Virus and Spyware Removal Guides, uninstall instructions
What is Cyborg Builder?
Discovered by Raby, Cyborg Builder is a malicious program categorized as ransomware and designed to encrypt the data of infected devices and then demand payment for decryption. During encryption, all files are renamed and duplicated. For example, a file such as "1.jpg" becomes "1.jpg.Indonesia" and "1.jpg.Indonesia.Cyborg Builder Ransomware".
After this process is complete, a pop-up window is displayed, which contains the ransom message. There are many possible variants of this malicious software, since it a product of this ransomware builder.
It is fully coded, and therefore all variations created using this builder differ (i.e., they append files with differing extensions, range in ransom sizes and other minor details). Despite these variations, its technical aspects remain identical (e.g. use of AES-256 and RSA-2048 cryptographic algorithms, etc.).
What is mainplaceupgradesfree[.]info?
mainplaceupgradesfree[.]info is designed to deceive visitors into using a fake installer for a new Adobe Flash Player version. Typically, websites of this type download installers of various potentially unwanted applications (PUAs). For example, browser hijackers, adware or even malicious programs such as Trojans and ransomware.
We strongly advise against downloading anything from mainplaceupgradesfree[.]info or similar web pages.
What is AlbCry?
Discovered by MalwareHunterTeam, AlbCry is based on another ransomware infection called Jigsaw. It encrypts files and renames them by appending the ".locked" extension to their filenames. For example, it renames a file called "sample.jpg" to "sample.jpg.locked", and so on.
Furthermore, AlbaCry displays two pop-ups: one for a ransom message and the other informing victims that they were hacked by ASC TEAM.NET.
What is SatanCryptor?
Discovered by malware researcher, S!Ri, SatanCryptor is a ransomware-type malicious program. It operates by encrypting data and demanding ransom payments for decryption. During the encryption process, all files are renamed with "#_THIS_FILE_IS_ENCRYPTED_", unique ID codes, the developer's email address and the ".satan" extension.
For example, a filename such as "1.jpg" would appear similar to "#_THIS_FILE_IS_ENCRYPTED_[30AA3CB5B8E83D0D] -[ID-A170B3A12FC66FC91253579C44AC9450] -[EMAIL-MREncptor@protonmail.com].satan", and so on for all affected files. After the process is complete, SatanCryptor stores an HTML application ("# SATAN CRYPTOR #.hta") on the desktop.
What is Node.js?
Discovered by Xavier Mertens, Node.js is a ransomware-type malicious software. This malware encrypts the data of infected devices and demands payment for decryption.
When Node.js encrypts, files are appended with the ".encrypted" extension. Therefore, a file such as "1.jpg" would appear as "1.jpg.encrypted" following encryption, and so on for all affected files. An HTML file ("How-to-buy-bitcoins.html") containing the ransom message, is created on the desktop.
What is listentoyoutube[.]online?
Listentoyoutube[.]online allows users to convert videos uploaded on YouTube to MP3 files, and then to download them. It is illegal to download videos from YouTube.
Furthermore, listentoyoutube[.]online uses rogue advertising networks - it redirects users to various untrustworthy, potentially malicious web pages. Typically, sites such as listentoyoutube[.]online lead to websites designed to advertise browser hijackers, adware, or even distribute installers of malicious programs (such as Trojans, ransomware).
What is AWT?
Discovered by Michael Gillespie, AWT is malicious software that shares many similarities with Snc ransomware. This malware is designed to encrypt data and demand payment for decryption tools/software. When AWT encrypts, all files are renamed with a unique ID, the developer's email address and the ".AWT" extension.
For example, a file like "1.jpg" might appear as something similar to "1.jpg.[1E857D00][getdataback22@protonmail.com].AWT", and so on for all affected files. Once this process is finished, a text file ("ReadMe.txt") is stored on the desktop and AWT displays a pop-up window.
What is add-to-browser[.]xyz?
add-to-browser[.]xyz is an untrustworthy website. There are countless rogue web pages on the internet which present visitors with dubious content and/or redirect them to other dubious and malicious sites including, for example, grabthemp3.com, thegoodcaster.com, and 27news.biz.
Note that add-to-browser[.]xyz specifically promotes dubious browser extensions. Websites of this type are usually accessed unintentionally, since many users are redirected to them by intrusive advertisements or Potentially Unwanted Applications (PUAs) already infiltrated into the system.
What is pointmp3[.]com?
pointmp3[.]com is the address of a website which offers an illegal service: it allows users to download audio from YouTube by converting uploaded videos to MP3 format.
This website also employs rogue advertising networks. People who use pointmp3[.]com are redirected to various other untrustworthy websites that advertise potentially unwanted applications (PUAs) such as adware, browser hijackers, or they even proliferate malicious software including ransomware, Trojans, and so on.
What is Devil?
Devil is a part of Phobos, a family of ransomware-type programs. It renames encrypted files by appending the victim's ID, developer's email address and ".devil" extension to filenames. For example, a file such as "1.jpg" is renamed to a filename such as "1.jpg.id[1E857D00-2574].[decrypt4data@protonmail.com].devil", and so on.
Like most programs of this type, Devil provides victims with instructions about how to contact the developers and decrypt files. In this case, it creates the "info.txt" file and displays a pop-up window (info.hta).
More Articles...
Page 1466 of 2329
<< Start < Prev 1461 1462 1463 1464 1465 1466 1467 1468 1469 1470 Next > End >>