Virus and Spyware Removal Guides, uninstall instructions

What is Amber (Phobos) ransomware?

Amber is malicious software belonging to the Phobos ransomware family. This malware operates by encrypting data (locking files) to demand payment for decryption (access recovery).

During the encryption process, affected files are renamed following this pattern: original filename, unique ID assigned to the victims, cyber criminals' email address, and the ".amber" extension.

For example, a file originally named "1.jpg" would appear as something similar to "1.jpg.id[C279F237-3182].[greenlite@keemail.me].amber" following encryption. Once this process is complete, ransom messages are created in a pop-up window ("info.hta") and text file ("info.txt").

What is Enfp?

Ransomware is a type of malicious software that prevents victims from accessing their files by encrypting them. Cyber criminals use malware of this type to extort money from their victims. They demand payment in exchange for a decryption tool.

Enfp encrypts files and appends the ".enfp" extension to their filenames. For example, "1.jpg" is renamed to "1.jpg.enfp", "2.jpg" to "2.jpg.enfp", and so on. It also creates ransom messages ("_readme.txt" files) in folders containing affected (encrypted) data.

Enfp is a ransomware variant belonging to the Djvu family.

What is Hog?

Hog ransomware is a type of malware that prevents victims from accessing or using their files by encrypting them. It keeps the files inaccessible unless victims join a Discord server.

Hog also renames all encrypted files by appending the ".hog" extension to filenames. For example, "1.jpg" is renamed to "1.jpg.hog", "2.jpg" to "2.jpg.hog", and so on.

Like most ransomware variants, this one displays a ransom message (launches the "DECRYPT-MY-FILES.exe" file).

What is Secure (Thanos) ransomware?

Secure is a variant of Thanos ransomware.

Systems infected with this malware experience data encryption and users receive ransom demands for decryption tools/software. I.e., the files affected by this ransomware are rendered inaccessible, and victims are asked to pay to recover access to their data.

During the encryption process, files are appended with the ".secure" extension. For example, a file initially named something like "1.jpg" would appear as "1.jpg.secure", "2.jpg" as "2.jpg.secure", "3.jpg" as "3.jpg.secure", etc.

After this process is complete, ransom messages within "Instruction.txt" files are dropped into compromised folders. Furthermore, each time the system is booted, Secure (Thanos) ransomware displays a message on the screen.

What is the "LUCKY WINNER OF 1.5 MILLION DOLLARS" email scam?

There are many different versions of email scams claiming to be from lottery organizers or other organizations, companies, and informing recipients that they have won a certain amount of money.

Typically, scammers behind these emails attempt to trick unsuspecting recipients into providing personal information or into paying a "processing fee", some "taxes", "shipping charges," etc., to claim their prize.

These email scams should be ignored - no person has ever received any prize from scammers behind these emails.

What is the "Track & Trace" email scam?

"Track & Trace" refers to an email spam campaign. This term defines a mass-scale operation during which thousands of deceptive emails are sent. The messages distributed through this campaign target Dutch-speaking users.

These emails claim that the recipients' tracking service is missing their addresses, and hence their accounts will be suspended unless the issue is resolved. The goal of the "Track & Trace" scam messages is to gain and abuse recipients' trust for profit.

What is the "Double Your BTC" scam email?

"Double Your BTC" is a spam campaign, a mass-scale operation during which deceptive emails are sent by the thousand. These messages promote a scam website promising to double the BTC (Bitcoin cryptocurrency) recipients invest in it.

Note that all of the information provided by "Double Your BTC" emails is false. Therefore, by trusting them, users can experience financial loss and possibly other serious issues.

What is "Wallet Secure"?

"Wallet Secure" is a scam promoted on various deceptive web pages. The scheme is presented as a service designed to store and securely connect digital wallets. through the "Wallet Secure" scam - victims' wallet credentials are extracted, which are then used to gain access and control over the wallets.

By trusting "Wallet Secure" users risk having their digital wallets stolen and experiencing financial loss.

These untrusted/deceptive websites are typically accessed unintentionally. They are commonly entered through mistyped URLs or redirects caused by intrusive advertisements or installed Potentially Unwanted Applications (PUAs). This software does not require explicit permission to infiltrate systems, and thus users may be unaware of its presence.

What is Alienlock?

Typically, users who have their computers infected with ransomware cannot access their files because they are encrypted. Malware of this type blocks access to files and displays a ransom message (or creates one in a text/other file).

Alienlock not only encrypts files but also renames them by appending ".alienlock" to their filenames as the file extension. For example, "1.jpg" is renamed to "1.jpg.alienlock", "2.jpg" to "2.jpg.alienlock", and so on. Alienlock also creates the "Recovery_Instructions.html" file (ransom message), which is found in all folders that contain encrypted files.

Note that this ransomware variant is part of the MedusaLocker ransomware family.

What is Instant Safe Web?

Instant Safe Web is rogue software that is categorized as a browser hijacker. It modifies browser settings to promote the instantsafeweb.com bogus search engine. Additionally, most browser hijackers gather browsing-related information, and this is likely to include Instant Safe Web.

Since most users download/install browser hijackers inadvertently, they are also classified as Potentially Unwanted Applications (PUAs).