Virus and Spyware Removal Guides, uninstall instructions

What is the Mars stealer?

Mars is a piece of malicious software classified as a stealer. Malware within this classification operates by extracting content and information from infected devices. This applies to Mars as well; it can stealthily obtain a wide variety of data. Therefore, the threats posed by this malware are quite broad.

What is Reqg ransomware?

Ransomware is monetized by getting paid for a decryption tool - it encrypts files so that victims could not access them without a decryption tool purchased from the attackers. Reqg encrypts files and appends the ".reqg" extension to their filenames. For instance, it renames "1.jpg" to "1.jpg.reqg", "2.jpg" to "2.jpg.reqg", and so on.

Typically, malware of this type generates a ransom note. This particular ransomware creates a text file named "_readme.txt" - it is a note that provides contact and payment information. Reqg ransomware belongs to the ransomware family called Djvu. There are many other variants belonging to this ransomware family.

What is Harmagedon ransomware?

Ransomware prevents victims from using their files by encrypting them and provides instructions on how to contact the attackers, pay for a decryption tool, and other details. Harmagedon is part of the Makop ransomware family. It encrypts and renames files. Also, Harmagedon creates the "readme-warning.txt" file (a ransom note).

This ransomware renames files by appending a victim's ID, harmagedon0707@airmail.cc email address and the ".harmagedon" extension to their filenames. For example, it renames a file named "1.jpg" to "1.jpg.[9B83AE23].[harmagedon0707@airmail.cc].harmagedon", "2.jpg" to "2.jpg.[9B83AE23].[harmagedon0707@airmail.cc].harmagedon", and so on.

What is ExtendedTransaction?

ExtendedTransaction is an adware-type application with browser hijacker qualities. Following successful installation, this piece of rogue software delivers intrusive advertisement campaigns and modifies browser settings to promote fake search engines. Additionally, ExtendedTransaction likely has data tracking abilities.

Due to the questionable methods used to distribute adware and browser hijackers, they are also classified as PUAs (Potentially Unwanted Applications). It is worth noting that proliferation via fake Adobe Flash Player updates is common for software like ExtendedTransaction.

What is OnlineExplorer adware?

OnlineExplorer is the name of a potentially unwanted application (PUA) designed to operate as adware and a browser hijacker - it generates advertisements and promotes a fake search engine (its address). It is worth mentioning that applications like OnlineExplorer usually are distributed using deceptive methods.

What is JRB ransomware?

JRB is a malicious program that belongs to the Dharma ransomware family. Systems infected with this malware experience data encryption and receive ransom demands for the decryption. In other words, victims cannot access the files affected by JRB, and they are asked to pay - to recover access to their data.

During the encryption process, files are retitled according to this pattern: original filename, unique ID assigned to the victim, cyber criminals' email address, and ".JRB" extension. For example, a file like "1.jpg" would appear as something similar to "1.jpg.id-C279F237.[bidencrypt@onionmail.org].JRB" - after encryption.

Once this process is complete, ransom notes are created/displayed in a pop-up window and "info.txt" text file, which is dropped onto the desktop.

What is news-bobicu[.]cc?

News-bobicu[.]cc is an untrustworthy website designed to trick visitors into allowing it to show notifications and open questionable, potentially malicious pages. This page is similar to typiccor[.]com, tik-ttok[.]net, financesurvey365[.]org and a great deal of other pages. It is uncommon for these pages to be visited intentionally.

What is ClickStreamSearch?

ClickStreamSearch is a piece of rogue software categorized as a browser hijacker. It operates by making alterations to browser settings in order to promote the clickstreamsearch.com fake search engine. Additionally, ClickStreamSearch likely has data tracking abilities. Due to the questionable methods used to distribute browser hijackers, they are also classified as PUAs (Potentially Unwanted Applications).

What is BestForMac?

BestForMac has qualities of advertising-supported software (adware) and a browser hijacker - its purpose is to generate advertisements and change affected web browser's settings (promote a fake search engine). BestForMac is distributed via fake installer which is disguised as the installer for the Adobe Flash Player.

What is Krlock ransomware?

Belonging to the MedusaLocker ransomware group, Krlock is a malicious program designed to encrypt data and demand payment for the decryption. In other words, Krlock renders files unusable and asks victims to pay - to restore access to their data.

During the encryption process, affected files are appended with the ".krlock" extension. For example, a file initially named something like "1.jpg" would appear as "1.jpg.krlock", "2.jpg" as "2.jpg.krlock", and so on. After this process is complete, a ransom note - "Recovery_Instructions.html" - is dropped onto the desktop.