Virus and Spyware Removal Guides, uninstall instructions

What is LX?

Discovered by Jakub Kroustek, LX is malicious software belonging to the Crisis/Dharma ransomware family. It operates by encrypting the data of infected systems and demands payment for decryption tools/software.

When this malware encrypts, all affected files are renamed according to this pattern: original filename, unique ID, cyber criminals' email address and the ".LX" extension. For example, a file such as "1.jpg" would appear as something similar to "1.jpg.id-1E857D00.[help.crypt@aol.com].LX", and so on.

A text file ("FILES ENCRYPTED.txt") is then created on the desktop and a pop-up window is displayed.

What is Cranchit?

Cranchit is a browser hijacker endorsed as a tool to improve web searches. In fact, it operates by modifying browser settings to promote feed.cranchit.com (a fake search engine). Furthermore, it has data tracking capabilities, which are employed to monitor users' browsing activity.

Due to its dubious proliferation methods (most users install it inadvertently), Cranchit is also classified as a Potentially Unwanted Application (PUA).

What kind of malware is ArkeiStealer?

ArkeiStealer (also known as Arkei Stealer) is a type of malware that steals sensitive, confidential information, which cyber criminals can then use to generate revenue. Research shows that ArkeiStealer is capable of stealing login credentials and cryptocurrency wallet keys.

Through accessing such information, cyber criminals can cause significant financial loss and other problems. Therefore, if there is a reason to suspect that ArkeiStealer is installed on the computer, remove it immediately.

What is Banta?

Discovered by dnwls0719, Banta is yet another high-risk ransomware infection from the Phobos malware family. After successful infiltration, Banta encrypts most stored files, thereby rendering them unusable. During encryption, Banta also appends each filename with the victim's unique ID, developer's email address, and ".Banta" extension.

For example, "1.jpg" is renamed to a filename such as "1.jpg.id[1E857D00-2321].[veritablebee@protonmail.ch].Banta". Once encryption is complete, Banta stores two files ("info.hta" and "info.txt") on the desktop.

Updated variants of this ransomware use the ".[recoverdata@cock.li].Banta", ".[zax4444@qq.com].Banta", and ".[washapen@cock.li].Banta" extensions for encrypted files.

What is LookupModule?

Belonging to the AdLoad malware family, LookupModule is a rogue app classified as adware. This application also possesses browser hijacker traits. LookupModule operates by running intrusive advertisement campaigns, modifying browsers and promoting fake search engines.

Additionally, most adware-types and browser hijackers have data tracking capabilities, which are used to track users' browsing activity.

Due to LookupModule's dubious proliferation methods, it is classified as a Potentially Unwanted Application (PUA). It has been observed being spread via Fake Adobe Flash Player updaters. Note that bogus software updaters not only proliferate PUAs, but also Trojans, ransomware and other malware.

What are the Letsswin sites?

Letsswin is a group deceptive websites promoting various scams. One of these schemes has been observed promoting "Dear Safari User, You Are Today's Lucky Visitor", however, these web pages might promote other scams as well.

Few users enter these deceptive sites intentionally - most are redirected to them by intrusive ads or Potentially Unwanted Applications (PUAs) already infiltrated into the system. PUAs can be installed onto devices without users' knowledge.

What is Maps Assist?

The Maps Assist application supposedly allows users to search for maps, however, it actually changes certain browser settings to promote mapsassist.com (a fake search engine). Therefore, Maps Assist is classified as a browser hijacker. These apps also collect various user-system information.

Many users tend to download and install browser hijackers inadvertently, and for this reason they are classified as potentially unwanted applications (PUAs).

What is tdsshark[.]xyz?

rdsshark.xyz is one of many deceptive websites used to deceive visitors into downloading and installing various applications. Generally, these web pages promote potentially unwanted applications (PUAs), however, it is possible that they will also promote legitimate apps.

In any case, websites tdsshark.xyz should never be trusted. They are opened through deceptive advertisements, dubious websites, or by PUAs already installed on the system/browser. Therefore, most users do not visit sites such as tdsshark.xyz intentionally.

What is PoulightStealer?

As its name suggests, PoulightStealer is a malicious program that steals various information.

The cyber criminals responsible might use the details to generate revenue. Research shows that PoulightStealer targets applications such as FileZilla, Steam, Skype and Telegram, however, other apps might also be targeted. If your computer is infected with PoulightStealer, this malware should be removed immediately.

What is ProcessSign?

ProcessSign is one of many potentially unwanted applications (PUAs) categorized as adware. Adware serves various intrusive advertisements. Furthermore, these apps often track and record information. Note that users often download and install PUAs inadvertently.