Virus and Spyware Removal Guides, uninstall instructions

What is Dmmcpsshl ransomware?

Dmmcpsshl is a malicious program belonging to the Snatch ransomware family. It is designed to encrypt data and demand payment for decryption. During the encryption process, all affected files are appended with the ".dmmcpsshl" extension. For example, a file originally named something like "1.jpg" would appear as "1.jpg.dmmcpsshl" after encryption.

Once this process is complete, ransom-demand messages within "HOW TO RESTORE YOUR FILES.TXT" files are dropped into compromised folders.

What kind of malware is Hexadecimal?

Hexadecimal (also known as Crypt888) encrypts files, modifies their filenames, changes the desktop wallpaper to display a ransom message, and displays another in a pop-up window (in Korean). It renames encrypted files by prepending "Lock" to filenames.

For example, after encryption, Hexadecimal would rename a file called "1.jpg" to "Lock.1.jpg", "2.jpg" to "Lock.2.jpg", and so on.

What is StreamsBros?

StreamsBros hijacks browsers by changing certain settings to streamsbros.com (the address of a fake search engine). Commonly, apps of this type collect information relating to users' browsing habits. Users often download and install browser hijackers unintentionally and, therefore, StreamsBros is categorized as a potentially unwanted application (PUA).

What is StreamsMob?

StreamsMob is dubious software categorized as a browser hijacker. It operates by modifying browsers to promote streamsmob.com (a bogus search engine). Most browser hijackers have data tracking capabilities, which are used to monitor users' browsing activity - it is highly likely that StreamsMob also has this functionality.

Due to the dubious methods employed to proliferate this browser hijacker, it is also classified as a Potentially Unwanted Application (PUA).

What is Fxmwtv ransomware?

Belonging to the Snatch ransomware family, Fxmwtv encrypts files, changes their filenames and creates a ransom message. It renames encrypted files by appending the ".fxmwtv" extension to filenames. For example, it would rename a file called "1.jpg" to "1.jpg.fxmwtv", "2.jpg" to "2.jpg.fxmwtv", and so on.

This ransomware creates the "HOW TO RESTORE YOUR FILES.TXT" file (containing a ransom message) in all folders that hold encrypted files.

What is Secure (Sorena) ransomware?

Discovered by dnwls0719, Secure (Sorena) is a ransomware-type program. Systems infected with this malware experience data encryption and users receive ransom demands for decryption. During the encryption process, all compromised files are appended with ".Id-[random_string].secure".

For example, a file originally named "1.jpg" would appear as something similar to "1.jpg.Id-KCQJMGNP.secure" following encryption. Once this process is complete, identical ransom messages within "HELP_DECRYPT_YOUR_FILES.tx" and "HELP_DECRYPT_YOUR_FILES.html" files are created.

What is Eco Search?

Eco Search browser hijacker is designed to promote the ecosearch.club address (fake search engine) by changing some of the browser settings and collect browsing-related information. It is common that users download and install browser hijackers unintentionally, therefore, apps of this type are categorized as potentially unwanted applications (PUAs).

What is Eknkfwovyzb ransomware?

Eknkfwovyzb is malicious software belonging to the Snatch ransomware family. This malware operates by encrypting data and demanding payment for decryption. During the encryption process, all compromised files are appended with the ".eknkfwovyzb" extension.

For example, a file originally named "1.jpg" would appear as "1.jpg.eknkfwovyzb", "2.jpg" as "2.jpg.eknkfwovyzb", and so on. After this process is complete, ransom messages within the "HOW TO RESTORE YOUR FILES.TXT" file are dropped into affected folders.

What is BlackKnight2020 screenlocker?

This screen locker was discovered  by xiaopao. BlackKnight2020 is malware that prevents victims from using the infected computer by locking the screen. It also displays a ransom message with instructions about how to pay for the code, which will supposedly unlock the screen.

What is the Strong ransomware?

Discovered by MalwareHunterTeam, Strong is a malicious program categorized as ransomware. Systems infected with this malware experience data encryption and users receive ransom demands for decryption.

During the encryption process, all affected files are appended with "Drheshi@protonmail.com.[random_string]", which consists of the cyber criminals' email address and a random character string extension.

For example, a file originally named "1.jpg" would appear as something similar to"1.jpgDrheshi@protonmail.com.3tp2PDRJuaNSGk1c" following encryption. After this process is complete, a pop-up window is displayed that contains the ransom-demand message.