Virus and Spyware Removal Guides, uninstall instructions

What is Odveta?

Odveta ransomware is a new variant of another program of this type called Ouroboros. Odveta is designed to encrypt files using a strong encryption algorithm so that victims are unable to recover files without having to purchase a decryption tool and key from the cyber criminals who designed it.

Additionally, this ransomware changes names of encrypted files by adding an email address, ID number, and the ".odveta" extension to filenames. For example, "1.jpg" might be renamed to "1.jpg.Email=[RestoreData@airmail.cc]ID=[WXFESCN4J5013DR].odveta".

Instructions about how to decrypt files are provided in the "Unlock-Files.txt" text file, which can be found in folders that contain encrypted files.

Updated variants of this ransomware use ".Email=[Honeylock@protonmail.com]ID=[victim's ID].odveta", ".Email=[OdvetaSupport@elude.in]ID=[victim's ID].odveta", ".Email=[luciferenc@tutanota.com]ID=[victim's].odveta" and ".Email=[Recoveryhelp2019@protonmail.com]ID=[victim's].odveta" extensions for encrypted files.

What kind of malware is Cryxos?

Cryxos Trojans display deceptive alerts/notifications on compromised or malicious websites. The notifications claim that the user's computer is infected with a virus (or viruses), is blocked, and some personal details have been stolen. In most cases, users are encouraged to solve the problem by calling scammers via the telephone number provided.

Generally, Cryxos Trojans display messages that are disguised as legitimate notifications from Microsoft, however, this company has nothing to do with these technical support scams. Do not trust these scams and remove Cryxos from the operating system immediately.

What is 1000-dollar[.]cash?

1000-dollar[.]cash is a rogue website similar to thefastpush.com, place-web.com, fast-push.com, biglocateriod.pro and countless others. Visitors to this site are presented with deceptive and dubious content and are redirected to other untrusted or malicious web pages.

Most visitors to 1000-dollar[.]cash access it unintentionally - they are redirected by intrusive advertisements or Potentially Unwanted Applications (PUAs) already installed on the system. Note that these apps do not need express permission to be installed onto devices. Following successful infiltration, PUAs cause redirects, run intrusive ad campaigns and track data.

What is WebScheduler?

WebScheduler is software classified as adware and promoted as a tool capable of improving the browsing experience. Supposedly, it can provide fast searches, accurate search results and so on. This application delivers annoying and even harmful advertisements.

Furthermore, due to WebScheduler's dubious proliferation methods, it is also classified as a Potentially Unwanted Application (PUA).

What is Bigdata?

Discovered by dnwls0719, Bigdata belongs to the GlobeImposter ransomware. Bigdata encrypts files, changes their filenames and generates a ransom message. It renames all encrypted files by appending the ".bigdata" extension. For example, a file named "1.jpg" would become "1.jpg.bigdata", and so on.

Bigdata also drops a ransom message in all folders that contain encrypted files. The message is within an HTML file named "how_to_back_files.html".

What is China?

Discovered by dnwls0719, China is a malicious program classified as ransomware. Systems infected with this malware suffer data encryption and users receive ransom demands for decryption. During the encryption process, all affected files are appended with the ".China" extension.

For example, a file originally entitled "1.jpg" would appear as "1.jpg.China" following encryption. After this process is complete, China ransomware drops a randomly-named file containing a ransom message (e.g. "ÁªÏµÎÒ,ÇëÎðɾ³ý1582698030694.txt") onto the desktop.

What is OBERONBOOSTER?

The OBERONBOOSTER program is advertised as an operating system optimization tool, however, it is distributed through various download/installation set-ups. Many people unintentionally download and install programs that are included in the set-ups of other programs. Therefore, OBERONBOOSTER is classified as a potentially unwanted application (PUA).

What is the "I infected your computer with my private trojan" email?

"I infected your computer with my private trojan" is a scam email using the 'sextortion' scam model. This message attempts to blackmail recipients with videos of their sexual activity (the videos are nonexistent). The scammers claim that they have obtained this compromising material via malware they have used to infect the user's device.

The email states that should recipients fail to pay a certain sum, the videos will be publicized. This message is merely a scam, and the compromising material does not actually exist. Therefore, you should simply ignore the "I infected your computer with my private trojan" email.

What is thefastpush[.]com?

thefastpush[.]com is one of many untrusted websites designed to redirect visitors to other pages of this kind or load dubious content. It is similar to place-web[.]com, fast-push[.]com, supposercality[.]pro and many other web pages.

Typically, people do not visit these websites intentionally - browsers are forced to open them by various potentially unwanted applications (PUAs) installed on the browser. PUAs usually gather browsing data and serve intrusive advertisements.

What is Max Utilities?

Max Utilities is categorized as a Potentially Unwanted Application (PUA), and yet endorsed as software capable of cleaning operating systems and optimizing performance. Amongst its advertised capabilities are removal of Windows Registry errors and temporary files, Windows history cleaning, file privacy protection and so on.

Due to its dubious proliferation methods (most users install it unintentionally) Max Utilities is classed as a PUA.