Virus and Spyware Removal Guides, uninstall instructions

What is Lssr?

Typically, ransomware encrypts files and appends its extension to their filenames, and demands ransom payment. Lssr appends the ".lssr" extension, for example, it renames a file named "1.jpg" to "1.jpg.lssr", "2.jpg" to "2.jpg.lssr", and so forth.

Most ransomware variants create a text file (or another file) or display a pop-up window as ransom notes. Lssr creates the "_readme.txt" file. This ransomware is part of the Djvu family.

What is Clip Finder?

Clip Finder is a rogue browser extension endorsed as a tool for finding clips on popular video hosting platforms. This feature works when users highlight text in websites and right-click it, then they can select YouTube, Vimeo, Google Video, or Bing Video - to search for the highlighted phrase. However, Clip Finder operates as adware - it runs intrusive advertisement campaigns and spies on users' browsing activity.

Since most users download/install adware products inadvertently, they are also classified as PUAs (Potentially Unwanted Applications).

What is "DBS Bank email scam"?

"DBS Bank email scam" refers to a phishing spam campaign. The term "spam campaign" defines a mass-scale operation during which thousands of deceptive emails are sent.

The letters distributed through this campaign are disguised as messages from DBS Bank - a Singaporean multinational banking and financial services corporation. It must be emphasized that these scam emails are in no way associated with the genuine DBS Bank.

This spam campaign aims to promote a phishing website targeting email accounts. It is presented as a sign-in page; email account log-in credentials (i.e., email addresses and passwords) entered into it are recorded and sent to the scammers.

What is Boom?

Boom is part of the Xorist ransomware family. Like most malicious programs of this type, it encrypts files, modifies their filenames, and generates a ransom note.

Boom appends the ".Boom" as the new file extension, for example, it renames a file named "1.jpg" to "1.jpg.Boom", "2.jpg" to "2.jpg.Boom, and so on. It also changes the desktop wallpaper, displays a pop-up window and creates the "HOW TO DECRYPT FILES.txt" text file.

What is WeekiPedia?

WeekiPedia is a rogue application promoted as an easy access tool to Wikipedia - the multilingual open-collaborative online encyclopedia. In other words, this app enables users to access Wikipedia straight from their desktops.

WeekiPedia is classified as adware; it operates by running intrusive advertisement campaigns. Additionally, most adware-types have data tracking abilities, which are employed to spy on users' browsing activity.

Due to the dubious methods used to distribute WeekiPedia, it is also categorized as a PUA (Potentially Unwanted Application).

What is zpreland[.]com?

Zpreland[.]com is an untrustworthy website that checks the IP address of its visitors and then loads its content or opens a couple of other websites of this kind. It is worth mentioning that it is uncommon for pages like zpreland[.]com to be visited intentionally.

What is Zqqw ransomware?

Zqqw is part of the Djvu ransomware family. Like most ransomware variants, Zqqw encrypts files, appends its extension (".zqqw") to their filenames, and generates a ransom note ("_readme.txt" file). An example of how Zqqw renames files: it renames "1.jpg" to "1.jpg.zqqw", "2.jpg" to "2.jpg.zqqw", and so on.

What is PB ransomware?

Part of the Dharma ransomware family, PB is a piece of malicious software designed to encrypt data and demand payment for the decryption. To elaborate, the files affected by PB are rendered inaccessible and useless - for the purpose of making ransom demands for access/use recovery.

During the encryption process, files are renamed according to this pattern: original filename, unique ID assigned to the victim, cyber criminals' email address, and ".PB" extension. For example, a file initially titled "1.jpg" would appear as something similar to "1.jpg.id-C279F237.[projectblack@criptext.com].PB" - after encryption.

Once the encryption process is complete, ransom notes are created/displayed in a pop-up window and "FILES ENCRYPTED.txt" text file.

What is reverscaptcha[.]com?

Reverscaptcha[.]com is quite similar to 1video-online[.]me, lootynews[.]com, romanticdating-day[.]com and a great number of other websites designed to promote a variety of untrustworthy pages and load deceptive content. Typically, pages like reverscaptcha[.]com are promoted through potentially unwanted applications (PUAs), shady advertisements, and other untrustworthy pages.

What is Pooe ransomware?

Pooe is a malicious progran belonging to the Djvu ransomware family. This malware is designed to encrypt data and demand payment for the decryption. In other words, the files affected by Pooe are rendered inaccessible, and victims are asked to pay - to recover access to their data.

During the encryption process, files are appended with the ".pooe" extension. For example, a file initially titled "1.jpg" would appear as "1.jpg.pooe", "2.jpg" as "2.jpg.pooe", "3.jpg" as "3.jpg.pooe", etc.

After the encryption process is complete, a ransom note named "_readme.txt" is created.