Virus and Spyware Removal Guides, uninstall instructions

UltraModel Adware (Mac)

What is UltraModel?

UltraModel is an app (browser extension) that apparently helps users to search more efficiently. In fact, it operates as adware, software that serves various advertisements.

Furthermore, UltraModel collects user-system information. Adware-type apps are categorized as potentially unwanted applications (PUAs), since people generally download and install them unintentionally when they are tricked into these actions.

   
DeathRansom Ransomware

What is DeathRansom?

Discovered by GrujaRS, DeathRansom is malicious software, classified as ransomware. In general, systems infected with malware of this type have their data encrypted. The cyber criminals behind the encryption then demand a ransom to be paid for decryption tools/software.

As was discovered by Michael Gillespie at the time of his research, however, DeathRansom did not actually encrypt any files, it simply appended them with the ".wctc" extension. Foe example, "1.jpg" becomes "1.jpg.wctc", and so on. After this process is complete, a text file - "read_me.txt" is created on the desktop.

   
Homededruju.com Ads

What is homededruju[.]com?

homededruju[.]com is similar to other rogue websites including hernclinicsfun[.]info, eadingenered[.]pro, actraffic[.]info, and many more. Typically, these sites display dubious content or redirect visitors to other untrustworthy websites.

Few people arrive at these sites intentionally - in most cases, they are opened by browsers that have potentially unwanted applications (PUAs) installed on them. PUAs open addresses of dubious web pages, collect browsing-related data, and deploy intrusive advertisements.

   
Hotels Booking Browser Hijacker

What is Hotels Booking?

Hotels Booking is advertised as an app that supposedly enables people to find and book hotels, however, it is categorized as a browser hijacker and potentially unwanted application (PUA). Like most browser hijackers, Hotels Booking promotes a fake search engine (in this case, ourflightsearch.com) by changing browser settings.

Furthermore, apps of this type are often designed to gather information relating to users' browsing habits. Hotels Booking is classed as a PUA, since people usually do not generally download or install these apps intentionally.

   
Kharma Ransomware

What is Kharma?

Kharma is designed to encrypt data and demand ransom payments for decryption. It was discovered by Raby and is a new variant of Dharma/Crysis ransomware. When Kharma encrypts data, all affected files are appended with a unique ID number, the developer's email address, and the ".kharma" extension.

For example, "1.jpg" might appear as something similar to "1.jpg.id-C15006EA.[teammarcy10@cock.li].kharma" after encryption. When this process is complete, two files ("Info.hta" and "RETURN FILES.txt") are stored on the victim's desktop.

   
Farcaleniom.com Ads

What is farcaleniom[.]com?

farcaleniom[.]com is designed to redirect visitors to various other rogue sites or present them with dubious content. It functions like many other similar websites including, for example, hernclinicsfun[.]info, eadingenered[.]pro, and actraffic[.]info.

Typically, people do not visit these sites intentionally - browsers open them automatically, often when a potentially unwanted application (PUA) is installed on the browser. In most cases, PUAs open untrustworthy websites, display ads, and collect data. They are classified as PUAs, since most people download and/or install them unintentionally.

   
Kodg Ransomware

What is Kodg?

Discovered by Michael Gillespie, Kodg is one of many ransomware-type programs that are part of the Djvu ransomware family. Software of this type is generally encrypts data so that victims cannot decrypt or access it without specific tools/keys, which must be purchased from the cyber criminals who designed the program.

Therefore, victims are encouraged to pay ransoms. Kodg appends the ".kodg" extension to the name of each encrypted file. For example, "1.jpg" becomes "1.jpg.kodg". It also creates a ransom message within the "_readme.txt" text file.

   
Dstatutorsher.info Ads

What is dstatutorsher[.]info?

dstatutorsher[.]info is a rogue site, which is similar to hernclinicsfun.infoeadingenered.procostsimpleplay.com, and countless others. Visitors to this web page are presented with dubious and even harmful content, and they can also be redirected to other untrustworthy or malicious pages.

Few users enter these websites intentionally - most are redirected by intrusive advertisements or Potentially Unwanted Applications (PUAs) already infiltrated into the system. These applications do not need explicit user permission to be installed onto devices. PUAs cause redirects, run intrusive ad campaigns, and track information relating to users' browsing activity.

   
Phoenix Keylogger

What is Phoenix?

Phoenix is the name of a malicious program that is classified as a 'keylogger' (keystroke logger). It is a new variant of Alpha keylogger. Typically, software of this type records keys pressed on the keyboard, thereby monitoring/recording keyboard input.

This particular malware is capable of downloading and executing files on an infected computer, taking screenshots, stealing credentials (including passwords), disabling installed antivirus software and terminating itself on virtual machines (VMs). To avoid serious problems that could be caused by Phoenix, uninstall it from the operating system immediately.

   
Hernclinicsfun.info Ads

What is hernclinicsfun[.]info?

Like many others, hernclinicsfun[.]info is a rogue web page designed to present users with dubious content and redirect them to other untrustworthy, even malicious sites. Few visitors to hernclinicsfun[.]info access it intentionally - most are redirected to it by intrusive ads or Potentially Unwanted Applications (PUAs) already present on the device.

Note that these apps do not need express user permission to infiltrate systems. After successful installation, PUAs cause redirects, run intrusive ad campaigns, and gather browsing-related data. The websites actraffic.infovimlo.pro, and costsimpleplay.com are just some examples of others similar to hernclinicsfun[.]info.

   

Page 1498 of 2329

<< Start < Prev 1491 1492 1493 1494 1495 1496 1497 1498 1499 1500 Next > End >>
About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal