Step-by-Step Malware Removal Instructions

Babuk Locker Ransomware
Ransomware

Babuk Locker Ransomware

Babuk Locker is ransomware that creates the "How To Restore Your Files.txt" file (ransom message) in all folders that contain encrypted files and renames the files by appending the ".__NIST_K571__" extension. For example, "1.jpg" is renamed to "1.jpg.__NIST_K571__", "2.jpg" to "2.jpg.__NIST_K571__

GoSearch22 Virus (Mac)
Mac Virus

GoSearch22 Virus (Mac)

GoSearch22 is a potentially unwanted application (PUA) that functions as adware and generates advertisements. It belongs to the family of adware-type apps called Pirrit. Apps such as GoSearch22 are often downloaded and installed by users intentionally, and are thus classified as 'potentially unw

Xenon Stealer
Trojan

Xenon Stealer

Xenon is an information stealer, which can be purchased from hacker forums for USD$150 or $80 (depending on the subscription plan). This type of malware resides in an infected device, collects data and sends it to the attacker. Victims are often not aware of Xenon's presence until particular symp

Ziggy Ransomware
Ransomware

Ziggy Ransomware

Ziggy blocks access to files by encryption, renames each encrypted file, and creates the "## HOW TO DECRYPT ##.exe" executable file (ransom message) in all folders that contain encrypted files. This ransomware renames files by adding the victim's ID, lilmoon1@criptext.com email address, and appen

WormLocker Ransomware
Ransomware

WormLocker Ransomware

Discovered by S!Ri, WormLocker ransomware encrypts files, displays a ransom message in full screen mode, and plays the on-screen ransom message through the system speakers. The ransom message contains details such as cost of decryption key, a countdown timer, input field for a decryption code, ema

eBay Email Scam
Phishing/Scam

eBay Email Scam

It is a deceptive email claiming that recipients' eBay accounts may have been compromised and used without their permission. The message contains a link, which supposedly provides instructions detailing how to secure the account. In fact, clicking it leads to a phishing website designed to steal v

PBlocker+ Adware
Adware

PBlocker+ Adware

PBlocker+ is classified as adware because it generates advertisements. Adware is often downloaded and installed by users inadvertently and, therefore, PBlocker+ and other apps of this kind are categorized as potentially unwanted applications (PUAs). Note that adware-type apps not only generate ad

Qlkm Ransomware
Ransomware

Qlkm Ransomware

Qlkm belongs to the Djvu ransomware family. This ransomware encrypts files and appends its extension to their filenames. For example, "1.jpg" is renamed to "1.jpg.qlkm", "2.jpg" to "2.jpg.qlkm", and so on. Qlkm also creates a ransom message in the "_readme.txt" file, which is stored in all folder

Epsilon Miner
Trojan

Epsilon Miner

Epsilon software performs browser-based mining to mine cryptocurrency inside the browser. If a web browser is consuming excessive computer resources, it is possible that Epsilon (or a similar app) is installed on the browser or operating system. Research shows that this particular browser crypto-

Lockedv1 Ransomware
Ransomware

Lockedv1 Ransomware

Lockedv1 encrypts files and renames each encrypted file by replacing its name with a string of random characters and appending ".lockedv1" as the extension. For example, "1.jpg" is renamed to "Mi5qcGVn.lockedv1", "2.jpg" to "Nh3wvJLm.lockedv1", and so on. Lockedv1 also creates the "READMEV1.txt" t