Virus and Spyware Removal Guides, uninstall instructions

What is Text ransomware?

Ransomware is a type of malware used by cyber criminals to block access or limit availability to infected systems or data. Victims cannot access/use their data until a ransom is paid. Text ransomware is employed for the same purpose.

This ransomware encrypts files and renames them by adding the victim's ID, the helpdecrypt@msgsafe.io email address, and appending the ".text" extension to filename of each encrypted file. For example, "1.jpg" is renamed to "1.jpg.id-C279F237.[helpdecrypt@msgsafe.io].text", "2.jpg" to "2.jpg.id-C279F237.[helpdecrypt@msgsafe.io].text", and so on.

Text displays the ransom message by opening a pop-up window and generates another by creating the "FILES ENCRYPTED.txt" text file.

Note that this malware belongs to the family of ransomware called Dharma.

What is SuperPDFSearch?

Users with browsers hijacked by browser hijackers are generally forced to open various bogus websites - these programs change certain browser settings, usually to promote fake search engines. SuperPDFSearch changes settings to superpdfsearch.com.

SuperPDFSearch might also gather browsing data and other information. Most users download and install browser hijackers unintentionally and, therefore, SuperPDFSearch and other apps of this kind are classified as potentially unwanted applications (PUAs).

What is Hackerz ransomware?

Mobile ransomware is used to steal sensitive information or lock devices (prevent victims from accessing the operating system or using files stored on devices). Generally, cyber criminals behind ransomware demand payment in return for a decryption tool or key.

Hackerz encrypts files, locks the screen, and displays a ransom message on it in a full-screen mode. This is open-source ransomware targeting Android users. It was developed two years ago and is still active.

Furthermore, Hackerz removes the files from external media after 24 hours of installation or if victims reboot the infected device.

What is the load28[.]biz site?

load28[.]biz is a rogue website, which shares many similarities with goodmode.biz, pointcaptchaspot.com, zvideo-live.com, and thousands of others. This page operates by presenting visitors with dubious content and/or redirecting them to other bogus/malicious sites.

Visitors seldom access load28[.]biz or similar sites intentionally, they are usually redirected to them by intrusive advertisements or Potentially Unwanted Applications (PUAs) already installed on their devices. These apps do not require explicit user consent to infiltrate systems. PUAs cause redirects, deliver intrusive ad campaigns, and collect browsing-related data.

What is AlbDecryptor?

This ransomware was discovered by xiaopao.

AlbDecryptor is a type of malware that encrypts files (prevents victims from accessing or using them) and displays a ransom message in a pop-up window that contains payment and contact information, and various other details.

AlbDecryptor also renames files by appending the ".locked" extension to filenames. For example, "1.jpg" is renamed to "1.jpg.locked", "2.jpg" to "2.jpg.locked", and so on.

What is the fake "N26" email?

"N26 Email Scam" is a the name of a spam campaign targeting Italian-speaking N26 bank clients. The term "spam campaign" defines a mass-scale operation during which thousands of deceptive emails are sent. N26 is a legitimate online bank headquartered in Berlin, Germany.

The "N26 Email Scam" messages are disguised as mail from the aforementioned bank. The scam emails make false claims that recipients' N26 banking accounts have been suspected. This campaign aims to promote a phishing website, which is presented as the sign-in page to N26 bank accounts.

Log-in credentials (i.e., emails and passwords) entered into this site will be exposed to the scammers behind the "N26 Email Scam".

What is Vassago ransomware?

Belonging to the Makop ransomware family, Vassago is data-encryption malware that makes ransom demands for decryption. Systems infected with this malicious software have their files rendered inaccessible and renamed, and victims receive payment demands for decryption tools to recover access and to regain use of their systems.

During the encryption process, affected files are renamed according to this pattern: original filename, unique ID, cyber criminals' email address, and the ".vassago" extension. For example, a file named "1.jpg" would appear as something similar to "1.jpg.[9B83AE23].[vassago_0203@tutanota.com].vassago" following encryption.

After this process is complete, ransom messages in "readme-warning.txt" files are dropped into compromised folders.

What is C.H. Robinson email virus?

One of the most popular ways to distribute malware is to send emails that contain malicious attachments or website links. Once opened, malicious attachments (or files downloaded via website links) install malicious software.

Typically, cyber criminals behind such emails claim to be from legitimate companies or organizations. Their emails are disguised as important, official, and encourage recipients to check the attachment (or website) immediately. This particular malspam campaign is used to distribute a banking Trojan called Dridex.

What is the Driver Magic unwanted application?

Driver Magic is untrusted software, endorsed as a tool capable of detecting outdated/missing drivers and installing/updating them, however, due to the dubious techniques used to proliferate Driver Magic, it is classified as a Potentially Unwanted Application (PUA).

As well as their legitimate appearance, apps within this classification are nonoperational and can have undisclosed, harmful functionality.

What is goodmode[.]biz?

goodmode[.]biz is an untrusted website designed to redirect visitors to other bogus/malicious pages and/or present them with dubious content. There are thousands of similar sites on the web including, for example, zvideo-live.com, fypretailo.top, and uploadhub.co.

Visitors to rogue web pages rarely access them intentionally - most are redirected by intrusive advertisements or by Potentially Unwanted Applications (PUAs) already installed on systems. These apps do not require explicit consent to infiltrate devices and, therefore, users may be unaware of their presence.

Despite their legitimate appearance, PUAs can have dangerous capabilities such as causing redirects, delivering intrusive advertisement campaigns, and collecting browsing-related information.