similar passwords that are not secure.
  3. Let your people know about the danger of outdated software. Almost every business uses such devices as PCs, routers, printers, and internal servers. Make sure that they are kept up-to-date so that they to could perform at their best. It goes without saying that you need to update your anti-virus software daily to prevent infiltration of the latest viruses. If automatic updates are disabled, you should oblige someone to patch updates manually to prevent vulnerabilities in your business devices.
  4. Look for alternatives for the cloud computing. No matter that companies have been widely switching for cloud to store their sensitive data, security experts do not recommend keeping intellectual property there. Think about dangers rising after a cloud service is breached – hackers can easily try to get the access to your company’s sensitive data.
Most aggressive browser hijackers

Watch out for the latest in browser hijackers –, and

It is obvious that ransomware is one of the most common computer virus types today. Cerber, Spora and Locky viruses already managed to prove victims that ransomware attack is no joke. However, ransomware is not the only computer program that can pose a threat to your computer system and your privacy. Our team points out that in 2017, developers of shady browser hijackers noticeably intensified production and distribution of potentially unwanted programs that are meant to take control of user’s web browser and push sponsored content via it. Most of the time, such questionable companies set up dozens of identically looking websites that provide web search function and create programs that change user’s browsers’ settings to make them launch a particular search engine automatically. What annoys us so much is the fact that these browser-hijacking programs are distributed in a legitimate way, which we consider to be quite unfair. These programs usually accompany various free programs, which do not adequately inform the user about their existence during the installation process.

So far the most common and bothersome browser hijackers seem to be, virus, and virus. The last one is especially intrusive and deceptive one, and unlike the others, it doesn’t even promote a search engine. This browser hijacker is very hard to remove because instead of installing programs or browser extensions, it adds a VBS Script into Windows Management Instrumentations, which makes web browsers launch site automatically. Speaking about redirect virus, we must say that it tries to promote a fake copy of Google search engine, which can easily trick inattentive victims into using it. Finally, hijack brings an unpleasant search tool that always fills search results with paid links. Clicking on any links provided on sites promoted by these browser hijackers can be dangerous. Although it is possible to remove such browser hijackers manually, our team recommends using anti-malware programs as they can delete the infection in a faster and safer way. The Esolutions team would like to remind you to stay clear of suspicious content online, install computer programs carefully and using Custom/Advanced settings only, and protect your computer with an anti-spyware or anti-malware program even if you have an antivirus. Such software helps to detect all kinds of spyware and malware whereas antivirus might only be good at detecting severe viruses.

Bitcoin value goes up. What should we expect from ransomware developers?

You might have already heard that the value of one Bitcoin has just reached the price of an ounce of gold. At the moment, one bitcoin will set you back $1,268, while one ounce of gold will cost you $1,233. Unfortunately, such rise can seriously encourage more hackers to step into ransomware business. Security experts have already announced that the amount of ransomware families keeps growing and has nearly doubled when compared to the last year. The same can be reported when discussing a typical ransom fee. During the last years, it has increased from several hundreds of dollars to $1K. For example, an infamous Locky ransomware requires 0.5-1 BTC. In the meanwhile, newer viruses, such as Sage 2.0 ransomware or Aes256 ransomware, have started requiring from 2 BTC to 10 BTC. 
To prevent such enourmous money loss, you need to back your data first. Keep in mind that each of your important files should be saved in more than two destinations, including your hard drives, USB sticks or clouds. Then, take care of your system’s protection properly. After installing anti-spyware software, make sure you keep it up-to-date.

Youndoo virus renews its activity

2016 was a busy year for security experts – computer virus business was booming and everyone was asking for help. Of course, the main problem which caused a serious havoc on the Internet was an infamous Locky. As soon as this ransomware showed up, the amount of infected users increased from 23,000 to 56,000 cases per month. However, the latest trends reveal that there is a lot more to come in 2017. New viruses, including Spora ransomware, HakunaMatata or Help_Help_help virus (new Cerber’s version), have already emerged. Nevertheless, it seems that we should not forget the old ones.

Security experts are reporting about a fresh tendency – reappearance of well-known viruses that were launched back in 2015 or 2016. We have already notified you about Crypt0l0cker which was first detected in the middle of 2015. Beware that it has just been noticed starting its second round of propagation. It seems that we should also not forget Youndoo virus. The most affected countries seem to be Denmark, Germany, Spain, Portugal and Hungary. Please, be careful with this browser hijacker. No matter that it is not capable of encrypting your files, it can cause unauthorized redirects on your browser. Browser redirects have already been named one of the main ways leading PC users to the infiltration of malware.

