Security Alert: Handbrake Download Mirror was Compromised




Anyone who has downloaded HandBrake on Mac between [02/May/2017 14:30 UTC] and [06/May/2017 11:00 UTC] needs to verify the SHA1 / 256 sum of the file before running it.

Anyone who has installed HandBrake for Mac needs to verify their system is not infected with a Trojan. You have 50/50 chance if you’ve downloaded HandBrake during this period.”

If you have Handbrake installed on your Macs, you should check if it is compromised by this Trojan.


“Based on the information we have, you must also change all the passwords that may reside in your OSX KeyChain or any browser password stores.”


Malware, Malware and more Malware.

For the past week I have been removing a lot of Malware from a lot of computers running Windows XP, Windows Vista, Windows 7 and Windows 8. Some are harder to remove than the others. In general I’d like to avoid the Scorched-Earth scenario whenever possible, as it is the last resort.

Malware Script

There are a lot of ways to remove Malware, there is not a single solution.

Whenever removing Malware from Windows computers I tend to boot to Safe mode with a Command prompt and remove any Malware reference from “Run” key in the registry and Start from Programs Menu.

Some tools/programs that I use:

I then use Microsoft’s Malicious Software Removal Tool and Safety Scanner to for the second run of Malware removal.

There are a lot of other tools/programs that I use to remove the Malware whenever necessary.


Scam Alert: and

A Mozilla Firefox user reported popup ads from (
Another Mozilla Firefox user also reported the popup ads from (

Both links now show 404 not found, but not before we managed to grab a screenshot. It says:


WARNING! Your Flash Player may be out of date. Please update to continue


The site is also telling user:

Please Install Flash Player Pro to Continue

Remember folks, there is no such thing as “Flash Player Pro”.

The links on both “REMIND ME LATER” and “INSTALL” point to:

By clicking either button, an executable file will be downloaded.


A user sent us a note that similar popups from were found (


The “Install Now” link also points to


It seems that both (whois info) and (whois info) are registered by the same individual through GoDaddy on the same day (Feb 20, 2013).

The domain (whois info) is also registered through GoDaddy one week earlier (Feb 14, 2013).

By clicking the “Install Now” button, an executable file will be downloaded.


It is pretty obvious the individuals behind the domain names mentioned above are unscrupulous. Do not blindly download some programs just because a popup told you so.

To update Flash Player, download it direct from Adobe.