Virus and Spyware Removal Guides, uninstall instructions

Snake Ransomware

What is Snake?

Snake ransomware was discovered by MalwareHunterTeam. Research shows that cyber criminals behind it target business networks.

Snake is designed to encrypt files stored on all computers within a network using the AES-256 and RSA-2048 cryptographic algorithms. It also creates a ransom message within a file called "Fix-Your-Files.txt". Most ransomware-type programs rename encrypted files by appending an extension to the filenames, however, Snake does not change filenames in any way.

   
Turbonews.biz Ads

What is turbonews[.]biz?

turbonews[.]biz is a rogue website similar to toobotnews.biz27news.bizwwserch42.bizgusimp.net and thousands of others. It presents visitors with dubious/harmful content and/or redirects them to other untrustworthy or malicious web pages.

Access to turbonews[.]biz and other, similarly dubious web pages is typically gained via redirects caused by intrusive advertisements or Potentially Unwanted Applications (PUAs) already present within the system.

Note that these apps do not need explicit consent to infiltrate devices. PUAs operate by generating redirects, running intrusive ad campaigns and monitoring browsing activity.

   
Vpnshieldplus4.com POP-UP Scam (Mac)

What is vpnshieldplus4[.]com?

vpnshieldplus4[.]com is one of many deceptive websites claiming that visitors' iPhones are infected with viruses.

These sites display fake virus warnings/alerts and encourage users to download and install applications that supposedly remove detected viruses. You should avoid and ignore websites such as vpnshieldplus4[.]com (and notifications deployed by them). Do not download or install any software advertised on these sites.

   
Theworldofcontents.info POP-UP Scam (Mac)

What is theworldofcontents[.]info?

theworldofcontents[.]info is a scam website promoting a fake Flash Player updater. There are several variants of this scam with differing design/appearance, although the purpose is much the same. The site claims that visitors' Flash Players might be outdated and advises them to update the software.

Rogue updaters are used to spread a variety of untrustworthy and malicious content.

For example, they are employed to proliferate Potentially Unwanted Applications (PUAs) and even malware (e.g. trojans, ransomware, etc.). Few users access websites like theworldofcontents[.]info intentionally - most are redirected by intrusive advertisements or PUAs already installed on the system.

   
Budscanner.com Ads

What is budscanner[.]com?

budscanner[.]com redirects visitors to various other untrustworthy, potentially malicious web pages. Typically, people do not visit websites such as budscanner[.]com intentionally.

In most cases, they arrive at them after clicking dubious, deceptive advertisements, through visiting rogue websites, or they are redirected to them by potentially unwanted applications (PUAs) installed on their browsers and/or operating systems.

   
Crypton (Aurora) Ransomware

What is Crypton (Aurora)?

Discovered by dnwls0719, Crypton (Aurora) ransomware originates from a family of ransomware programs called Aurora. Crypton (Aurora) is designed to prevent victims from accessing or using data by encryption. It also renames each encrypted file by appending the ".crypton" extension to the filename.

For example, it renames "1.jpg" to "1.jpg.crypton", and so on. Instructions about how to pay the ransom (purchase a decryption key) are provided in the "@_FILES_WERE_ENCRYPTED_@.TXT" and "@_HOW_TO_PAY_THE_RANSOM_@.TXT" and "@_HOW_TO_DECRYPT_FILES_@.TXT" text files. All of these ransom messages contain identical text.

   
Dear [ISP name] user, Congratulations! POP-UP Scam

What is "Dear [ISP name] user, Congratulations!"?

"Dear [ISP name] user, Congratulations!" is a scam run on deceptive websites. This scheme is designed to trick users into believing that they have won a prize. To receive it, however, they need to provide personal information and pay certain fees. This scam is furthered through the use of visitors' Internet Service Providers (ISPs), which aids the appearance of legitimacy.

Furthermore, "Dear [ISP name] user, Congratulations!" is typically displayed in the language associated with visitors' geolocations. This scam has been observed targeting French (Bouygues Telecom ISP), Chilean (VTR ISP), Hong Kong (Netvigator ISP), Italian (Fastweb ISP), South African (Telkom ISP) and a number of other regions/ISPs.

Most users enter deceptive/scam sites unintentionally, since they are redirected by intrusive advertisements or Potentially Unwanted Applications (PUAs) already infiltrated into their devices.

   
Yourmobistyle.com Ads

What is yourmobistyle[.]com?

yourmobistyle[.]com redirects visitors to untrustworthy websites. Typically, browsers open websites such as yourmobistyle[.]com when there are potentially unwanted applications (PUAs) installed on them (i.e., people do not visit these sites intentionally).

Furthermore, yourmobistyle[.]com might be opened through other untrustworthy web pages that people willingly or inadvertently visit, or through deceptive advertisements that they click.

   
Yarraq Ransomware

What is Yarraq?

Discovered by GrujaRS, Yarraq is ransomware-type malicious software which operates by encrypting data of infected systems and then demanding payment for decryption tools. When Yarraq encrypts, all files are appended with the ".yarraq" extension.

For example, a file called "1.jpg" would appear as "1.jpg.yarraq. After encryption is complete, Yarraq ransomware creates a text file ("READ_IT.txt") on the desktop and also changes the desktop wallpaper. Both the text file and wallpaper contain identical ransom messages.

   
Somik1 Ransomware

What is Somik1?

Somik1 was discovered by S!Ri. Like most programs of this type, this ransomware encrypts and renames files. Somik1 renames them by appending the ".arnoldmichel2@tutanota.com" string to filenames. For example, "1.jpg" becomes "1.jpg.arnoldmichel2@tutanota.com", and so on.

It also displays a ransom message in a pop-up window and stores multiple .txt files on the Desktop. At the time of research, Somik1 stored five ransom messages: "WARNING2.txt", "WARNING3.txt"..."WARNING6.txt".

   

Page 1465 of 2329

<< Start < Prev 1461 1462 1463 1464 1465 1466 1467 1468 1469 1470 Next > End >>
About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal