Virus and Spyware Removal Guides, uninstall instructions

What is happy.luckyparkclub[.]com?

happy.luckyparkclub[.]com is a deceptive website that, if opened, invites visitors to participate in lotteries and to win prizes. To gain a chance to win a prize, a survey must first be completed.

Typically, people do not visit websites such as happy.luckyparkclub[.]com intentionally - they are redirected to them through clicked untrustworthy ads or potentially unwanted applications (PUAs) installed on browsers and/or computers. Generally, people download and install these apps unintentionally.

When installed, PUAs feed users with ads, cause redirects to dubious web pages such as happy.luckyparkclub[.]com, and gather information. We advise against completing any surveys promoted through happy.luckyparkclub[.]com or other similar websites, since they might be used to obtain private details, which could be misused to generate revenue.

What is Asus?

Belonging to the CrySiS/Dharma malware family and discovered by Jakub Kroustek, Asus is ransomware. This malicious program is designed to encrypt data and demand a ransom payment for decryption tools/software.

During the encryption process, all files are renamed with a unique ID number (generated for each victim), the developer's email address, and the ".asus" extension.

For example, "1.jpg" might appear as something like "1.jpg.id-1E857D00.[DataBack@qbmail.biz].asus". After this process is complete, Asus stores a text file ("FILES ENCRYPTED.txt") on the desktop and displays a pop-up window.

What is OutputData?

OutputData is one of many adware-type apps that supposedly allow users to browse the web more efficiently. Unfortunately, most of these apps are useless and designed to serve advertisements. Additionally, OutputData operates as an information tracking tool - it collects details relating to users.

Since many people download and install apps of this type unintentionally, they are categorized as potentially unwanted applications (PUAs).

What is mediasvideo[.]live?

Similar to notification-list.com, system-sms.com, facebook-info.com and countless others, mediasvideo[.]live is a rogue website that presents visitors with dubious content and generates redirects to other untrustworthy, even malicious web pages.

Few users access mediasvideo[.]live intentionally - most are redirected by intrusive ads or Potentially Unwanted Applications (PUAs) already infiltrated on the device. Note that PUAs do not need express user permission to be installed. They operate by causing redirects, hijacking browsers, delivering intrusive advertisement campaigns, and tracking browsing-related data.

What is Decrypme?

Decrypme is a new variant of MedusaLocker ransomware. This malicious program was discovered by dnwls0719. Like most ransomware-type programs, Decrypme is designed to prevent victims from accessing their files by encrypting them. Typically, it is impossible to decrypt files without specific tools (decryption software and/or keys).

To obtain them, victims are forced to pay a ransom. Instructions about how to recover files are provided in the "HOW_TO_OPEN_FILES.html" file. This ransomware also appends the ".decrypme" extension to all encrypted files. For example, "1.jpg" becomes "1.jpg.decrypme".

What is 2Hamlampampom?

2Hamlampampom (also known as Galgalgalgalk) is malicious software classified as ransomware. It is based on another ransomware infection called Mailto. It operates by encrypting data and demanding a ransom payment for decryption tools/software.

During encryption, all files are appended with an extension comprising "mailto", the developer's email address, and a random string of characters (".mailto[2Hamlampampom@cock.li].[random_string]"). For example, "1.jpg" might appear as something similar to "1.jpg.mailto[2Hamlampampom@cock.li].fd97".

Once this process is finished, 2Hamlampampom stores a ransom message in each affected folder. This appears in the form of a text file called "[random_string]-Readme.txt" (e.g. "FD97-Readme.txt").

What is Vnbue?

Vnbue is a family of deceptive (scam) web pages used to trick people into downloading and installing a dubious application that supposedly removes 'detected' viruses. In this example, visitors are encouraged to remove them with the Smart Mac Booster app.

We advise against downloading or installing apps advertised on any scam pages. Apps of this type are categorized as potentially unwanted applications (PUAs). Browsers commonly open untrustworthy websites due to PUAs already installed on them (or operating systems). Typically, people download and install PUAs unintentionally.

What is Start?

Belonging to the CrySiS/Dharma malware family, Start is malicious software, which is categorized as ransomware. This malicious program was discovered by Jakub Kroustek. Start operates by encrypting data and demanding ransom payments for decryption. During the encryption process, all files are renamed with a unique ID number (generated for each victim), developer's email address, and the ".start" extension.

For example, "1.jpg" might be renamed to a filename such as "1.jpg.id-1E857D00.[starter@cumallover.me].start", and so on for all affected files. After this process is complete, a text file ("FILES ENCRYPTED.txt") is stored on the desktop and a pop-up window displayed.

What is Sorryforthis?

Sorryforthis ransomware is malicious software that encrypts files with the AES-256 encryption algorithm. To decrypt their files, victims are urged to purchase a decryption key from the cyber criminals who created Sorryforthis. This ransomware changes the extension of each encrypted file to ".sorryforthis".

For example, "1.jpg" becomes "1.jpg.sorryforthis". It also displays a pop-up window that contains instructions about how to purchase a decryption key.

What is Sanders4?

Discovered by GrujaRS, Sanders4 is malicious software and identical to Erenahen ransomware. It is designed to encrypt files and demand ransom payments (i.e., purchase of decryption tools/software). When this malware encrypts data, all files are renamed with the ".sanders4" extension.

Therefore, "1.jpg" becomes "1.jpg.sanders4". After this process is complete, an HTML file ("How_to_open_files.html") is created on the desktop.