Virus and Spyware Removal Guides, uninstall instructions

What is Pahd?

Ransomware attack victims cannot access encrypted files unless they decrypt those files with a tool that the attackers encourage to purchase from them. Usually, malware of this type encrypts and renames files, and generates a ransom note.

Pahd modifies filenames by appending the ".pahd" extension to them. For example, it renames a file named "1.jpg" to "1.jpg.pahd", "2.jpg" to "2.jpg.pahd", and so on.

As its ransom note, Pahd creates the "_readme.txt" file. It is noteworthy that Pahd belongs to the ransomware family called Djvu.

What is MapperState?

MapperState is a rogue application categorized as adware. Additionally, this piece of software has browser hijacker traits.

It operates by running intrusive advertisement campaigns and promoting fake search engines (through modifications to browser settings). MapperState likely has data tracking abilities, which is typical of adware and browser hijackers.

Since most users unintentionally download/install such apps, they are also classified as PUAs (Potentially Unwanted Applications). One of the deceptive methods used to distribute MapperState is proliferation via fake Adobe Flash Player updates.

It is worth noting that fake updaters/installers may be used to proliferate trojans, ransomware, and other malware as well.

What is Cryptoncrypt?

Ransomware is a type of malware that encrypts files stored on a computer to prevent victims from accessing them and generates a ransom demanding message. Cryptoncrypt encrypts and renames files - it appends victim's ID, cryptoncrypt@tuta.io email address and the ".cnc" extension to their filenames.

For example, it renames a file named "1.jpg" to "1.jpg.id-C279F237.[cryptoncrypt@tuta.io].cnc", "2.jpg" to "2.jpg.id-C279F237.[cryptoncrypt@tuta.io].cnc", and so on. Also, Cryptoncrypt displays a pop-up window and creates the "info.txt" text file. This ransomware variant is part of the Dharma family.

What is the PARTYDOG ransomware?

PARTYDOG is the name of a malicious program belonging to the Dharma ransomware group. Systems infected with this malware experience data encryption and receive ransom demands for the decryption. In other words, PARTYDOG renders victims' files inaccessible/unusable, and they are asked to pay - to recover access/use of their data.

During the encryption process, affected files are renamed following this pattern: original filename, unique ID assigned to the victim, cyber criminals' email address, and the ".PARTY" extension. For example, a file initially named "1.jpg" would appear as something similar to "1.jpg.id-C279F237.[partydog@msgsafe.io].PARTY" - after encryption.

Once this process is complete, ransom notes are created/displayed in a pop-up window and "info.txt" text file.

What is ncurrentlyd[.]biz?

Ncurrentlyd[.]biz is an untrustworthy page designed to promote other untrustworthy, potentially malicious websites and load deceptive content (its functionality depends on the geolocation of a visitor). It is important to mention that pages like ncurrentlyd[.]biz are rarely visited intentionally.

In most cases, they get opened via deceptive ads, other dubious pages, or by potentially unwanted applications (PUAs) installed on browsers or computers. There are many pages like ncurrentlyd[.]biz on the Internet. Some examples are oossautsid[.]com, acancyfopl[.]biz, and suadeh[.]club.

What is Nextiva email scam?

Usually, cybercriminals behind email scams attempt to trick recipients into paying them money or providing personal information (e.g., credit card details, social security numbers, login credentials). In most cases, scammers pretend to be legitimate companies, organizations, or other entities to give their emails legitimacy.

In this case, scammers attempt to trick recipients into believing that they have received an email from Nextiva - a VoIP (voice-over-internet-protocol) company. Their goal is to trick recipients into providing their Microsoft account login credentials.

What is AdvancedSprint?

AdvancedSprint is a piece of rogue software classified as adware. This application has browser hijacker qualities. Hence, it runs intrusive advertisement campaigns and promotes fake search engines by modifying browser settings.

Additionally, most adware-types and browser hijackers collect browsing-related information. Due to the dubious techniques used to distribute AdvancedSprint, it is categorized as a PUA (Potentially Unwanted Application). AdvancedSprint has been observed being spread via fake Adobe Flash Player updates.

It is worth mentioning that illegitimate software updaters/installers distribute not only PUAs but are also used to proliferate trojans, ransomware, and other malware.

What is pbh-news1[.]online?

Sharing common traits with oossautsid.com, acancyfopl.biz, topfreearticles.xyz, and thousands of others, pbh-news1[.]online is an untrustworthy website. Visitors to this page are presented with questionable content and/or redirected to unreliable and possibly malicious sites.

Pbh-news1[.]online and websites of this type are rarely accessed intentionally. Most get redirected to then by intrusive advertisements or installed PUAs (Potentially Unwanted Applications).

These apps can be installed onto devices without user permission. PUAs are designed to cause redirects, run intrusive ad campaigns, and gather browsing-related information.

What is Simple Note?

Simple Note is a piece of software endorsed as a browser extension with a simple and easy-to-use notepad feature. However, it is classified as a browser hijacker due to making modifications to browser settings - in order to promote fake search engines.

Simple Note promotes the fxsmash.xyz illegitimate web searcher. Additionally, this browser extension has data tracking abilities, which are used to gather browsing-related information. Due to the questionable techniques used to distribute browser hijackers, they are also categorized as PUAs (Potentially Unwanted Applications).

What is Easy 2 Convert 4 Me?

Easy 2 Convert 4 Me is the name of a rogue piece of software classified as adware. According to its promotional material, Easy 2 Convert 4 Me can convert various file formats.

However, as adware - it runs intrusive advertisement campaigns (i.e., delivers various ads). Additionally, Easy 2 Convert 4 Me spies on users' browsing habits.

Due to the dubious methods employed to distribute adware-types, they are also categorized as PUAs (Potentially Unwanted Applications).