Virus and Spyware Removal Guides, uninstall instructions

What is Biden ransomware?

Discovered by malware researcher Jakub Kroustek, Biden is a malicious program belonging to the Dharma ransomware family. Biden ransomware is designed to encrypt files (render them inaccessible/useless) and demand payment for decryption tools/software (access recovery).

During the encryption process, affected files are renamed following this pattern: original filename, unique ID assigned to the victim, cyber criminals' email address, and the ".biden" extension. For example, a file originally named "1.jpg" would appear as something similar to "1.jpg.id-1E857D00.[biden@cock.li].biden" after encryption.

Once this process is complete, ransom messages are created in a pop-up window and "MANUAL.txt" text file, which is dropped onto the desktop.

What is Elantra ransomware?

Elantra is malicious software belonging to the Matrix ransomware family. Systems infected with this malware experience data encryption and users receive ransom demands for decryption tools. I.e., affected files are rendered inaccessible/useless, and victims are asked to pay to recover access to their data.

During the encryption process, files are renamed following this pattern: "[random_string].[elantra@galeiim.com]", which consists of a random character string and the cyber criminals' email address. For example, a file named "1.jpg" would appear as something similar to "6TaXWhiY-oBrfDJ24.[elantra@galeiim.com]" after encryption.

Once this process is complete, ransom messages within "#How_To_Decrypt_Files#.rtf" files are dropped into compromised folders.

Note that Elantra ransomware also changes the desktop wallpaper.

What is the Private Home browser hijacker?

Private Home is a browser hijacker promoting the keysearchs.com fake search engine. Typically, software within this classification promotes bogus search engines by modifying browser settings, however, Private Home does not actually modify browsers (see below).

Additionally, this browser hijacker monitors users' browsing habits. Due to the dubious techniques used to proliferate Private Home, it is also categorized as a Potentially Unwanted Application (PUA).

What is Tirp ransomware?

Tirp is a malicious program, which is part of the Djvu ransomware family. This malware operates by encrypting data and demanding payment for decryption tools/software. I.e., files affected by Tirp ransomware are rendered inaccessible, and victims are asked to pay a ransom to recover access to them.

During the encryption process, files are appended with the ".tirp" extension. For example, a file originally named something like "1.jpg" would appear as "1.jpg.tirp", "2.jpg" as "2.jpg.tirp", "3.jpg" as "3.jpg.tirp", and so on.

After this process is complete, a ransom-demand message in the "_readme.txt" file is created.

What is captcha-verification.systems?

captcha-verification.systems is a rogue website, similar or identical to crtatix.com, nicenewsupdate.info, newsupdatesky.info, and many more. The site redirects visitors to other untrustworthy (potentially malicious) websites.

Most users visit captcha-verification.systems unintentionally - they are redirected to it by potentially unwanted applications (PUAs) that users install inadvertently. PUAs also deliver intrusive ads and record user-system information.

What is Reig?

Ransomware is a type of malware that is monetized by designing it to encrypt files and keep them inaccessible unless victims pay a ransom to the attackers.

Note that Reig belongs to the family of ransomware called Djvu.

Reig encrypts files and appends the ".reig" extension to filenames. For example, "1.jpg" is renamed to "1.jpg.reig", "2.jpg" to "2.jpg.reig", and so on. In addition, Reig creates the "_readme.txt" file, a ransom message, placing the file in all folders containing affected (encrypted) data.

What kind of app is Video Ads Blocker?

As its name implies, Video Ads Blocker is endorsed as a video advertisement-blocking tool. This fake adblocker is supposedly capable of disabling/removing ads from YouTube and Google, however, rather than eliminating any ads, this browser extension delivers them.

Video Ads Blocker also has data tracking capabilities that are used to collect browsing-related information. Since most users download/install adware-type programs unintentionally, they are classified as uwnanted apps.

What is AdShield?

AdShield is a legitimate ad blocker, however, another website (and possibly others) advertises a fake ad blocker with the same name.

The AdShield app available for download on the deceptive web page is advertised as a unique program that blocks online advertisements in browsers or applications, protects privacy, and includes a parental control tool. In fact, this is a fake ad blocker used to deliver a cryptocurrency miner.

Cyber criminals often use the names of legitimate apps to disguise their malware. Note that there are at least two malware variants using the names of legitimate ad blockers, such as Netshield and OpenDNS.

What is the "Your mailbox is full" scam email?

"Your mailbox is full" is the name of a spam campaign, a large-scale operation during which deceptive/scam emails are sent by the thousand. The messages distributed through this campaign inform recipients that their email accounts require updates.

These spam messages aim to promote a phishing website, presented as an email account log-in page. Sites of this type operate by recording information entered into them.

What is EssentialType?

EssentialType is an adware-type app with browser hijacker characteristics. It runs intrusive advertisement campaigns (delivers various ads) and promotes fake search engines by making alterations to browser settings. Additionally, software of this type usually monitors users' browsing habits.

Due to the dubious techniques used to proliferate EssentialType, it is also categorized as a Potentially Unwanted Application (PUA).