Virus and Spyware Removal Guides, uninstall instructions

Cyborg Builder Ransomware

What is Cyborg Builder?

Discovered by Raby, Cyborg Builder is a malicious program categorized as ransomware and designed to encrypt the data of infected devices and then demand payment for decryption. During encryption, all files are renamed and duplicated. For example, a file such as "1.jpg" becomes "1.jpg.Indonesia" and "1.jpg.Indonesia.Cyborg Builder Ransomware".

After this process is complete, a pop-up window is displayed, which contains the ransom message. There are many possible variants of this malicious software, since it a product of this ransomware builder.

It is fully coded, and therefore all variations created using this builder differ (i.e., they append files with differing extensions, range in ransom sizes and other minor details). Despite these variations, its technical aspects remain identical (e.g. use of AES-256 and RSA-2048 cryptographic algorithms, etc.).

   
Mainplaceupgradesfree.info POP-UP Scam (Mac)

What is mainplaceupgradesfree[.]info?

mainplaceupgradesfree[.]info is designed to deceive visitors into using a fake installer for a new Adobe Flash Player version. Typically, websites of this type download installers of various potentially unwanted applications (PUAs). For example, browser hijackers, adware or even malicious programs such as Trojans and ransomware.

We strongly advise against downloading anything from mainplaceupgradesfree[.]info or similar web pages.

   
AlbCry Ransomware

What is AlbCry?

Discovered by MalwareHunterTeam, AlbCry is based on another ransomware infection called Jigsaw. It encrypts files and renames them by appending the ".locked" extension to their filenames. For example, it renames a file called "sample.jpg" to "sample.jpg.locked", and so on.

Furthermore, AlbaCry displays two pop-ups: one for a ransom message and the other informing victims that they were hacked by ASC TEAM.NET.

   
SatanCryptor Ransomware

What is SatanCryptor?

Discovered by malware researcher, S!Ri, SatanCryptor is a ransomware-type malicious program. It operates by encrypting data and demanding ransom payments for decryption. During the encryption process, all files are renamed with "#_THIS_FILE_IS_ENCRYPTED_", unique ID codes, the developer's email address and the ".satan" extension.

For example, a filename such as "1.jpg" would appear similar to "#_THIS_FILE_IS_ENCRYPTED_[30AA3CB5B8E83D0D] -[ID-A170B3A12FC66FC91253579C44AC9450] -[EMAIL-MREncptor@protonmail.com].satan", and so on for all affected files. After the process is complete, SatanCryptor stores an HTML application ("# SATAN CRYPTOR #.hta") on the desktop.

   
Node.js Ransomware

What is Node.js?

Discovered by Xavier Mertens, Node.js is a ransomware-type malicious software. This malware encrypts the data of infected devices and demands payment for decryption.

When Node.js encrypts, files are appended with the ".encrypted" extension. Therefore, a file such as "1.jpg" would appear as "1.jpg.encrypted" following encryption, and so on for all affected files. An HTML file ("How-to-buy-bitcoins.html") containing the ransom message, is created on the desktop.

   
Listentoyoutube.online Suspicious Website

What is listentoyoutube[.]online?

Listentoyoutube[.]online allows users to convert videos uploaded on YouTube to MP3 files, and then to download them. It is illegal to download videos from YouTube.

Furthermore, listentoyoutube[.]online uses rogue advertising networks - it redirects users to various untrustworthy, potentially malicious web pages. Typically, sites such as listentoyoutube[.]online lead to websites designed to advertise browser hijackers, adware, or even distribute installers of malicious programs (such as Trojans, ransomware).

   
AWT Ransomware

What is AWT?

Discovered by Michael Gillespie, AWT is malicious software that shares many similarities with Snc ransomware. This malware is designed to encrypt data and demand payment for decryption tools/software. When AWT encrypts, all files are renamed with a unique ID, the developer's email address and the ".AWT" extension.

For example, a file like "1.jpg" might appear as something similar to "1.jpg.[1E857D00][getdataback22@protonmail.com].AWT", and so on for all affected files. Once this process is finished, a text file ("ReadMe.txt") is stored on the desktop and AWT displays a pop-up window.

   
Add-to-browser.xyz POP-UP Ads

What is add-to-browser[.]xyz?

add-to-browser[.]xyz is an untrustworthy website. There are countless rogue web pages on the internet which present visitors with dubious content and/or redirect them to other dubious and malicious sites including, for example, grabthemp3.comthegoodcaster.com, and 27news.biz.

Note that add-to-browser[.]xyz specifically promotes dubious browser extensions. Websites of this type are usually accessed unintentionally, since many users are redirected to them by intrusive advertisements or Potentially Unwanted Applications (PUAs) already infiltrated into the system.

   
Pointmp3.com Suspicious Website

What is pointmp3[.]com?

pointmp3[.]com is the address of a website which offers an illegal service: it allows users to download audio from YouTube by converting uploaded videos to MP3 format.

This website also employs rogue advertising networks. People who use pointmp3[.]com are redirected to various other untrustworthy websites that advertise potentially unwanted applications (PUAs) such as adware, browser hijackers, or they even proliferate malicious software including ransomware, Trojans, and so on.

   
Devil Ransomware

What is Devil?

Devil is a part of Phobos, a family of ransomware-type programs. It renames encrypted files by appending the victim's ID, developer's email address and ".devil" extension to filenames. For example, a file such as "1.jpg" is renamed to a filename such as "1.jpg.id[1E857D00-2574].[decrypt4data@protonmail.com].devil", and so on.

Like most programs of this type, Devil provides victims with instructions about how to contact the developers and decrypt files. In this case, it creates the "info.txt" file and displays a pop-up window (info.hta).

   

Page 1466 of 2329

<< Start < Prev 1461 1462 1463 1464 1465 1466 1467 1468 1469 1470 Next > End >>
About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal