Virus and Spyware Removal Guides, uninstall instructions

What is Foop?

Foop is the name of a malicious program, which is part of the Stop/Djvu ransomware family. Systems infected with this malware experience data encryption and users receive ransom demands for decryption tools/software. When this ransomware encrypts data, all affected files are appended with the ".foop" extension.

For example, a file such as "1.jpg" would appear as "1.jpg.foop" following encryption. Once this process is finished, a text file ("_readme.txt") is created on the desktop.

What is Persephone?

Persephone is one of many ransomware-type programs designed to encrypt files and keep them inaccessible unless victims decrypt them with specific decryption tools that can only be purchased from the ransomware developers. This particular ransomware renames all encrypted files by appending the ".persephone" extension.

For example, it renames "1.jpg" to "1.jpg.persephone", and so on. Furthermore, Persephone creates ransom messages within text files named "READ.txt", which can be found in all folders that contains encrypted data.

What is Nemty 2.6?

Discovered by dnwls0719, Nemty 2.6 is a malicious program, an updated variant of NEMTY 2.5 REVENGE ransomware. It operates by encrypting data and demanding payment for decryption tools/software.

During the encryption process, each affected file is appended with an extension consisting of ".NEMTY, the underscore symbol and a random character string (e.g. ".NEMTY_[random]"). This string is identical for each encrypted file on the system, however, it varies for each infection (i.e., it differs for each victim).

For example, a file named "1.jpg" would appear as something similar to "1.jpg.NEMTY_S7SKZYS" following encryption. After this process is complete, a ransom message within a file with the filename format "NEMTY_[random]-DECRYPT" (e.g. "NEMTY_S7SKZYS-DECRYPT.txt") is dropped into every compromised folder.

What is Lokd?

Lokd belongs to the Djvu ransomware family. It encrypts files, renames them and creates a ransom message. Lokd renames encrypted files by appending the ".lokd" extension to filenames. For example, a file named "1.jpg" is changed to "1.jpg.lokd", and so on. It also drops ransom messages named "_readme.txt" in all folders that contain encrypted files.

What is Online Reviews App?

Online Reviews App is a rogue application endorsed as a tool for easy access to various product and service review websites. In fact, it is categorized as a browser hijacker, since it makes modifications to browsers to promote search.onlinereviewsapptab.com (a fake search engine).

This app also has data tracking capabilities, which are used to monitor users' browsing habits. Many people install Online Reviews App unintentionally, and therefore it is classified as a Potentially Unwanted Application (PUA).

What is My 2020 Fitness browser hijacker?

My 2020 Fitness is a rogue application endorsed as a tool for easy access to workout progress tracking services. It is categorized as a browser hijacker, since it makes changes to browsers in order to promote search.my2020fitnesstab.com (a fake search engine).

Additionally, due to its questionable proliferation methods, this app is also classified as a Potentially Unwanted Application (PUA). Note that most PUAs (including browser hijackers) also have data tracking capabilities.

What is Holiday Radio Promos?

Holiday Radio Promos is classified as adware. Due to its dubious proliferation methods, it is also classed as a Potentially Unwanted Application (PUA). It is endorsed as a tool for easy access to holiday-themed songs and similar music. In fact, Holiday Radio Promos operates by running intrusive advertisement campaigns.

Therefore, it delivers various unwanted and even harmful ads. It also has data tracking capabilities, which are used to monitor users' browsing habits.

What are the "Chooseyour" sites?

"Chooseyour" is a group of deceptive websites, promoting various online scams. They have been observed running "Latest version of Adobe Flash Player" schemes (which promote bogus updaters) and "Dear Safari User, You Are Today's Lucky Visitor" (which offers fake prizes).

These web pages might promote other scams as well. Note that fake Adobe Flash Player updates are commonly used to proliferate untrusted and even malicious software. Few users access deceptive/scam sites intentionally - most are redirected to them by intrusive ads or Potentially Unwanted Applications (PUAs) already installed on the system.

What is Easy Recipes Search?

The Easy Recipes Search application is designed to allow users to quickly find thousands of recipes. In fact, this app promotes a fake search engine (services.easyrecipessearch-svc.com) by modifying browser settings. Therefore, Easy Recipes Search is classified as a potentially unwanted application (PUA), a browser hijacker.

These apps are termed PUAs, since people usually download and install them inadvertently. Note that browser hijackers often collect various user-system information.

What is the Vobfus malware?

Vobfus is malicious software. This malware can be controlled remotely, which provides users with a certain level of control over the infected system. Additionally, it can cause chain infections. Vobfus is high-risk malicious program that can cause serious issues.