Virus and Spyware Removal Guides, uninstall instructions

C0hen Locker ransomware

What is c0hen Locker?

Discovered by cyber security researcher Jack, c0hen Locker is a malicious program classified as ransomware. Malware within this classification is designed to encrypt the data of infected devices and then demand ransom payments from the victims (i.e., payment for decryption tools/software).

When the encryption is underway, all files are renamed with the ".c0hen" extension. For example, a filename such as "1.jpg" would appear as "1.jpg.c0hen", and so on. Once this process is complete, c0hen Locker displays a pop-up window that contains the ransom message.

   
NEMTY 2.5 REVENGE Ransomware

What is NEMTY 2.5 REVENGE?

NEMTY 2.5 REVENGE was discovered by Raby. This ransomware renames encrypted files by appending the ".NEMTY_[string of random characters]" extension to their filenames. For example, it renames "1.jpg" to "1.jpg.NEMTY_OF7X2YU", and so on.

It also creates a ransom message within a text file, the name of which includes the same string of random characters as encrypted files.

For example, in this case, "NEMTY_[string of random characters]-DECRYPT.txt" would be "NEMTY_OF7X2YU-DECRYPT.txt". Typically, ransom messages created by ransomware contain instructions about how to contact and/or pay cyber criminals.

   
Final Warning Email Scam

What kind of email is "Final Warning"?

Criminals behind this spam campaign, which is classified as a sextortion scam, send emails to many people and hope that some will be tricked. Typically, scammers who send emails of this attempt to blackmail recipients with threats to send compromising, humiliating images or videos to their contacts. We strongly recommend that you do not trust this or other, similar email scams.

   
Zeoticus Ransomware

What is Zeoticus?

Discovered by S!Ri, Zeoticus is malicious software categorized as ransomware. It is designed to encrypt data and demand ransom payments for decryption. During the encryption process, all affected files are appended with the developer's email address and the ".zeoticus" extension.

For example a file such as "1.jpg" would appear as "1.jpg.zeoticus@tutanota.com.zeoticus" following encryption. After this process is complete, the ransomware stores an HTML file ("READ_ME.html") on the desktop. It also changes the desktop wallpaper, which lists the email addresses of the cyber criminals behind the infection.

   
Prizedeal Ads

What is Prizedeal?

Prizedeal is a rogue, untrustworthy website. When opened, it forces people to visit other websites of this kind or displays dubious content. There are many similar websites on the internet including lurunews[.]biz, highertpushs[.]com, and tripflag[.]info to name just some examples.

Generally, these websites are opened by potentially unwanted applications (PUAs) installed on the system. Typically, people download and install PUAs inadvertently. Furthermore, PUAs track users' browsing activity and/or serve various advertisements.

   
Search.follysway.com Redirect (Mac)

What is search.follysway.com?

Similar to seekforsearch.com, searchitdown.com, premiumsearchweb.com, and a number of other rogue sites, search.follysway.com is a fake Internet search engine claiming to generate improved search results, thereby enhancing the Internet browsing experience. 

Be aware, however, that developers promote search.follysway.com via rogue software download/installation set-ups that hijack web browsers and stealthily modify various options. Furthermore, search.follysway.com continually records various user/system information.

   
Toobotnews.biz Ads

What is toobotnews[.]biz?

Sharing similarities with glagolinius.commayfootekvideo.comsecretvideos2020.com and many others, toobotnews[.]biz is a rogue web page. It operates by generating redirects to untrustworthy/malicious sites and presenting visitors with dubious content.

Few users enter this site intentionally - most are redirected by intrusive ads or Potentially Unwanted Applications (PUAs) already installed onto the device. These apps do not need express user permission to infiltrate systems. PUAs cause redirects, deliver intrusive advertisements and track browsing-related data.

   
Free Daily Manuals Browser Hijacker

What is Free Daily Manuals?

Free Daily Manuals is a browser hijacker, advertised as a tool for easy access to various manuals. After successful installation, this rogue application modifies browsers to promote its associated fake search engine (search.freedailymanualstab.com).

Furthermore, most apps classified as browser hijackers have data tracking capabilities, which they employ to monitor users' browsing activity. Since many users download/install Free Daily Manuals inadvertently, it is also categorized as a Potentially Unwanted Application (PUA).

   
ReadInstructions Ransomware

What is ReadInstructions?

ReadInstructions is a malicious program belonging to the MedusaLocker ransomware family. It operates by encrypting data and demanding ransom payments for decryption. During the encryption process, files are appended with the ".ReadInstructions" extension.

In some variants, this extension appears in uppercase (".READINSTRUCTIONS"). For example, a file originally named "1.jpg" might appear as "1.jpg.ReadInstructions" (or alternatively, "1.jpg.READINSTRUCTIONS") following encryption. After this process is complete, ReadInstructions stores an HTML file ("Recovery_Instructions.html") into each affected folder.

The text within the file contains the ransom message. Another variant of ReadInstructions ransomware appends the ".ReadTheInstructions" extension and stores the "INSTRUCTIONS.html" ransom message.

   
Fixheavilyadvancedprogram.icu POP-UP Scam (Mac)

What is fixheavilyadvancedprogram[.]icu?

fixheavilyadvancedprogram[.]icu is one of many deceptive websites that offer download and installation of the latest version of Adobe Flash Player.

In fact, they download the installers of various potentially unwanted applications (PUAs). Some might download malicious files designed to infect systems with high-risk malware. We strongly recommend against downloading files from fixheavilyadvancedprogram[.]icu or other similar websites offering updates to Adobe Flash Player or other legitimate software.

   

Page 1467 of 2329

<< Start < Prev 1461 1462 1463 1464 1465 1466 1467 1468 1469 1470 Next > End >>
About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal