Virus and Spyware Removal Guides, uninstall instructions

CHERNOLOCKER Ransomware

What is CHERNOLOCKER?

CHERNOLOCKER ransomware was discovered by S!Ri. It encrypts victims' files (rendering them inaccessible) and renames them by adding "(.CHERNOLOCKER)" to their filenames. For instance, "1.jpg" becomes "1.jpg(.CHERNOLOCKER)", and so on.

Furthermore, CHERNOLOCKER displays a pop-up window and creates the "landing-screenshot-img-9-768.jpg" file. It stores this .jpg file on the victim's desktop and opens a website that contains the same image.

   
Message-alert.info Ads

What is message-alert[.]info?

message-alert[.]info is similar to many other rogue web pages. For example, find-soulmates[.]com, histleolderlandch[.]info and best-girls-ever[.]com.

All of these websites load dubious content or redirect visitors to other untrustworthy sites. Generally, browsers open sites such as message-alert[.]info when potentially unwanted applications (PUAs) are installed on them. Most PUAs serve intrusive ads and gather information (browsing data and other details).

   
Newfinder APP Browser Hijacker

What is Newfinder APP?

Newfinder APP is a rogue application, identical to the PreApp browser hijacker. Since most users installing this app unintentionally, Newfinder APP is also categorized as a Potentially Unwanted Application (PUA). Browser hijackers operate by modifying browsers to promote their fake search engines.

Newfinder APP promotes searchnewworld.com in this way. Prior to opening this site, however, it causes a redirection chain comprising of untrustworthy addresses such as my-search.com and searchroute-1560352588.us-west-2.elb.amazonaws.com, and finally culminating in searchnewworld.com.

As well as generating these unwanted redirects, this app also monitors browsing activity.

   
Find-soulmates.com Ads

What is find-soulmates[.]com?

find-soulmates[.]com is a rogue website that, if visited, leads to other untrustworthy websites or loads dubious content. Generally, people do not visit these sites intentionally - they are opened by potentially unwanted apps (PUAs) installed on computers and/or browsers.

These apps are usually installed without users' knowledge (often, installed inadvertently). Most PUAs force users to visit rogue web pages, display advertisements and gather data relating to browsing habits. Some examples of web pages similar to find-soulmates[.]com are best-girls-ever[.]com, hellopushworld[.]com and ultimate-captcha[.]com.

   
Histleolderlandch.info Ads

What is histleolderlandch[.]info?

histleolderlandch[.]info is a rogue website that shares many similarities with best-girls-ever.comterko.proultimate-captcha.com and countless others. Visitors to it are presented with dubious content and/or redirected to other, untrustworthy or malicious web pages.

Typically, users arrive at histleolderlandch[.]info unintentionally - they are redirected to it by intrusive ads or Potentially Unwanted Applications (PUAs) already infiltrated into the system. PUAs generate redirects, deliver intrusive ads and monitor users' browsing habits.

   
Mainsourceofupgrade.best POP-UP Scam (Mac)

What is mainsourceofupgrade[.]best?

mainsourceofupgrade[.]best (or mainsourceoffreeupgrade.best) is a deceptive web page designed to encourage visitors into downloading/installing a fake Flash Player updater. This scam is furthered by claims that Adobe Flash Player is out of date.

Rogue updaters are typically used to proliferate Potentially Unwanted Applications (PUAs), malware (e.g. trojans, ransomware), and other high-risk malicious content. Most visitors to mainsourceofupgrade[.]best enter it unintentionally - they are redirected to it by intrusive advertisements or PUAs already infiltrated into the device.

   
Yourfine2upgradesfree.best POP-UP Scam (Mac)

What is yourfine2upgradesfree[.]best?

yourfine2upgradesfree[.]best is a deceptive website that encourages visitors to update the Adobe Flash Player. In fact, it tricks people into downloading a fake Adobe Flash updater and installing potentially unwanted applications (PUAs). We strongly advise against downloading anything from yourfine2upgradesfree[.]best or other, similar websites.

People usually do not generally visit these web pages intentionally - they are often redirected to them by PUAs already installed on their browsers and/or operating systems.

   
Best-girls-ever.com Ads

What is best-girls-ever[.]com?

There are many rogue websites similar to best-girls-ever[.]com on the internet. Other examples include hellopushworld[.]com, ultimate-captcha[.]com and pushbesttools[.]com. Most of these sites redirect visitors to other untrustworthy, potentially malicious sites or load dubious content.

People do not generally open web pages such as best-girls-ever[.]com intentionally - they are opened by potentially unwanted applications (PUAs) that are installed on browsers and/or operating systems. Furthermore, few people download or install PUAs intentionally. When installed, however, PUAs can display various ads and gather information relating to users' browsing habits.

   
Dacls RAT

What is Dacls?

Dacls is the name of a remote access Trojan (RAT), a malicious program that allows cyber criminals to control infected computers remotely.

Research shows that this malware is tied to Lazarus Group (a group of cyber criminals) and targets Linux and the Windows Operating System. Typically, cyber criminals use RATs to steal sensitive, confidential information, infect systems with other malware, and so on. In any case, no RAT is harmless and should be uninstalled immediately.

   
[ponce.lorena@aol.com] Ransomware

What is [ponce.lorena@aol.com]?

Discovered by GrujaRS, [ponce.lorena@aol.com] is malicious software belonging to the GlobeImposter ransomware family. This malware operates by encrypting data and demanding payment for decryption tools/software. During the encryption process, all affected files are appended with the ".[ponce.lorena@aol.com]" extension.

For example, a file called "1.jpg" would appear as "1.jpg.[ponce.lorena@aol.com]", and so on. After this process is complete, an HTML file named "HOW_RECOVER.html" is created on the desktop.

   

Page 1475 of 2329

<< Start < Prev 1471 1472 1473 1474 1475 1476 1477 1478 1479 1480 Next > End >>
About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal