Virus and Spyware Removal Guides, uninstall instructions

What is HDLocker?

Discovered by xiaopao, HDLocker is a data-encrypting malware. Due to this malicious program's modus operandi, it is classified as ransomware. Malware of this type is designed to encrypt data (i.e., render files inaccessible and useless), typically for the purpose of making ransom demands for decryption tools/software.

When HDLocker encrypts, affected files are appended with the "_HD" extension. For example, a file originally named something like "1.jpg" as "1.jpg_HD", "2.jpg" as "2.jpg_HD", "3.jpg" as "3.jpg_HD", and so on.

Once this process is complete, this ransomware displays a pop-up window.

What is omingple[.]top?

omingple[.]top is a rogue website. When accessed, it presents visitors with dubious material and/or redirects them to other untrusted and possibly malicious sites. The The internet is full of these bogus web pages - lcutterlyba.top, greemed.top, and blackfr1dayz.com are just some examples.

These rogue web pages are rarely opened intentionally - most users are redirected to them by intrusive ads or by Potentially Unwanted Applications (PUAs) that have already infiltrated the system. These apps have dangerous functionality, including causing redirects, delivering intrusive ad campaigns, and collecting browsing-related information.

What kind of malware is LOTUS?

LOTUS is a type of malware that blocks access to files by encryption and keeps them in this state until a ransom is paid. After installation, it displays a message demanding a ransom payment in a pop-up window and creates the "MANUAL.txt" text file (another ransom message).

LOTUS also renames encrypted files by adding the victim's ID, paymei@cock.li email address, and appending the ".LOTUS" extension to their filenames. For example, it renames "1.jpg" to "1.jpg.id-C279F237.[paymei@cock.li].LOTUS", "2.jpg" to "2.jpg.id-C279F237.[paymei@cock.li].LOTUS", and so on.

LOTUS belongs to the ransomware family called Dharma.

What is the "Order Error" scam email?

"Order Error" is an spam email campaign. This term defines a mass-scale operation during which thousands of deceptive emails are distributed. There are several variants of the "Order Error" scam emails, however, the messages are thematically identical. They are presented as messages sent by a wrongly charged customer/buyer, with the recipient positioned as the seller.

Note that these emails are scams, and none of the information provided by them is genuine. The purpose of this campaign is to promote a phishing/malicious site, and so visiting and trusting it can cause serious issues.

What is Word ransomware?

Word is a malicious program belonging to the Dharma ransomware family. It operates by encrypting (locking) files (making them inaccessible to victims) in order to demand payment for decryption.

When Word ransomware encrypts data, all affected files are renamed following this pattern: original filename, unique ID assigned to the victim, cyber criminals' email address, and the ".word" extension. For example, a file originally named "1.jpg" would appear as something similar to "1.jpg.id-C279F237.[vm1iqzi@aol.com].word" following encryption.

After this process is complete, ransom-demand messages are created in a pop-up window and "FILES ENCRYPTED.txt" text file.

What is Ygkz?

Ransomware is a type of malware that cyber criminals use to encrypt files and then demand payment to unlock and decrypt them. In summary, victims of ransomware attacks cannot access or use files unless they pay a ransom.

Usually, ransomware renames encrypted files and creates a ransom message. Ygkz renames files by appending the ".ygkz" extension to filenames. For example, it renames "1.jpg" to "1.jpg.ygkz", "2.jpg" to "2.jpg.ygkz", and so on. It also creates the "_readme.txt" file in all folders that contain encrypted data.

Note that this ransomware belongs to the family called Djvu.

What is lcutterlyba[.]top?

lcutterlyba[.]top and other pages of this kind are promoted through deceptive advertisements, rogue web pages, various unwanted apps, and so on. Users do not often visit them intentionally. Note that lcutterlyba[.]top and similar sites contain dubious content and promote other bogus websites.

More examples of other, similar sites are goodmode[.]biz, zvideo-live[.]com, and fypretailo[.]top. If a browser opens these web pages automatically, there is a high probability that potentially unwanted applications (PUAs) are installed on it.

What is the greemed[.]top website?

greemed[.]top is a dubious site, sharing many similarities with blackfr1dayz.com, goldeneraaudio.org, load28.biz, and countless others. Visitors to this website are presented with dubious content and/or are redirected to other untrusted/malicious pages.

The greemed[.]top web page is rarely accessed intentionally. In most cases, users are redirected to it by intrusive advertisements or Potentially Unwanted Applications (PUAs). This software does not require explicit consent to be installed onto systems, and thus users may be unaware of its presence.

What is blackfr1dayz[.]com?

Typically, websites such as blackfr1dayz[.]com promote various untrusted websites and attempt to trick visitors into allowing them to show notifications.

Note that users do not often visit these pages intentionally - they are opened when they click dubious ads or visit other untrusted pages. Browsers also open bogus web pages by when potentially unwanted applications (PUAs) are installed on them.

There are many web pages similar to blackfr1dayz[.]com on the internet. Some examples are goldeneraaudio[.]org, load28[.]biz and goodmode[.]biz.

What is captchatopsource[.]com?

The internet is rife with various untrusted and rogue websites, and captchatopsource[.]com is a prime example. It shares many similarities with continue-site.site, freshnewmessage.com, check-me.online, and thousands of others. Visitors to this page are presented with dubious material and are redirected to other bogus/malicious sites.

Most visits to such web pages occur via redirects caused by intrusive ads or Potentially Unwanted Applications (PUAs). Software within this classification does not require explicit permission to be installed onto systems, and thus users may be unaware of its presence on their devices.