Virus and Spyware Removal Guides, uninstall instructions

What is YOUF?

YOUF belongs to the Dharma ransomware family. It prevents victims from accessing their files by encryption, renames all encrypted files, and generates two ransom messages. YOUF renames files by adding the victim's ID, the yourfiles1@cock.li email address, and appending the ".YOUF" extension.

For example, "1.jpg" is renamed to "1.jpg.id-1E857D00.[yourfiles1@cock.li].YOUF", "2.jpg" to "2.jpg.id-1E857D00.[yourfiles1@cock.li].YOUF", and so on. Instructions about how to contact the ransomware developers are provided in a pop-up window and "FILES ENCRYPTED.txt" text file.

What is "LiteCoin Giveaway"?

"LiteCoin Giveaway" is a scam run on various deceptive websites. This scheme claims that, by transferring at least 3 LTC (Litecoin cryptocurrency) into the provided cryptowallet (via a wallet address or QR code), users will receive tenfold the amount.

Regardless of how much people transfer, however, they will not receive anything in return - neither the sum that was transferred nor any more. Therefore, you are strongly advised against trusting "LiteCoin Giveaway" or other similar scams.

In cases when deceptive sites are accessed unintentionally, it is typically due to mistyped URLs, redirects caused by intrusive advertisements or by Potentially Unwanted Applications (PUAs). This software does not require explicit permission to be installed onto systems, and hence users may be unaware of its presence.

What is GameSearchClub?

Browser hijacking apps promote fake search engines by modifying browser settings. GameSearchClub promotes gamesearchclub.com in this way and is also likely to collect information relating to users' browsing activities.

People often download and install browser hijackers inadvertently and, therefore, GameSearchClub and other apps of this type are categorized as potentially unwanted applications (PUAs).

What is Bl4ack?

Discovered by xiaopao, Bl4ack encrypts victims' files and displays a ransom message. Unlike most ransomware-type programs, Bl4ack does not rename any of the encrypted files and does not append any extension to their filenames.

What is "Required video codec is not installed on your computer"?

Blue screen of death (BSoD) is an error screen that appears when the Windows Operating System can no longer operate. This website loads a fake BSoD stating that Windows Media Player cannot play a video because the required video codec is not installed on the operating system.

It is very likely that this web page is used to trick visitors into downloading and installing a potentially unwanted application (PUA). At the time of research, this social engineering scam distributed ZLoader malware. Note that this web page is promoted via fake movie streaming websites, which users do not visit intentionally.

What is Lola?

This ransomware was discovered by MalwareHunterTeam. Malware of this type encrypts and renames victims' files, and generates a ransom message. Lola renames encrypted files by appending the ".lola" extension. For example, "1.jpg" is renamed to "1.jpg.lola", "2.jpg" to "2.jpg.lola", and so on.

Lola creates the "Please_Read.txt" text file (the ransom message) in each folder that contains encrypted files.

What is Muti-webtool?

Like most browser hijackers, Muti-webtool promotes a fake search engine address. Additionally, it collects browsing data. Typically, users do not download or install browser hijackers intentionally. Therefore, Muti-webtool is categorized as potentially unwanted application (PUA).

What is NocryCrypt0r?

NocryCrypt0r was discovered by xiaopao. This ransomware encrypts files, changes their extensions and creates a ransom message. It renames files by appending ".partially.nocry" as the new extension. For example, "1.jpg" is renamed to "1.jpg.partially.nocry", "2.jpg" to "2.jpg.partially.nocry", and so on.

NocryCrypt0r creates the ransom message in a text file named "CryptoJoker Recovery Information.txt".

What is PowerMyMac?

PowerMyMac is advertised as a tool that optimizes and cleans Mac computers, however, this app is proliferated using dubious methods, which increases the chance that users will download and install it inadvertently. For this reason PowerMyMac is categorized as a potentially unwanted application (PUA).

What is Dex ransomware?

Dex ransomware belongs to the Dharma family. It encrypts victims' files, renames each encrypted file, displays a pop-up window, and creates the "FILES ENCRYPTED.txt" text file. The pop-up and text file contain instructions about how to contact the ransomware developers.

Dex renames files by adding the victim's ID, decryptex@airmail.cc email address, and appending the ".dex" extension to filenames. For example, "1.jpg" is renamed to "1.jpg.id-C279F237.[decryptex@airmail.cc].dex", "2.jpg" to "2.jpg.id-C279F237.[decryptex@airmail.cc].dex", etc.