Virus and Spyware Removal Guides, uninstall instructions

What is Jfwztiwpmqq?

Jfwztiwpmqq belongs to the Snatch ransomware family. It is designed to encrypt files, rename each compromised file, and create a ransom message. Jfwztiwpmqq renames files by appending the ".jfwztiwpmqq" extension to filenames. For example, "1.jpg" is renamed to "1.jpg.jfwztiwpmqq", "2.jpg" to "2.jpg.jfwztiwpmqq", and so on.

It also creates a ransom message within the "HOW TO RESTORE YOUR FILES.TXT" file, placing copies in each folder that contain encrypted files.

What is Movie Finder?

Movie Finder is rogue software endorsed as a tool for easy access to content relating to film (e.g. best and trending movies, film titles, etc.). Movie Finder features supposedly include quick search options of the Internet Movie Database (IMDb), film/TV, home video, video game, streaming content database, and the Rotten Tomatoes film and TV review-aggregation website.

Following successful infiltration, Movie Finder runs intrusive advertisement campaigns and, due to this, is classified as adware. Additionally, Movie Finder monitors users' browsing activity. Since most users download/install adware inadvertently, these programs are also classified as Potentially Unwanted Applications (PUAs).

What is MegaSource?

Adware usually generates advertisements, however, MegaSource is classified as adware and also as a browser hijacker, and therefore promotes a fake search engine address. In most cases, users download and install adware-type apps and browser hijackers inadvertently.

For this reason, apps such as MegaSource are categorized as potentially unwanted applications (PUAs). Note that it is likely that MegaSource also collects browsing data and other information.

What is the "Request For Payment" email?

"Request For Payment email virus" refers to a spam campaign designed to proliferate malware. The term "spam campaign" defines a large-scale operation, during which thousands of deceptive/scam emails are sent. The "Request For Payment" messages attempt to trick recipients into opening the attached dangerous file by stating that it is an important payment invoice.

If the malicious file is opened, the infection process (i.e. download/installation) of Agent Tesla Remote Access Trojan (RAT) is initiated. RATs operate by enabling stealthy remote access and control over an infected machine. This type of malware can have a wide variety of dangerous functionality and poses a significant threat to device/user safety.

What is NIGGERWARE?

NIGGERWARE is was discovered by xiaopao. In most cases, ransomware encrypts files, renames them, and generates ransom messages. NIGGERWARE has this behavior, however, it does not modify the names of encrypted files. It provides instructions about how to contact the developers for payment information within a pop-up window that appears after installation.

What is Snopy ransomware?

Snopy is malicious software belonging to the Xorist ransomware family. Systems infected with this malware have their data encrypted and users receive ransom demands for decryption tools. During the encryption process, files are appended with the ".snopy" extension.

For example, a file originally named something like "1.jpg" would appear as "1.jpg.snopy", "2.jpg" as "2.jpg.snopy", "3.jpg" as "3.jpg.snopy", and so on. Following the completion of this process, a ransom message within the "HOW TO DECRYPT FILES.txt" text file is created.

What is Greedyf*ckers?

Greedyf*ckers ransomware belongs to the Xorist ransomware family. It encrypts files, modifies their filenames, changes the desktop wallpaper, creates the "HOW TO DECRYPT FILES.txt" text file, and displays a pop-up window.

Greedyf*ckers renames files by appending the ".greedyf*ckers" extension. For example, "1.jpg" is renamed to "1.jpg.greedyf*ckers", "2.jpg" to "2.jpg.greedyf*ckers", and so on.

The desktop wallpaper, pop-up window, and "HOW TO DECRYPT FILES.txt" text file (stored in all folders that contain encrypted files), contain instructions about how to contact the ransomware developers.

What is MicroLookup?

Typically, users do not download or install adware intentionally and, for this reason, MicroLookup and other adware-type apps are categorized as potentially unwanted applications (PUAs). MicroLookup is distributed via a deceptive installer designed to appear similar to the installer for Adobe Flash Player.

This app generates advertisements and modifies browser settings, functioning both as an advertising-supported app and a browser hijacker. Note that these apps often collect browsing-related and other information.

What is Bioawards (Scarab) ransomware?

Bioawards is a malicious program, which is part of the Scarab ransomware family. It is designed to encrypt data and demand payment for decryption. During the encryption process, all affected files are renamed with a random character string and appended with the ".Bioawards" extension.

For example, a file originally named "1.jpg" would appear as something similar to "0QaYDVwrbPn4E4.Bioawards" following encryption. Once this process is complete, text files named "DECRYPT FILES.TXT" are dropped into compromised folders. These files contain identical ransom-demand messages.

What is HD Video Player?

HD Video Player software is often bundled with various untrusted and even harmful applications. The term "bundling" refers to a deceptive marketing technique of packing regular programs with unwanted or malicious additions.

Due to the dubious methods used to proliferate HD Video Player, it is classified as a Potentially Unwanted Application (PUA). While PUAs typically have nonoperational features and/or undisclosed, dangerous capabilities, this is not the case with HD Video Player, however, should users find this app installed on their systems without their consent/knowledge, it is likely that other, possibly dangerous software has infiltrated the device as well.