Virus and Spyware Removal Guides, uninstall instructions

Horseleader Ransomware

What is Horseleader?

Discovered by Jirehlov, Horseleader is a part of the Garrantydecrypt ransomware family. This ransomware renames encrypted files by appending the ".horseleader" extension to filenames. For example, it renames "1.jpg" to "1.jpg.horseleader", and so on.

It also changes the desktop wallpaper and creates a ransom message within the "#Decrypt#.txt" file. Horseleader stores this file in all folders that contain encrypted data.

   
LatenBot Trojan

What is LatenBot?

LatentBot is malicious software written in the Delphi programming language. It is capable of operating as a keystroke logger, form grabber, cookie stealer and Remote Access/Administration Tool (RAT). Cyber criminals behind this malware can use it to generate in various ways.

If your computer is infected with LatentBot, remove this malicious software immediately, since it can cause serious problems.

   
PDFEasyTool Browser Hijacker

What is PDFEasyTool?

The PDFEasyTool application supposedly operates as a media file converter (conversion of various files to PDF documents). In fact, this is a browser hijacker that promotes a fake search engine. PDFEasyTool promotes pdfeasytool.com by changing certain browser settings.

Most browser hijackers are designed to promote fake search engines and gather information. Note that people do not usually download or install browser hijackers intentionally and, therefore, these apps are classified as potentially unwanted applications (PUAs).

   
Califiesrease.info Ads

What is the califiesrease[.]info website?

califiesrease[.]info is a rogue site similar to go9news.bizspeakwithjohns.comgoodbase.biz and countless others. Visitors to these web pages are presented with dubious content and/or are redirected to other untrusted or malicious websites.

Users rarely enter rogue sites intentionally - most are redirected to them by intrusive advertisements or Potentially Unwanted Applications (PUAs) already installed on the system. These apps do not need express user permission to infiltrate devices, and therefore you might be unaware of their presence.

PUAs operate by causing redirects, running intrusive ad campaigns and tracking browsing-related data.

   
Primechse POP-UP Scam (Mac)

What are the Primechse sites?

Primechse is a group of deceptive websites promoting various scams. Sites belonging to this group have been observed promoting the "Dear Safari User, You Are Today's Lucky Visitor" scheme, however, they might also promote other scams and untrustworthy or malicious web pages.

Most visits to Primechse web pages occur via redirects caused by intrusive advertisements or Potentially Unwanted Applications (PUAs) already infiltrated into the system.

   
IntelRapid Malware

What is the IntelRapid malware?

IntelRapid is malicious software designed to steal victims' cryptocurrency wallets. These wallets are used to track, store, receive and transfer cryptocurrencies, such as Bitcoin, Litecoin, Ethereum, Monero, Tether, Dash and many others.

Therefore, the software can cause significant financial loss and endanger businesses depending on, or dealing with, cryptocurrencies. IntelRapid is considered to be high-risk, and therefore immediate removal is crucial.

   
Identity Alert POP-UP Scam

What is "Identity Alert"?

This tech-support scam tricks visitors into believing that their computers are infected with information-stealing malware and calling scammers via the number provided. Typically, these web pages are opened through other untrusted websites, dubious advertisements or by installed potentially unwanted applications (PUAs). In any case, such scam pages should never be trusted.

   
Go9news.biz Ads

What is go9news[.]biz?

go9news[.]biz is similar to many other dubious websites including, for example, speakwithjohns[.]com, exq-timepieces[.]com and odicfulbrid[.]info.

Like most, it redirects visitors to other untrusted pages or loads dubious content. Typically, browsers open these pages when potentially unwanted applications (PUAs) are installed (i.e., people do not usually open the web pages intentionally). Note that most PUAs gather information and display advertisements.

   
Ncov Ransomware

What kind of malware is Ncov?

Ncov is a part of the Dharma ransomware family. It encrypts files, changes filenames, creates a text file and displays a pop-up window. Ncov renames encrypted files by adding the victim's ID, coronavirus@qq.com email address and appending the ".ncov" extension to filenames.

For example, a file named "1.jpg" becomes "1.jpg.id-1E857D00.[coronavirus@qq.com].ncov", and so on. Ncov also creates the "FILES ENCRYPTED.txt" text file and displays another ransom message within a pop-up window. Updated variants of this ransomware use the ".[3441546223@qq.com].ncov" and ".[bitcoin@email.tg].ncov" extensions for encrypted files.

   
Vitosc.xyz Redirect

What is vitosc.xyz?

vitosc.xyz is the address of a fake search engine. Typically, fake search engines are promoted through various potentially unwanted applications (PUAs), browser hijackers. This fake search engine is promoted through a PUA named SApp+ (or Smash App+) and Nittok, however, other apps might also promote vitosc.xyz.

Typically, browser hijackers promote addresses such as vitosc.xyz by changing browser settings. Furthermore, these apps often gather information.

   

Page 1413 of 2329

<< Start < Prev 1411 1412 1413 1414 1415 1416 1417 1418 1419 1420 Next > End >>
About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal