Virus and Spyware Removal Guides, uninstall instructions

RecipeFox Browser Hijacker

What is RecipeFox?

There are many browser hijackers on the internet. Typically, they promote the addresses of fake search engines by changing browser settings and collecting browsing-related data. RecipeFox promotes recipefox.recipes in this manner.

Generally, users download and install apps such as RecipeFox (browser hijackers) inadvertently and, for this reason, they are categorized as potentially unwanted applications (PUAs).

   
Email Access Here Browser Hijacker

What is Email Access Here?

Email Access Here is a rogue app categorized as a browser hijacker. It is endorsed as a tool for quick and easy access to email accounts. This application modifies browser settings to promote hp.hemailaccesshere.com (or search.hemailaccesshere.com), a fake search engine.

It also tracks and collects browsing-related information. Since most users install this browser hijacker unintentionally, it is also classified as a Potentially Unwanted Application (PUA). Note that Email Access Here is often distributed with another PUA called Hide My History.

An updated variant of this browser hijacker is named "Get Email Access Here" and promotes hemailaccesshere.net rather than hemailaccesshere.com.

   
.waiting Ransomware

What is .waiting ransomware?

Discovered by dnwls0719, .waiting is a malicious program categorized as ransomware. This malware encrypts files and demands payment for decryption. During the encryption process, the original filenames are appended with an extension consisting of a unique ID assigned to the victims and ".waiting" (for example, " [ID].waiting").

A file such as "1.jpg" would therefore appear as something similar to "1.jpg QQYKLMTP5.waiting" following encryption. After this process is complete, a ransom message ("ReadMe.hta"), which is displayed by a pop-up window, is created in every affected folder.

   
GloboSearch Browser Hijacker

What is GloboSearch?

GloboSearch is advertised as a tool which improves the browsing experience, however, this app promotes a fake search engine (globo-search.com) by changing certain browser settings. GloboSearch is therefore classified as a browser hijacker and also a potentially unwanted application (PUA), since users tend to download and install these apps unintentionally.

Commonly, browser hijackers modify browser settings and collect data.

   
Shadow Cryptor Ransomware

What is Shadow Cryptor?

Discovered by dnwls0719, Shadow Cryptor is malicious software classified as ransomware. It operates by encrypting data in order to demand payment for decryption. There is reason to believe that this variant of Shadow Cryptor is a test version, which is likely to be updated in future.

During the encryption process, this malware appends files with an extension consisting of six random characters. For example, a file originally named "1.jpg" would appear as something similar to "1.jpg.F3F388" following encryption. Once this process is complete, a ransom message ("[extension]-DECRYPT.txt") is dropped into every compromised folder.

   
OptimumSearch Browser Hijacker

What is OptimumSearch?

OptimumSearch (search.optimum.icu) is a potentially unwanted application (PUA), a browser hijacker designed to promote search.optimum.icu (the address of a fake search engine) by changing browser settings and adding the "Managed by your organization" feature.

It might also collect various data. Browser hijackers are categorized as PUAs, since people often download and install them unintentionally.

   
CrypTron Ransomware

What is CrypTron?

Discovered by dnwls0719, CrypTron is malicious software classified as ransomware and written in the Python programming language. Malware within this classification operates by encrypting data and demanding ransom payments for decryption. During the encryption process, all affected files are appended with the ".crypt" extension.

For example, a file originally named "1.jpg" would appear as "1.jpg.crypt" following encryption. Once this process is complete, a pop-up widow is displayed.

   
COVID-19 Pandemic Is Straining Health Systems Worldwide Email Scam

What is "COVID-19 pandemic is straining health systems worldwide"?

Many scammers are taking advantage of the coronavirus pandemic by sending various scams via email. These attempt to trick recipients into transferring money, clicking on malicious links, opening malicious attachments, etc. In this particular case, scammers seek to deceive recipients into transferring cryptocurrency to the provided BTC wallet.

They attempt to trick them into believing that, by sending Bitcoins, they will donate money for starving people living in poor countries. You are strongly advised to ignore this and other similar scams.

   
LookupTool Adware (Mac)

What is LookupTool?

Commonly distributed through fake Adobe Flash Player updates, LookupTool is a rogue application. It operates as adware by running intrusive advertisement campaigns. Additionally, it has browser hijacker characteristics, such as browser settings modification and fake search engine promotion.

Most adware infections and browser hijackers possess data tracking capabilities, which are employed to monitor users' browsing activity, LookupTool is likely to have these capabilities as well. Due to the dubious methods used to proliferate this app, it is classified as a Potentially Unwanted Application (PUA).

Note that bogus software updaters/installers are often used to spread various PUAs and even malware (e.g. Trojans, ransomware, etc.).

   
.iso (Phobos) Ransomware

What is the .iso (Phobos) ransomware?

.iso (Phobos) is a malicious program belonging to the Phobos ransomware family. This malware encrypts data and demands payment for decryption.

During the encryption process, files are renamed according to this pattern: original filename, unique ID assigned to the victims, cyber criminals' email address and the ".iso" extension (not to be confused with the genuine ISO disk image format).

To elaborate upon how an encrypted file would appear, a file originally name "1.jpg" would appear as something similar to "1.jpg.id[1E857D00-2589].[backup.iso@aol.com].iso", and so on for all affected files. After this process is complete, two ransom messages ("info.hta" and "info.txt") are created on the desktop.

   

Page 1377 of 2329

<< Start < Prev 1371 1372 1373 1374 1375 1376 1377 1378 1379 1380 Next > End >>
About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal