Attempts to install a Windows ad blocker should be treated with caution as it may be malware.

A very malicious Trojan horse that combines ransomware and cryptocurrency miners is posing as an ad blocker called AdShield Pro, Kaspersky says in a new report. The malware has attempted to infect more than 7,000 machines since February 1.

The malware also poses as OpenDNS networking software, NetShield ad blocker, and Malwarebytes anti-malware software, Kaspersky said. The fake software is often discovered through malicious websites that appear in search results. According to an avast report, a fake version of Malwarebytes targeted more than 100,000 PCs in August 2020.

Whatever software this Trojan masquerades as, the end result is that a ransomware/coin miner combined with XMRig is installed on your machine. In fact, this malware will use your CPU to lock your files before it can begin mining the Monero cryptocurrency.

"Just as users see the ransom note, their computers have already started making money for cybercriminals," said an earlier Kaspersky article written about XMRig this October.

The malware also downloads and installs a legitimate version of the Bittorrent client Transmission, creating a backdoor that allows criminals to remotely access and control the machine. It also reroutes the PC's DNS settings so that searches for website addresses are resolved by the attacker's own servers, blocking connections to anti-virus websites.

Additionally, it attempts to evade detection by comparing the actual system profile with the one in the Windows license file; if the two system profiles do not match, the malware runs on a virtual machine that is commonly used by information security researchers and halts the installation process.

Ransomware locks files, coin miners boost CPUs, hijacked DNS sends web queries to God knows where, and the human attacker behind the malware takes control of the machine.

To avoid this unfortunate situation, always download OpenDNS and Malwarebytes from their official sites.

We would say the same for AdShield and NetShield, but we have found that there are several different programs online using their respective names, so it may be best to avoid them all. (Of course, you should run the best anti-virus program that detects and disables this threat before it is installed.