Virus and Spyware Removal Guides, uninstall instructions

What is DRV?

DRV is malicious software categorized as ransomware. It encrypts files, renames them and creates a ransom message. It renames encrypted files by appending the ".lasan" extension to their filenames. For example, "1.jpg" becomes "1.jpg.lasan", and so on.

It also creates a ransom message in the form of a text file called "READ_ME.txt". Unlike most ransomware programs, DRV does not urge victims to pay any ransom (to purchase decryption tools or keys).

What is srchpx.xyz?

srchpx.xyz is one of many fake search engines on the internet. Like most of them, this search engine is promoted through a potentially unwanted application (PUA), a browser hijacker.

The name of the PUA that promotes srchpx.xyz is called SApp+. Typically, browser hijackers promote fake search engines by changing certain browser settings. Furthermore, apps of this type usually gather browsing data (information relating to users' browsing habits).

What is Bboo?

Bboo is malicious software, which is part of the Stop/Djvu ransomware family. Systems infected with this malware have their data encrypted and users receive ransom demands for decryption. When Bboo ransomware encrypts, all affected files are appended with the ".bboo" extension.

For example, a file originally named "1.jpg" becomes "1.jpg.bboo" following encryption. After this process is complete, a ransom message ("_readme.txt") is created on the desktop.

What is Hellomynameisransom?

Discovered by GrujaRS, Hellomynameisransom is ransomware that belongs to a family of ransomware-type programs called MedusaLocker. Like most programs of this type, Hellomynameisransom renames encrypted files by appending an extension to filenames and provides instructions about how to contact cyber criminals in a ransom message.

This ransomware renames files by appending the ".hellomynameisransom" extension. For example, it renames "1.jpg" to "1.jpg.hellomynameisransom", and so on. It creates the ransom message within an HTML file named "HOW_TO_RECOVER_DATA.html".

What is SNTG?

Discovered by dnwls0719, SNTG is a malicious program belonging to the Matrix ransomware family. Systems infected with it have data encrypted and users receive ransom demands for decryption tools/software.

During the encryption process, SNTG renames each file with the following pattern: "[SantaGman@criptext.com].[random_string]-[random-string].SNTG", which consists of the cyber criminals' email address, random character strings, and the ".SNTG" extension.

For example, a file such as "1.jpg" might appear as something similar to "[SantaGman@criptext.com].8GJBGKZf-PY3V1Xvb.SNTG", and so on for all affected files. SNTG ransomware also drops ransom messages (within "#SNTG_README#.rtf") into each compromised folder plus other random files onto the desktop.

What is ZYX?

ZYX belongs to the GlobeImposter family. This ransomware appends the ".{indus37098@india.com}ZYX" extension to the names of encrypted files.

For example, "1.jpg" becomes "1.jpg.{indus37098@india.com}ZYX", and so on. Furthermore, this ransomware creates a ransom message within the "how_to_back_files.html" file, which contains instructions about how to contact cyber criminals and other details.

What is 0wnpr0m0[.]com?

0wnpr0m0[.]com is a deceptive/scam website. Its behavior varies, as does the material it displays. In general, it promotes dubious and possibly malicious content and generates redirects to likewise dangerous sites. It has been observed redirecting to a fake software update scam web page.

These rogue updaters are commonly used to proliferate adware, browser hijackers and other Potentially Unwanted Applications (PUAs), as well as various malicious programs (e.g. trojans, ransomware, etc.). In fact, software downloaded from 0wnpr0m0[.]com itself is often untrusted or malicious (for example, it can include unwanted apps or malware).

Deceptive websites are often accessed inadvertently, and most visitors are redirected to them by intrusive ads or PUAs already infiltrated into the system.

What kid of malware is Moncrypt?

Moncrypt was discovered by dnwls0719 and is part of the Scarab ransomware family. Typically, programs of this type encrypt data/files, rename encrypted files, and create and display ransom messages. Moncrypt renames all files by appending the ".moncrypt" extension to filenames.

For example, it renames "1.jpg" to "1.jpg.moncrypt", and so on. It also creates a ransom message within a text file ("HOW TO RECOVER ENCRYPTED FILES.TXT") and stores it in folders that contain encrypted files.

What is getalinkandshare[.]com?

getalinkandshare[.]com is an untrusted website that downloads malicious files and redirects visitors to other deceptive, potentially malicious web pages. Note that getalinkandshare[.]com is used to trick visitors into downloading and opening files that might be designed to install browser hijackers, adware, Trojans, ransomware and other unwanted or malicious software.

Typically, people do not visit websites such as getalinkandshare[.]com intentionally - they are redirected to them through deceptive advertisements, other dubious web pages or potentially unwanted applications (PUAs) that are already installed on browsers and/or operating systems

What is Search by Live PDF Converter?

Search by Live PDF Converter is a browser hijacker, which operates by modifying browsers to promote its associated fake search engine (feed.livepdfconverter.com).

Furthermore, this app has data tracking capabilities, which are employed to monitor users' browsing habits. Due to its dubious proliferation methods, Search by Live PDF Converter is also classed as a Potentially Unwanted Application (PUA).