Virus and Spyware Removal Guides, uninstall instructions

What is EnCryp13d?

EnCryp13d is typical ransomware, which encrypts and renames files and demands ransom payments. It renames files by appending the ".EnCryp13d" extension. For example, "1.jpg" is renamed to "1.jpg.EnCryp13d", "2.jpg" to "2.jpg.EnCryp13d", and so on.

EnCryp13d also displays a pop-up window and creates the "HOW TO DECRYPT FILES.txt" file in all folders that contain encrypted files. The pop-up window and text files contain instructions about how to pay the ransom and various other details.

Note that EnCryp13d belongs to the Xorist ransomware family.

What is go-mp3[.]com?

go-mp3[.]com is a dubious website offering YouTube video conversion to MP3 file services. It allows users to convert and then download MP3 files from YouTube video URLs.

Note that go-mp3[.]com infringes copyright laws and also uses rogue advertising networks. Therefore, visitors to such websites are presented with misleading/malicious ads and are redirected to various other untrusted and even dangerous websites.

What is LTC ransomware?

LTC is a malicious program belonging to the Dharma ransomware family. This malware is designed to encrypt data and demand payment for decryption.

During the encryption process, files are renamed following this pattern: original filename, unique ID assigned to the victims, cyber criminals' email address, and the ".LTC" extension. For example, a file originally named "1.jpg" would appear as something similar to "1.jpg.id-C279F237.[leeza@keemail.me].LTC" after encryption.

Once this process is complete, ransom messages are created in a pop-up window and "FILES ENCRYPTED.txt" text file.

What is DigitalRecord?

The DigitalRecord app displays unwanted advertisements and changes browser settings to promote a fake search engine address. This app functions both as adware and as a browser hijacker.

These apps often gather browsing-related (and other) information. Typically, users download and install DigitalRecord and similar apps inadvertently and, for this reason, they are categorized as potentially unwanted applications (PUAs).

What is SearchPDFConverter?

Like most browser hijackers, SearchPDFConverter changes web browser settings without users' permission. In this case, it assigns them to searchpdfconverter.com (the address of a fake search engine). Furthermore, SearchPDFConverter collects browsing-related information.

Generally, users do not download or install browser hijackers intentionally and, for this reason, they are classified as potentially unwanted applications (PUAs).

What is CheckEmailsQuicker?

CheckEmailsQuicker is software endorsed as a tool for easy access to email accounts also capable of storing log-in credentials (i.e. usernames and passwords). Since it runs intrusive advertisement campaigns, however, CheckEmailsQuicker is classified as adware.

Many users download/install this program unintentionally, and thus it is also classified as a Potentially Unwanted Application (PUA).

What is Gdiview?

Gdiview is a potentially unwanted application (PUA) that developers distribute via a dubious web page (possibly, multiple web pages).

The exact purpose of Gdiview is unknown, however, it is likely that users who install this app will also have installed adware, a browser hijacker, or other PUA. These apps are classified as PUAs, since they are often downloaded and installed by users unintentionally.

What is Solaso ransomware?

Discovered by malware analyst 0x4143, Solaso is a ransomware-type program. Systems infected with this software experience data encryption and users receive ransom demands for decryption tools. During the encryption process, all affected files are appended with the ".solaso extension.

For example, a file originally named something like "1.jpg" would appear as "1.jpg.solaso", "2.jpg" as "2.jpg.solaso", "3.jpg" as "3.jpg.solaso", and so on. After this process is complete, ransom messages in "__READ_ME_TO_RECOVER_YOUR_FILES.txt" files are dropped into compromised folders.

What is the "Stopped processing incoming emails" scam message?

"Stopped processing incoming emails" is a spam phishing campaign. This term refers to a mass-scale operation, during which thousands of deceptive/scam emails are sent. These messages claim that recipients' email accounts have been suspended and incoming mail is no longer reaching the inbox. To recover the accounts, they must supposedly be updated.

Note that all information provided by "Stopped processing incoming emails" is false. The purpose of this spam campaign is to trick recipients into attempting to sign-in to their email accounts through the promoted phishing site, thereby unintentionally exposing their log-in credentials (i.e. passwords) to the scammers.

What is peachlandcn[.]com?

There are many websites similar to peachlandcn[.]com on the web. Most display fake virus or other notifications stating that the device is infected (or that another problem exists) and suggests removal of viruses and protection of devices with potentially unwanted applications (PUAs), which can be downloaded via provided links.

In this way, websites such as peachlandcn[.]com promote applications using deceptive methods. These pages should be ignored and reported.