Virus and Spyware Removal Guides, uninstall instructions

What is Artemis ransomware?

Artemis ransomware is a type of malware that encrypts files (makes them inaccessible/unusable), modifies their filenames, and generates a ransom note (the "ReadMe-[victim's_ID].txt" file). It renames files by appending the victim's ID, ultimatehelp@techmail.info email address, and ".ultimate" extension.

For instance, Artemis renames "1.jpg" file to "1.jpg.id[C279F237].[UltimateHelp@techmail.info].ultimate", "2.jpg" file to "2.jpg.id[C279F237].[UltimateHelp@techmail.info].ultimate", and so forth. Its ransom note provides contact information.

What is "Australia Post email scam"?

"Australia Post email scam" refers to a spam campaign. The letters sent through this campaign are disguised as messages relating to unpaid customs duties from "Australia Post". It must be emphasized that these emails are in no way associated with the legitimate postal service enterprise. This spam campaign aims to trick recipients into disclosing sensitive information and/or paying bogus fees.

What is MovieSearchOnline?

MovieSearchOnline is a browser hijacker promoting the moviesearchonline.com fake search engine. Since users typically download/install browser hijackers unintentionally, they are also classified as PUAs (Potentially Unwanted Applications).

What is news-keheza[.]cc page?

News-keheza[.]cc has two purposes: to trick visitors into agreeing to receive notifications and promote questionable, potentially malicious sites. The Internet is full of sites like news-keheza[.]cc, for example, ourhypewords[.]com, digitalcaptcha[.]top, and ralemploay[.]space. Users do not visit them intentionally.

What is "Baldur email virus"?

"Baldur email virus" refers to a malware-spreading spam campaign. The scam emails distributed through this campaign are presented as purchase orders. The "Baldur" spam campaign aims to infect recipients' devices with the Agent Tesla RAT (Remote Access Trojan).

What is AtomSilo ransomware?

AtomSilo is a type of malware that blocks access to files by encrypting them and renames every encrypted file by appending the ".ATOMSILO" to its filename. It renames "1.jpg" to "1.jpg.ATOMSILO", "2.jpg" to "2.jpg.ATOMSILO", and so on. As its ransom note, AtomSilo creates the "README-FILE-#COMPUTER-NAME#-#CREATION-TIME#.hta" file.

What is ourhypewords[.]com site?

Once visited, ourhypewords[.]com asks for permission to show notifications. Also, ourhypewords[.]com can open untrustworthy websites. It is similar to ralemploay[.]space, everyday-news-channel[.]com, tobaitsie[.]com, and plenty of other pages that are promoted through shady ads, other dubious pages, and potentially unwanted applications (PUAs).

What is the digitalcaptcha[.]top site?

Similar to ralemploay.space, everyday-news-channel.com, tobaitsie.com, ploringseav.space, and many others, digitalcaptcha[.]top is a rogue website. It is designed to load questionable content and/or redirect visitors to various (likely unreliable or malicious) sites.

Users usually access such webpages via redirects caused by suspect websites, intrusive adverts, or installed PUAs (Potentially Unwanted Applications).

What is COVID 19 ransomware?

COVID 19 is a piece of malicious software categorized as ransomware. It is designed to encrypt data (lock files) and demand payment for the decryption. Affected files are appended with a ".covid-19" extension. For example, a file titled "1.jpg" would appear as "1.jpg.covid-19", "2.jpg" as "2.jpg.covid-19", etc. Afterwards, this ransomware changes the desktop wallpaper and creates a ransom note named "read_it.txt".

What is Jigsaw ransomware?

Jigsaw is a new variant of the Chaos ransomware. It prevents victims from accessing/using files by encrypting them. Also, it renames files by appending a randomly generated extension to their filenames. For example, it renames "1.jpg" to "1.jpg.9esl", "2.jpg" to "2.jpeg.kwkc". Jigsaw creates the "read_it.txt" file as its ransom note.