Virus and Spyware Removal Guides, uninstall instructions

What is Lokf?

Discovered by Michael Gillespie, Lokf is a malicious program belonging to the Djvu ransomware family. It is designed to encrypt data and demand ransom payments for decryption.

During encryption, all files are renamed with the ".lokf" extension. For example, "1.jpg" becomes "1.jpg.lokf", and so on for all affected files. Once this process is complete, Lokf stores a text file ("_readme.txt") in every affected folder.

What is Corpseworm?

Discovered by Alex Svirid, Corpseworm is malicious software and a variant of Cryakl ransomware. It is designed to encrypt data and demand ransom payments for decryption.

During the encryption process, all affected files are appended with "[CS 1.7.0.1]", the developer's email address, and an extension comprising a random string of characters ("[CS 1.7.0.1][corpseworm@protonmail.com].[random_string]").

For example, "1.jpg" might appear as something similar to "1.jpg[CS 1.7.0.1][corpseworm@protonmail.com].zyk", and so on for all compromised files. After this process is complete, a text file ("README.txt") is stored on the victim's desktop.

What is LOCKEDS?

Belonging to the DCRTR-WDM malware family, LOCKEDS is malicious software classified as ransomware. LOCKEDS encrypts data and keeps it locked until a ransom is paid. During the encryption process, all affected files are renamed with the ".LOCKEDS" extension.

For example, "1.jpg" becomes "1.jpg.LOCKEDS". After this process is complete, the "HOW TO DECRYPT FILES.hta" and "HOW TO DECRYPT FILES.txt" files are stored in each compromised folder.

What is Octopus?

Octopus is malicious software and part of the Phobos ransomware family. It is designed to prevent victims from accessing their files by encrypting them with a cryptographic algorithm. To decrypt their files (obtain a decryption tool), victims are encouraged to pay a ransom to the cyber criminals who developed Octopus.

Furthermore, Octopus renames all encrypted files by adding the victim's ID, email address, and ".octopus" extension to filenames. For example, "1.jpg" might be renamed to something like "1.jpg.id[1E857D00-2275].[octopusdoc@mail.ee].octopus", and so on for all encrypted files.

It also stores the "info.txt" and "info.hta" files on the victim's desktop. The first contains instructions about how to contact cyber criminals, whilst the second enables a pop-up window containing a ransom message.

What is Rooster865qq?

Discovered by Raby, Rooster865qq is malicious software belonging to the Maoloa ransomware family. This program is designed to encrypt victims' data and demand ransom payments for decryption. When Rooster865qq encrypts files, it renames them with the ".Rooster865qq" extension.

Therefore, "1.jpg" becomes "1.jpg.Rooster865qq", and so on for all affected files. After this process is complete, an executable file called "HOW TO BACK YOUR FILES.exe" is created and stored on the desktop.

What is ProdigySearch?

ProdigySearch is advertised as an application that helps users to search more and efficiently, however, it is classified as a potentially unwanted application (PUA) and adware. Typically, people do not download or install apps of this type intentionally. If installed, they feed users with various advertisements and collect information relating to browsing activity.

For these reasons, we advise that you uninstall ProdigySearch and other adware from browsers and operating systems immediately.

What is "Chksumm"?

Chksumm is a family of scam websites designed to promote dubious applications, which are typically fake and nonfunctional. This variant promotes the Smart Mac Booster Potentially Unwanted Application (PUA). The deceptive web pages show alerts of various 'threats' and 'issues' supposedly found on visitors' devices and offer software for their elimination.

Note that no website can detect problems within operating systems. Therefore, such claims cannot be trusted. Most visits to Chksumm occur inadvertently, often via redirects caused by intrusive advertisements or PUAs.

What is Dear Safari User, You Are Today's Lucky Visitor?

"Dear Safari User, You Are Today's Lucky Visitor" is another scam message delivered by deceptive websites. Most visitors arrive at these sites inadvertently - they are redirected by intrusive ads or potentially unwanted applications (PUAs). Research shows that potentially unwanted applications typically infiltrate systems without permission.

As well as causing redirects, they deliver intrusive advertisements and gather sensitive information.

What is CustomStrategic?

CustomStrategic is the name of an application supposedly designed to enhance the browsing experience, and to provide fast/accurate search results and other browsing-related features.

In fact, this software operates as adware: it displays advertisements while users are browsing the web and collects information relating to them. You are advised to uninstall CustomStrategic and any other adware immediately.

What is shireamentsp[.]info?

shireamentsp[.]info is an untrustworthy website, which contains dubious content. People generally visit this site when are redirected by other, similar web pages. Examples of other sites similar to shireamentsp[.]info include notify-system[.]com, mediasvideo[.]live, and notification-list[.]com.

Few people visit these websites intentionally - they are forced by potentially unwanted applications (PUAs) installed on the browser and/or operating system. PUAs can redirect users to dubious websites, record browsing-related (and other) data, and display intrusive advertisements.