Guide that will help you avoid Hakuna Matata ransomware

Hakuna Matata ransomware came out to light in the middle of January 2017. First of all, it seemed to be like an ordinary virus which is ready to have its one second of glory. After helping its developers collect some income, it was supposed to let another ransomware take its seat, but it seems that it is not ready yet. The number of affected users keeps increasing each day, so you need to be focused enough to avoid this malware. Otherwise, you can lose your files, your money or both as there is no guarantee that hackers will give you an effective decryption key after you pay the money.

You know that you are infected with this ransomware when you see ‘.hakunamatata’ extension next to your filenames. Usually, these files become completely useless because this ransomware tends to encrypt them with AES256-bit and RSA-2048 encryption algorithms. You cannot recover these files yourself because of a very strong cipher used by this malware. The main aim of doing so is the money which is asked in exchange for a special decryption key. Virus seeks to encrypt as much victim’s data as possible, so make sure that you remove Hakuna Matata as soon as you notice its activity on your computer. For that you can use any reliable anti-spyware or anti-virus software. However, it cannot recover encrypted files.

If you what to prevent this ransomware, you need to remember several rules:

Stay away from spam – Hackers have been actively relying on social engineering while trying to infect PC users. To stay safe, make sure you carefully read messages from well known organizations and institutions before downloading attachments provided by them. Opening an infected document can launch Hakuna Matata virus on your computer.
Ignore misleading alerts and pop-ups – If you were offered to update your browser or Flash Player while browsing the Internet, it might be a scam. You should use only official websites to update your software, so forget about illegal download websites distributing pirated copies of software.

Crypt0l0cker is expected to begin the second round

We must warn you about the growing danger of Crypt0l0cker ransomware. It seems that Europe is the main target of this virus which is also known as TorrentLocker. To protect yourself and prevent a need to pay the ransom fee to cyber criminals, make sure you back up your files. Ransomware viruses are now capable of encrypting the entire network, so you need to find a safe place to your files. While we haven’t received any reports from Crypt0l0cker victims yet, we can see a clear increase in this search term what makes us believe that its developers have already started promoting its installer.

To avoid the newest, Crypt0l0cker 2017, you must know each of its distribution methods. Here are the most popular ones:

  • Fake email messages with infected attachments. Mostly, ransomware installers are presented in fake emails claiming to be financial and business reports. Hackers are trying to convince their victims that they are communicating with one of their colleagues. If an email message seems suspicious, make sure you ask the sender about it directly.
  • Infected pop-up messages and illegal websites. You can also get infected with ransomware via misleading pop-up messages offering free updates and “missing” software to the potential victims. Believe us, you don’t need anything. If you need a program, visit its official website and be sure that the needed file is safe.
  • Legitimate websites hacked by ransomware makers. Hackers have already started using a more sophisticated technique to promote their ransomware – after infecting the legitimate site with the malicious JavaScript, they make this website to show a fake error message, such as HoeflerText font wasn’t found error. Make sure you ignore such errors to prevent infiltration of ransomware and the loss of your files.

eSolutions review on Spora ransomware

Spora ransomware was introduced by its developers in the beginning of 2017. However, it has already managed to impress security experts by its encryption procedure, a well-made official website and a ransom notification. This virus is considered one of the most aggressive ones because it doesn’t need the Internet connection to encrypt victim’s files. Infected documents do not change their extensions, but you can’t open them. When trying to do that, you can see the notification that reads:

XXX can’t be opened.
This document is either corrupt or protected under Rights Management.

Infected users are also asked to connect to the payment site of the Spora ransomware to know how much do they need to pay for the decryption of their files. The most surprising thing that we found after connecting to this site is that you  can choose the amount of money are you willing to spend on the ransom. Of course, the less you pay, the less you can decrypt. Also, there is a dialogue window on the right where you can leave your question to the developers of Spora ransomware. This “customer” support has surprised even the most experienced security experts because it gives you an opportunity to talk to hackers. The first example of this malware used Russian language and was spread as Скан-копия _ 10 января 2017г. Составлено и подписано главным бухгалтером. Экспорт из 1С.a01e743_рdf.hta file. However, its developers are not silly to miss a change to increase their profit – to collect as much ransoms as possible, they launched English version of Spora ransomware after several weeks of testing their initial virus. Beware that this version has just started spreading via USB sticks, so anyone who connects his/hers USB stick to your computer can infect you with this ransomware virus.