Virus and Spyware Removal Guides, uninstall instructions

What is ZIG ransomware?

ZIG ransomware is a type of malicious software used by cybercriminals with the purpose to block their victims from accessing data stored on affected computers. Like most ransomware variants, ZIG encrypts files, modifies their filenames, and generates a ransom note.

It renames files by appending the victim's ID, honestly@tutanota.com email address, and the ".ZIG" extension. For example, it renames a file named "1.jpg" to "1.jpg.id-C279F237.[honestly@tutanota.com].ZIG", "2.jpg" to "2.jpg.id-C279F237.[honestly@tutanota.com].ZIG", and so on. ZIG displays a pop-up window and creates a text file named "info.txt" as its ransom notes.

This ransomware is part of the Dharma malware family.

What is Mppq?

Ransomware victims cannot access files their files unless they decrypt them with the right decryption tool (software, key). Ransomware is a type of malware that encrypts files and provides instructions on how to pay for their decryption (generates a ransom note).

Mppq belongs to the ransomware family called Djvu. This ransomware variant appends the ".mppq" extension to the filenames of encrypted files (e.g., it renames "1.jpg" to "1.jpg.mppq", "2.jpg" to "2.jpg.mppq", and creates the "_readme.txt" file as its ransom note.

What is Media Tab?

Media Tab is a rogue browser extension, classified as a browser hijacker. It operates by promoting (i.e., causing redirections to) the mediatab.club fake search engine. Additionally, Media Tab spies on users' browsing activity.

Since most users download/install browser hijackers inadvertently, they are also deemed to be PUAs (Potentially Unwanted Applications).

What is Qoiibbj ransomware?

Qoiibbj is a ransomware-type program. Following successful infiltration, this malware renders files inaccessible by encrypting them. Qoiibbj aims to receive payments from its victims for the decryption keys/software (i.e., access recovery to the data).

During the encryption process, affected files are appended with the ".qoiibbj" extension. For example, a file initially named something like "1.jpg" would appear as "1.jpg.qoiibbj", "2.jpg" as "2.jpg.qoiibbj", and so forth.

After this process is complete, ransom notes - "readme.txt" - are dropped into compromised folders.

What is Nermer?

Typically, victims of ransomware attacks cannot access their files unless they decrypt them with the right decryption tool (software, key). Ransomware encrypts files with a strong encryption algorithm, appends its extension to their filenames, and generates a ransom note.

Nermer appends the ".nermer" extension. For example, it renames a file named "1.jpg" to "1.jpg.nermer", "2.jpg" to "2.jpg.nermer", and so on. It creates the "PROTECT_INFO.TXT" file as its ransom note. Nermer is a new variant of BigLock ransomware.

What is Little Thief?

Virtually identical to DiamondFox, Little Thief is a multi-functional piece of malicious software. Among this malware's many abilities are - information-stealing functions, loader/backdoor capabilities (i.e., it can cause chain infections), and DDoS (distributed denial-of-service) attack deployment.

Little Thief infections are considered to be especially dangerous, and as such - must be removed immediately upon detection.

What is red-video[.]fun?

Red-video[.]fun is similar to yourwowfeed[.]com, ncurrentlyd[.]biz, oossautsid[.]com, and a great number of other pages designed to promote various questionable pages and load deceptive content (their functionality depends on the geolocation of their visitors). Usually, websites like red-video[.]fun are promoted through potentially unwanted applications (PUAs), other untrustworthy websites, and shady advertisements.

In other words, it is unlikely for pages like red-video[.]fun to be visited on purpose.

What is ElementarySignalSearch?

ElementarySignalSearch is categorized as adware because it generates unwanted advertisements. It is known that this app changes the browser's settings to promote a fake search engine (it has characteristics of a browser hijacker) and collects information data as well.

It is uncommon for apps like ElementarySignalSearch to be downloaded and installed intentionally. For this reason, they are called potentially unwanted applications.

It is known that ElementarySignalSearch's developers use a fake installer that looks like the installer for Adobe Flash Player to trick users into downloading and installing this app.

What is RedDot ransomware?

Discovered by Jirehlov Solace, RedDot is a piece of malicious software classified as ransomware. Systems infected with malware experience data encryption (stored files are rendered inaccessible), and victims receive ransom demands for the decryption (access recovery).

During the encryption process, affected files are appended with the ".reddot" extension. For example, a file originally titled something like "1.jpg" would appear as "1.jpg.reddot", "2.jpg" as "2.jpg.reddot", "3.jpg" as "3.jpg.reddot", and so on.

Once this process is complete, ransom notes - "HOW_TO_RESTORE_MY_FILES.txt" - are dropped into compromised folders. Additionally, RedDot ransomware changes the desktop wallpaper.

What is the Pick Color browser hijacker?

Pick Color is the name of a browser hijacker, endorsed as a pop-up tool allowing users to pick (i.e., get a sample of) the colors used in websites and other online content. Software within this category typically promotes fake search engines by making modifications to browser settings.

However, Pick Color does not consistently alter browsers when promoting the fxsmash.xyz fake web searcher. Additionally, Pick Color spies on users' browsing activity. Due to the questionable techniques used to distribute browser hijackers, they are also classified as PUAs (Potentially Unwanted Applications).