Virus and Spyware Removal Guides, uninstall instructions

What is Xenon?

Xenon is an information stealer, which can be purchased from hacker forums for USD$150 or $80 (depending on the subscription plan). This type of malware resides in an infected device, collects data and sends it to the attacker.

Victims are often not aware of Xenon's presence until particular symptoms are clearly apparent (such as monetary loss, loss of access to personal accounts, etc.).

What is Ziggy?

Ziggy blocks access to files by encryption, renames each encrypted file, and creates the "## HOW TO DECRYPT ##.exe" executable file (ransom message) in all folders that contain encrypted files.

This ransomware renames files by adding the victim's ID, lilmoon1@criptext.com email address, and appending the ".ziggy" extension to filenames. For example, "1.jpg" is renamed to "1.jpg.id=[C279F237].email=[lilmoon1@criptext.com].ziggy", "2.jpg" to "2.jpg.id=[C279F237].email=[lilmoon1@criptext.com].ziggy", and so on.

What is WormLocker?

Discovered by S!Ri, WormLocker ransomware encrypts files, displays a ransom message in full screen mode, and plays the on-screen ransom message through the system speakers. The ransom message contains details such as cost of decryption key, a countdown timer, input field for a decryption code, email address of the developers of WormLocker ransomware, etc.

What is eBay email scam?

It is a deceptive email claiming that recipients' eBay accounts may have been compromised and used without their permission. The message contains a link, which supposedly provides instructions detailing how to secure the account. In fact, clicking it leads to a phishing website designed to steal visitors' eBay account credentials (email/username and password).

This email is a scam and has no relation to the eBay e-commerce corporation, and neither have users' accounts been misused.

What is PBlocker+?

PBlocker+ is classified as adware because it generates advertisements. Adware is often downloaded and installed by users inadvertently and, therefore, PBlocker+ and other apps of this kind are categorized as potentially unwanted applications (PUAs).

Note that adware-type apps not only generate ads, they also collect browsing data and various other details.

What is Qlkm?

Qlkm belongs to the Djvu ransomware family. This ransomware encrypts files and appends its extension to their filenames. For example, "1.jpg" is renamed to "1.jpg.qlkm", "2.jpg" to "2.jpg.qlkm", and so on.

Qlkm also creates a ransom message in the "_readme.txt" file, which is stored in all folders that contain encrypted files.

What is Epsilon?

Epsilon software performs browser-based mining to mine cryptocurrency inside the browser. If a web browser is consuming excessive computer resources, it is possible that Epsilon (or a similar app) is installed on the browser or operating system.

Research shows that this particular browser crypto-miner is for sale on hacker forums for USD$50.

What is Lockedv1?

Lockedv1 encrypts files and renames each encrypted file by replacing its name with a string of random characters and appending ".lockedv1" as the extension. For example, "1.jpg" is renamed to "Mi5qcGVn.lockedv1", "2.jpg" to "Nh3wvJLm.lockedv1", and so on. Lockedv1 also creates the "READMEV1.txt" text file containing a ransom message.

What is securitycheck[.]network?

securitycheck[.]network is a fake Apple website which attempts to trick visitors into downloading and installing an application. These web pages are not often visited by users intentionally - in most cases, they are promoted via deceptive ads, other dubious pages, or potentially unwanted applications (PUAs).

What is v316 ransomware?

v316 is 'skidware' based on Jigsaw ransomware. Its installer is disguised as the installer for ProtonVPN (a legitimate VPN client).

This malware encrypts files, appends ".v316" as the extension to each encrypted file and displays a pop-up window (ransom message). An example of how v316 renames files is as follows: "1.jpg" is renamed to "1.jpg.v316", "2.jpg" to "2.jpg.v316", and so on.