Virus and Spyware Removal Guides, uninstall instructions

Wanna Scream Ransomware

What kind of malware is Wanna Scream?

Wanna Scream was discovered by S!Ri. This ransomware encrypts files, changes their filenames, creates a ransom message and displays another in a pop-up window. Wanna Scream renames all encrypted files by adding an email address (filemgr@tutanota.com), the victim's ID and appending the ".Wanna Scream" extension to filenames.

For example, "1.jpg" might appear similar to "1.jpg.[Filemgr@tutanota.com][1E857D00].Wanna Scream", and so on. Wanna Scream creates a ransom message within a text file named "README.txt" and displays another in a pop-up window through the created "Wanna Scream.hta" file.

   
Coloquei Malware No Site Adulto Email Scam

What is "Coloquei malware no site adulto" email?

"Coloquei malware no site adulto" ("I put malware on the adult site") is an email scam targeting Portuguese users. The scheme uses the sextortion scam model to extort money from recipients through blackmailing them with threats to expose their sexual activity.

The message claims that the user's device has been hacked and exploited to obtain compromising material (via the webcam). It warns victims that should they fail to pay a specified sum, this content will be publicized. "Coloquei malware no site adulto" is simply a scam, the alleged material (videos) does not exist, and the user's system has not been infected.

   
Piolo.xyz Redirect

What is piolo.xyz?

piolo.xyz is the address of a fake search engine that is promoted through potentially unwanted applications (PUAs): browser hijackers called CERX and Dorss APP. It is also very likely that there are other apps of this type that promote this fake search engine.

CERX is related to QIP (another browser hijacker). Typically, browser hijackers promote fake search engines by changing certain browser settings, and most gather information relating to users' browsing habits.

   
Pashka Ransomware

What is Pashka?

Pashka is malicious program categorized as ransomware. It is designed to encrypt the data of infected devices and demand payment for decryption tools. It is distributed via a hacked YouTube account called 'Noted'. YouTuber Noted has released a video, stating that his account account has been hacked.

The infection spreads through a link in the description of a video entitled "Malwarebytes 4.0.4 Premium Key Cracked 2020 Protect Yourself". The link redirects to a cloud storage site from which an archived malicious executable file can be downloaded. The "cracking" (illegal activation) instructions inform users that they must disable all anti-virus software.

As Pashka encrypts, files are appended with the ".pashka" extension. For example, "1.jpg" would appear as "1.jpg.pashka", and so on for all affected files. After this process is complete, a text file ("HELP_ME_RECOVER_MY_FILES.txt") is stored on the desktop.

   
Applecomsupport.com POP-UP Scam (Mac)

What is applecomsupport[.]com?

Identical to applesupportofficial.com, applecomsupport[.]com is a deceptive website that claims visitors' devices are infected and/or at risk. It advises them to contact a fake Apple support service - this 'service' actually leads to the designers of this scam.

Most visits to applecomsupport[.]com occur via redirects caused by intrusive ads or Potentially Unwanted Applications (PUAs) already infiltrated into the system. Unwanted apps have many dangerous capabilities including force-opening untrustworthy/malicious web pages, delivery of intrusive ad campaigns and data tracking.

   
Daily Online Manuals Browser Hijacker

What is Daily Online Manuals?

As the name suggests, Daily Online Manuals supposedly provides various online manuals, however, this app is categorized as a browser hijacker and is designed to promote the address of a fake search engine (search.dailyonlinemanualstab.com) by changing browser settings.

It also gathers details relating to users' browsing habits. Note that browser hijackers are classed as potentially unwanted applications (PUAs) because people do not usually download or install them intentionally.

   
Roll Safe Ransomware

What is Roll Safe?

Discovered by S!Ri, Roll Safe encrypts and renames victims' files, and displays a ransom message in a pop-up window. Roll Safe also renames encrypted files by appending the ".encrypted" extension to filenames. For example, "1.jpg" becomes "1.jpg.encrypted", and so on.

   
Bablo Ransomware

What is Bablo?

Part of the Phobos malware family, Bablo is a malicious program classified as ransomware. It operates by encrypting data and demanding ransom payments for decryption. During the encryption process, files are renamed with a unique ID, the developer's email address and the ".bablo" extension.

For example, "1.jpg" might appear similar to "1.jpg.id[1E857D00-2569].[symetrikk@protonmail.com].bablo", and so on for all affected files. After this process is complete, two files ("info.hta" and "info.txt") are created on the desktop. Both contain ransom messages.

   
Converter King Browser Hijacker

What is Converter King?

Converter King is a potentially unwanted application (PUA), a browser hijacker that supposedly operates as an online file converter. In fact, it promotes a fake search engine (search.converterkingtab.com) by changing browser settings and recording browsing data. In most cases, people download and install browser hijackers and other PUAs inadvertently.

   
Cyber Attack From Iran Government Email Scam

What is "Cyber attack from Iran Government" email?

Discovered by Michael Gillett, "Cyber attack from Iran Government" is the title of an email scam that steals the log-in credentials of users' Microsoft accounts. This phishing scam claims that Microsoft servers have experienced a cyber attack, and therefore users' accounts have been locked to protect their email accounts and data integrity.

This fake cyber attack supposedly originated from Iran, which the designers of this scheme have chosen due to tensions present between the United States and Iran. The "Cyber attack from Iran Government" email scam was devised following warnings issued by the US government concerning potential cyber attacks from Iran.

   

Page 1464 of 2329

<< Start < Prev 1461 1462 1463 1464 1465 1466 1467 1468 1469 1470 Next > End >>
About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal