Virus and Spyware Removal Guides, uninstall instructions

What is Ducky ransomware?

Discovered by dnwls0719, Ducky is the name of a ransomware-type program. Systems infected with this malware experience data encryption and receive ransom demands for the decryption.

In other words, this software renders files inaccessible, and victims are asked to pay - to recover access to their data. During the encryption process, all of the affected files are appended with the ".ducky" extension.

For example, a file initially titled something like "1.jpg" would appear as "1.jpg.ducky", "2.jpg" as "2.jpg.ducky", and so forth. Once this process is complete, ransom notes are created/displayed in a pop-up window ("RECOVER YOUR FILES.hta") and "RECOVER YOUR FILES.txt" text files, which are dropped into compromised folders.

What is Decryptmyfiles?

Ransomware is a type of malware that prevents users from accessing their files and generates a ransom note. Very often, it modifies filenames of all encrypted files as well.

Decryptmyfiles encrypts files and renames them by appending "decryptmyfiles.top", and victims ID as the the extension. For instance, it renames a file named "1.jpg" to "1.jpg.[decryptmyfiles.top].9B6FCA53", "2.jpg" to "2.jpg.[decryptmyfiles.top].9B6FCA53", and so on.

This ransomware creates the "FILES ENCRYPTED.txt" file and displays a pop-up window as its ransom notes. It was discovered by Discovered by S!Ri.

What is pplyforthe[.]biz?

Pplyforthe[.]biz is a rogue website designed to deliver questionable content and/or redirect visitors to other unreliable/malicious pages. The Internet is full of sites like pplyforthe[.]biz; ribngh.com, wholecommonposts.com, nipwaghue.com - are but a few examples.

Users tend to access such webpages inadvertently. Most get redirected to them by intrusive advertisements or installed PUAs (Potentially Unwanted Applications).

These apps can infiltrate systems without user consent and afterwards cause redirects, run intrusive advert campaigns, and collect browsing-related information.

What is Nitro ransomware?

Nitro is the name of a malicious program classified as ransomware. It operates by encrypting data (rendering affected files inaccessible) and demanding payment for the decryption (access recovery). As Nitro malware encrypts, files are appended with the ".givemenitro" extension.

For example, a file originally named something like "1.jpg" would appear as "1.jpg.givemenitro", "2.jpg"as "2.jpg.givemenitro", and so on. After this process is complete, a pop-up window is displayed, which contains the ransom-demanding message.

Additionally, this ransomware changes the desktop wallpaper to a modified (i.e., angry) logo belonging to Discord - a VoIP (Voice over Internet Protocol), instant messaging, and digital distribution platform. The Nitro malicious program also has stealer abilities; it targets Discord tokens, information stored on browsers, and other data.

What is Pokemon Go Spoofer GPS iOS Android 2021?

Judging by the name of the application, Pokemon Go Spoofer GPS iOS Android 2021 is an app that is supposed to spoof location on Pokémon GO game. One of the most popular reasons why players spoof GPS location on Pokémon GO is that not all of them have access to all Pokémon.

Especially the players who live outside towns and cities. Research shows that Pokemon Go Spoofer GPS iOS Android 2021 generates advertisements - it functions as adware.

Typically, users do not download and install apps designed to feed them with ads on purpose. Therefore, those apps are called potentially unwanted applications (PUAs).

What is the "SGBM" scam email?

"SGBM email virus" is the name of a malware-proliferating spam campaign. The term "spam campaign" defines a mass-scale operation during which thousands of deceptive emails are sent.

The letters distributed through this campaign - are presented as product quotations. The file attached to these scam emails supposedly contains the quotation; however, it triggers download/installation of the FormBook malicious program - upon opening.

What is allcommonblog[.]com?

Usually, pages like allcommonblog[.]com are promoted via untrustworthy websites, deceptive advertisements, or potentially unwanted applications (PUAs). Users do not visit them intentionally.

These pages are designed to load their dubious content and open other sites of this kind. It is worthwhile to mention that most PUAs are promoted using deceptive methods.

Therefore, most of them get downloaded and installed accidentally. More examples of pages that are more or less similar to allcommonblog[.]com are ribngh[.]com, wholecommonposts[.]com, and nipwaghue[.]com.

What is "SHIBA (SHIB) Giveaway"?

"SHIBA (SHIB) Giveaway" is a scam promoted on various deceptive sites. This fake giveaway promises twice the return in Shiba Inu coin/ Shiba Token (SHIB) cryptocurrency that users invest in it.

In other words, the scam asks users to transfer at least 200,000,000 SHIB to the provided address and promises that they will immediately receive two times the amount back. It must be emphasized that this giveaway and all of its claims are false.

Hence, victims of this scheme will not receive the doubled amount, and they will also lose what they have already transferred to the scam. Deceptive websites are rarely accessed intentionally.

Most users enter them via mistyped URLs, redirects caused by intrusive advertisements, or have the webpages force-opened by installed PUAs (Potentially Unwanted Applications).

What is ProType?

Browser hijacker is a form of potentially unwanted application (PUA) that modifies browser's settings to promote an address of a fake search engine.

ProType changes browser's settings to search.82paodatc.com. Additionally, this browser hijacker adds "Managed by your organization" to Google Chrome browsers.

It is noteworthy that the majority of apps like ProType collect browsing data. They are called PUAs because most of them get downloaded and installed unintentionally.

What is "Krunker Hacks Krunker.io Aimbot + ESP Gen"?

"Krunker Hacks Krunker.io Aimbot + ESP Gen" is the name of an adware-type browser extension. This piece of rogue software claims to be a hacking tool for the Krunker.io First-Person Shooter (FPS) 3D browser game.

Amongst its fake features are FPS aimbot abilities, ESP (Extra Sensory Perception) cheats, and Krunkies (KR) in-game currency generator. However, instead of enabling users to use the promised functions, this browser extension runs intrusive advertisement campaigns.

Additionally, adware typically collects browsing-related and other vulnerable information. Hence, "Krunker Hacks Krunker.io Aimbot + ESP Gen" likely has such data tracking abilities.

Due to the dubious methods used to distribute adware-types, they are also considered to be PUAs (Potentially Unwanted Applications).