Virus and Spyware Removal Guides, uninstall instructions

MZ434376 Ransomware

What is MZ434376?

Discovered by GrujaRS, MZ434376 is a malicious program belonging to the KesLan ransomware family. It is designed to encrypt data and then demand ransom payments for decryption. During the encryption process, all compromised files are renamed with the ".MZ434376" extension.

For example, "1.jpg" appears as "1.jpg.MZ434376" following encryption. After this process is complete, the ransomware stores an HTML application called "Beni_Oku!!!.hta" on the desktop. This file contains the ransom message in Turkish.

   
Rdp Ransomware

What is Rdp?

Discovered by S!Ri, Rdp belongs to a family of ransomware-type programs called Paradise. Like many other programs of this type, Rdp encrypts files with a strong encryption algorithm so that they cannot be used or accessed unless they are decrypted with specific tools.

These can only be purchased from the cyber criminals who designed this ransomware. Furthermore, Rdp creates a ransom message within the "%%_WHERE_MY_FILES_=#.html" file and renames all encrypted files by adding the victim's ID, email address of the cyber criminals, and appending the ".rdp" extension to filenames.

For example, "1.jpg" would become "1.jpg[id-sw4uXZP5].[rdpconnect@protonmail.com].Rdp", and so on.

   
Christmas Party Email Virus

What is "Christmas Party Email"?

"Christmas Party Email" is a Christmas-themed spam campaign designed to spread Emotet Trojan-type malicious software. Through use of social engineering tactics, these emails are intended to trick users into opening the attached file, which will then in turn infect their systems with Emotet.

   
Deniz_Kizi Ransomware

What is Deniz_Kızı?

Discovered by Raby, Deniz_Kızı ransomware is named (in Turkish) after a mythical creature, a mermaid. Like most programs of this type, Deniz_Kızı is designed to encrypt data so that victims cannot access it unless they pay a ransom. Instructions about how to pay are provided in the "Please Read Me!!!.hta" file.

Furthermore, Deniz_Kızı changes the extension of every encrypted file to ".Deniz_Kizi". For example, "1.jpg" becomes "1.jpg.Deniz_Kizi", and so on. Other variants of this ransomware use the ".Deniz_Kızı" extension for encrypted files.

   
Search.landslidesearch.com Redirect (Mac)

What is search.landslidesearch.com?

search.landslidesearch.com is the address of a fake search engine, which is promoted through a potentially unwanted application (PUA), a browser hijacker called Landslide Search. Generally, apps of this type promote fake search engines by changing certain browser settings.

Additionally, most gather browsing data. People do not generally download or install browser hijackers (or other PUAs) intentionally - in most cases, they are tricked into it.

   
Yourfine2updatesgo.best POP-UP Scam (Mac)

What is yourfine2updatesgo[.]best?

Yourfine2updatesgo[.]best is a scam webpage. It claims that visitors' Adobe Flash Payer is out-of-date and offers fake updates. Fraudulent software updaters are known to spread a variety of PUAs (Potentially Unwanted Applications) and malware (e.g. ransomware, trojans, etc.).

Typically, yourfine2updatesgo[.]best is accessed through redirects caused by intrusive adverts or by PUAs, already installed onto the system. Users should note that these apps do not need their explicit permission to infiltrate devices.

   
Rapid (.cryptolocker) Ransomware

What is Rapid (.cryptolocker)?

Rapid (.cryptolocker) is a malicious software that encrypts data so that victims could not access their files unless they decrypt them with a private key and decryption software that can be purchased from cyber criminals who developed this ransomware. It renames all files by changing their filenames to a random string of characters and appending the ".cryptolocker" extension.

For example, it renames "1.jpg" to "4A6J5N4ESJ.cryptolocker", and so on. Also, Rapid (.cryptolocker) changes victim's desktop wallpaper and creates two ransom notes (text files): "!DECRYPT_FILES.txt" and "rapidrecovery.txt".

   
NEMTY 2.3 REVENGE Ransomware

What is NEMTY 2.3 REVENGE?

Discovered by dnwls0719, NEMTY 2.3 REVENGE is an updated variant of NEMTY REVENGE 2.2 ransomware. This piece of malicious software is designed to encrypt data and then demand payment (ransom) for decryption.

During the encryption, all affected files are retitled with an extension, consisting of "NEMTY_" and a string of random characters (e.g. ".NEMTY_QNOHJMP"). To elaborate, a file like "1.jpg" would appear as something similar to "1.jpg.NEMTY_QNOHJMP". After this process is complete, a text file - "NEMTY_QNOHJMP-DECRYPT.txt" is created on the victim's desktop.

   
Bambootornado.pw POP-UP Scam (Mac)

What is bambootornado[.]pw?

Bambootornado[.]pw is a website that should not be trusted, it encourages visitors to update Adobe Flash Player with a fake updater. Its installation includes two potentially unwanted applications (PUAs): an adware-type app called MyCouponsmart and another shady app called Media Player.

Typically, browsers open websites like bambootornado[.]pw by themselves (people do not visit them willingly). However, mostly when there is some PUA installed on them.

   
Yourfine4upgradefree.best POP-UP Scam (Mac)

What is yourfine4upgradefree[.]best?

yourfine4upgradefree[.]best is a deceptive/scam site that operates by claiming that it will update Adobe Flash Player. Instead, it promotes a fake updater.

Fraudulent software updaters are used to proliferate various Potentially Unwanted Applications (PUAs) and malicious content (e.g. ransomware, trojans and other malware). Few visitors open yourfine4upgradefree[.]best intentionally - most are redirected by intrusive advertisements or PUAs already infiltrated into the system.

   

Page 1476 of 2329

<< Start < Prev 1471 1472 1473 1474 1475 1476 1477 1478 1479 1480 Next > End >>
About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal