Virus and Spyware Removal Guides, uninstall instructions

What is JRB ransomware?

JRB is a malicious program that belongs to the Dharma ransomware family. Systems infected with this malware experience data encryption and receive ransom demands for the decryption. In other words, victims cannot access the files affected by JRB, and they are asked to pay - to recover access to their data.

During the encryption process, files are retitled according to this pattern: original filename, unique ID assigned to the victim, cyber criminals' email address, and ".JRB" extension. For example, a file like "1.jpg" would appear as something similar to "1.jpg.id-C279F237.[bidencrypt@onionmail.org].JRB" - after encryption.

Once this process is complete, ransom notes are created/displayed in a pop-up window and "info.txt" text file, which is dropped onto the desktop.

What is news-bobicu[.]cc?

News-bobicu[.]cc is an untrustworthy website designed to trick visitors into allowing it to show notifications and open questionable, potentially malicious pages. This page is similar to typiccor[.]com, tik-ttok[.]net, financesurvey365[.]org and a great deal of other pages. It is uncommon for these pages to be visited intentionally.

What is ClickStreamSearch?

ClickStreamSearch is a piece of rogue software categorized as a browser hijacker. It operates by making alterations to browser settings in order to promote the clickstreamsearch.com fake search engine. Additionally, ClickStreamSearch likely has data tracking abilities. Due to the questionable methods used to distribute browser hijackers, they are also classified as PUAs (Potentially Unwanted Applications).

What is BestForMac?

BestForMac has qualities of advertising-supported software (adware) and a browser hijacker - its purpose is to generate advertisements and change affected web browser's settings (promote a fake search engine). BestForMac is distributed via fake installer which is disguised as the installer for the Adobe Flash Player.

What is Krlock ransomware?

Belonging to the MedusaLocker ransomware group, Krlock is a malicious program designed to encrypt data and demand payment for the decryption. In other words, Krlock renders files unusable and asks victims to pay - to restore access to their data.

During the encryption process, affected files are appended with the ".krlock" extension. For example, a file initially named something like "1.jpg" would appear as "1.jpg.krlock", "2.jpg" as "2.jpg.krlock", and so on. After this process is complete, a ransom note - "Recovery_Instructions.html" - is dropped onto the desktop.

What is Assurance Certificates email virus?

When an email letter is used to deliver malware, it contains a malicious attachment or website link. In both cases, the main purpose of such email is to trick its recipients into opening a file designed to install malware on the operating system. This particular email is used to deliver FormBook malware.

What is DataBoost?

DataBoost is a piece of rogue software, which is classified as adware. It also has browser hijacker traits. This app operates by running intrusive advert campaigns and modifying browsers - to promote fake search engines. DataBoost likely has data tracking abilities as well.

Since most users unintentionally download/install adware and browser hijackers, they are categorized as PUAs (Potentially Unwanted Applications). One popular distribution technique is proliferation via fraudulent Adobe Flash Player updates.

What is WebResultsTool?

WebResultsTool is the name of an adware-type application that has qualities of a browser hijacker - it displays advertisements and promotes a fake search engine (its address) by modifying web browser's settings. In order to trick users into installing WebResultsTool, its developers use a fake installer.

What is CLEAN ransomware?

Ransomware is a form of malware used by cybercriminals with the purpose to force victims to pay a ransom so they could access and use their files again. Ransomware encrypts files and displays or creates (or both) a ransom note to provide instructions on how to contact the attackers, purchase a decryption tool, and other details.

CLEAN ransomware belongs to the Dharma family. It renames encrypted files by appending the victim's ID, clean@onionmail.org email address and the ".CLEAN" extension. For example, it renames a file named "1.jpg" to "1.jpg.id-C279F237.[clean@onionmail.org].CLEAN", "2.jpg" to "2.jpg.id-C279F237.[clean@onionmail.org].CLEAN", etc.

What is TypeCharacter?

TypeCharacter is an adware-type application with browser hijacker qualities. It operates by delivering intrusive advertisement campaigns and promoting fake search engines through alterations to browser settings. Additionally, TypeCharacter likely has data tracking abilities.

Due to the dubious methods used to distribute adware and browser hijackers, they are also categorized as PUAs (Potentially Unwanted Applications). TypeCharacter has been observed being spread via fake Adobe Flash Player updates. It is worth noting that fraudulent updaters may proliferate malware (e.g., trojans, ransomware, etc.).