Virus and Spyware Removal Guides, uninstall instructions

BitPyLock Ransomware

What is BitPyLock?

Discovered by MalwareHunterTeam, BitPyLock is malicious software classified as ransomware. Infected systems have their data encrypted and receive ransom demands for decryption tools. When BitPyLock encrypts, affected files are renamed with the ".bitpy" extension.

For example, a filename like "1.jpg" would appear as "1.jpg.bitpy". After this process, an HTML file ("# HELP_TO_DECRYPT_YOUR_FILES #.html") is created on the victim's desktop.

   
Kangaroo (Apocalypse) Ransomware

What is Kangaroo?

Kangaroo ransomware was discovered by S!Ri. Like other software of this type, Kangaroo encrypts data, appends its own extension to the filename of each encrypted file and creates ransom messages. This ransomware renames all encrypted files by appending the ".missing" extension.

For example, "1.jpg" becomes "1.jpg.missing", and so on. Note that each encrypted file is assigned an individual message. For example, "1.jpg.missing" is assigned "1.jpg.Contact_Data_Recovery.txt", "2.jpg.missing" is assigned "2.jpg.Contact_Data_Recovery.txt", and so on.

   
Utilitool Browser Hijacker

What is Utilitool?

Utilitool is a browser hijacker, which is promoted as a multi-purpose tool. It operates by modifying browsers and promoting feed.utilitooltech.com, a fake search engine. Additionally, it has data tracking capabilities, which it employs to gather browsing-related information.

Due to the dubious methods used to proliferate Utilitool, it is also classed as a Potentially Unwanted Application (PUA).

   
Balanceformoon.com Ads

What is balanceformoon[.]com?

Typically, people do not visit websites such as balanceformoon[.]com intentionally - browsers are often forced to open them by potentially unwanted applications (PUAs) installed on browsers or operating systems.

There are many other websites similar to balanceformoon[.]com including, for example, mediazone[.]mobi, toobotnews[.]biz, and glagolinius[.]com. All open other untrustworthy sites or load dubious content. PUAs that force browsers to open dubious web pages also record browsing data and display various ads.

   
Quimera Ransomware

What is Quimera?

Discovered by malware researcher, S!Ri, Quimera is a malicious program classified as ransomware. This malware operates by encrypting the data of infected systems and demanding payment for decryption tools/software. Unlike most ransomware, Quimera does not rename files during encryption.

After the encryption process is complete, a text file ("HELP_ME_RECOVER_MY_FILES.txt") is stored on the desktop.

   
Mediazone.mobi Ads

What is mediazone[.]mobi?

mediazone[.]mobi is a rogue website and should be avoided, however, many people arrive at this site inadvertently. Examples of similar web pages are toobotnews[.]biz, glagolinius[.]com and mayfootekvideo[.]com. Browsers usually open websites such as mediazone[.]mobi when potentially unwanted applications (PUAs) are installed on them.

When opened, these sites load dubious content or open other untrustworthy websites. Most PUAs also open dubious sites, gather browsing data, and display unwanted, intrusive advertisements.

   
Ako Ransomware

What is Ako?

There are two variants of Ako ransomware, however, the only difference between them is the way victims supposedly contact cyber criminals and pay the ransom. Both variants create a text file (containing a ransom message) named "ako-readme.txt".

In one version of the ransom message, victims are instructed to contact cyber criminals via email, whilst the other instructs them to pay the ransom through a Tor website.

Both Ako variants create the "id.key" file and store it in folders that contain encrypted files (they do the same with the text file containing the ransom message) and rename all encrypted files by appending a random extension to filenames. For example, "1.jpg" is renamed to "1.jpg.2mzWmb", and so on.

   
Clown Ransomware

What is Clown?

Discovery by GrujaRS, Clown is malicious software classified as ransomware. This malware is designed to encrypt the data of infected systems and then demand payment for decryption. When Clown encrypts, affected files are renamed completely using the "[SupportClown@elude.in][id=1E857D00]ORIGINAL_FILENAME.clown+" pattern.

For example, a file originally named "1.jpg" would appear as something like "[SupportClown@elude.in][id=1E857D00]1.jpg.clown+" following encryption (other variants of Clown ransomware append ".notfound" or ".Valley" extensions instead of ".clown+").

After this process, an HTML application ("!!! READ THIS !!!.hta") and a text file ("HOW TO RECOVER ENCRYPTED FILES.txt") is stored on the victim's desktop.

   
m461c14n Ransomware

What is m461c14n?

m461c14n ransomware was discovered by MalwareHunterTeam. Like most malicious programs of this type, m461c14n is designed to encrypt victims' data and provide instructions about how to pay ransoms. It creates the "wp.jpg" file, placing it on the Desktop, and sets it as the wallpaper.

This ransomware appends the ".crypd" extension to the filenames of all encrypted files. For example, it renames "1.jpg" to "1.jpg.crypd", and so on. Furthermore, m461c14n displays a pop-up window for entering a decryption key and decrypting files.

   
Yourchances.net POP-UP Scam

What is yourchances[.]net?

Yourchances[.]net is a scam website. It runs a scam, which claims that visitors' have been chosen to take place in a survey, which can earn them a prize in the shape if an Apple iPhone X. However, other scam models are also possible, for example ones pushing illegitimate software updates, fake anti-virus programs, etc.

This deceptive site is designed to promote various untrustworthy and even malicious webpages. Most users enter yourchances[.]net inadvertently, via redirects caused by intrusive ads or by PUAs (Potentially Unwanted Applications), already infiltrated into the system.

   

Page 1463 of 2329

<< Start < Prev 1461 1462 1463 1464 1465 1466 1467 1468 1469 1470 Next > End >>
About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal