Virus and Spyware Removal Guides, uninstall instructions

What is Razor Squad ransomware?

Razor Squad is a ransomware-type program. Systems infected with this malware experience data encryption and receive ransom demands for the decryption. In other words, it renders files inaccessible, and asks victims to pay a ransom - to restore access to their data.

During the encryption process, files are appended with a random character string extension. For example, a file originally named "1.jpg" would appear as something similar to "1.jpg.vpj7", "2.jpg" as "2.jpg.5y2m", "3.jpg" as "3.jpg.i5tj", and so forth. Once this process is complete, Razor Squad changes the desktop wallpaper and creates a ransom note titled "READ TO UN-HACK.txt".

What is AstraLocker ransomware?

AstraLocker is a malicious program classified as ransomware. It operates by encrypting files and demanding payment for the decryption tools. In other words, AstraLocker renders data inaccessible and asks victims to pay - to restore access to it.

During the encryption process, files are appended with an extension consisting of a random character string. For example, a file initially named "1.jpg" would appear similar to "1.jpg.6ydy", "2.jpg" as "2.jpg.7yre", "3.jpg" as "3.jpg.yy2n", etc. Afterwards, a ransom note - "Recover_Files.txt" - is dropped onto the desktop. Additionally, AstraLocker changes the desktop wallpaper.

What is Movie Side browser hijacker?

Movie Side is designed to hijack a web browser by altering its settings (by changing certain addresses to movieapp.net - a fake search engine). Most browser hijackers are promoted and distributed using questionable methods. Therefore, it is uncommon for them to be downloaded and installed on purpose.

What is Dts ransomware?

Belonging to the Dharma ransomware family, Dts is a piece of malicious software designed to encrypt data and demand payment for the decryption. In other words, victims cannot access the files affected by Dts, and they are asked to pay - to restore access to their data.

During the encryption process, files are renamed following this pattern: original filename, unique ID assigned to the victim, cyber criminals' email address, and ".dts" extension. For example, a file initially titled "1.jpg" would appear similar to "1.jpg.id-1E857D00.[dts1024@tutanota.com].dts". After this process is complete, ransom notes are created/displayed in a pop-up window and "info.txt" text file.

What is rcgaxg[.]com?

Rcgaxg[.]com asks for permission to show notifications (in a deceptive way) and promotes questionable pages. It is more or less similar to news-ciwuwi[.]cc, allhotfeed[.]com, yourseismo[.]top, and more. It is uncommon for pages of this type to be visited intentionally. Pretty often, they get opened by installed potentially unwanted apps (PUAs).

What is Wearefriends ransomware?

Wearefriends encrypts files (prevents victims from accessing them) and appends the ".wearefriends" extension to their filenames (for example, it renames "1.jpg" to "1.jpg.wearefriends", "2.jpg" to "2.jpg.wearefriends", and so on). Also, Wearefriends ransomware displays a pop-up window (a ransom note) with contact and payment information.

What is "I know you are cheating on your partner Email Scam"?

"I know you are cheating on your partner Email Scam" is a spam campaign - a mass-scale operation during which deceptive emails are sent by the thousand. The letters distributed through this campaign use a variation of the sextortion scam model.

These emails claim that the recipient is cheating on their partner, and evidence of their infidelity will be publicized - unless a ransom is paid. It must be emphasized that all of the claims made by the "I know you are cheating on your partner" letters are false; therefore, these messages must be ignored.

What is Orkf ransomware?

Orkf is one of the ransomware variants that belong to the Djvu ransomware family. This variant encrypts files and appends the ".orkf" extension to their filenames (for instance, Orkf renames "1.jpg" to "1.jpg.orkf", "2.jpg" to "2.jpg.orkf"). Also, it creates the "_readme.txt" file, a ransom note.

What is NewProduct?

It is unknown what is the purpose of the NewProduct application. However, it is likely that it functions as adware or a browser hijacker. It is common for apps of this kind to be distributed using deceptive methods. Therefore, users rarely download and install them intentionally. Apps of this kind are categorized as potentially unwanted applications (PUAs).

What is ProRadioSearch browser hijacker?

ProRadioSearch is a browser hijacker designed to change web browser's settings to promote the proradiosearch.com address. Like most browser hijackers, ProRadioSearch promotes a fake search engine. It is likely that this app is designed to collect browsing-related data as well. Typically, users install browser hijackers inadvertently.