Virus and Spyware Removal Guides, uninstall instructions

What is Muhstik?

Discovered by Amigo-A, Muhstik is ransomware-type software and a new variant of QNAPCrypt. This particular malware infection is designed to target mainly QNAP NAS devices, yet regular Windows users are in danger as well. Programs of this type prevent victims from accessing/using their files by encrypting them with strong encryption algorithms.

Typically, if victims wish to decrypt their data, they are encouraged to pay a ransom. In this case, instructions about how to meet the ransom demands are provided in the "README_FOR_DECRYPT.txt" text file. Furthermore, Muhstik renames all encrypted files by appending the ".muhstik" extension to filenames.

For example, "1.jpg" is renamed to "1.jpg.muhstik". Note that QNAPCrypt ransomware uses the ".encrypt" extension.

What is Noos?

Software that encrypts files and is used to force victims to pay ransoms is called ransomware. Discovered by Michael Gillespie, Noos is one of these malicious programs and part of the Djvu ransomware family. Like most ransomware-type programs, Noos renames all encrypted files.

In this case, it changes filenames by adding the ".noos" extension. For example, "1.jpg" becomes "1.jpg.noos" after encryption by Noos. It also creates a ransom message within the "_readme.txt" text file.

What is Estemani?

Discovered by GrujaRS, Estemani ransomware is a malicious program designed to prevent victims from accessing their files by encrypting them with a cryptographic algorithm. Victims are then encouraged to purchase a decryption tool, since no other software can decrypt files encrypted by this ransomware.

Furthermore, Estemani creates a ransom message within the "@_READ_TO_RECOVER_FILES_@.txt" file. Unlike most ransomware-type programs, however, Estemani does not add an extension to encrypted files.

What is donaldredpage[.]icu?

donaldredpage[.]icu is a deceptive website that is usually opened by potentially unwanted applications (PUAs) installed on browsers or operating systems. This site causes redirects to other untrustworthy websites or displays dubious content. It is very similar to dsruseedsdreed[.]com, anwap-download[.]club, aleailarm[.]com, and many other web pages of this kind.

Generally, people download and install PUAs that open these sites accidentally. When installed, PUAs usually gather information relating to users' browsing habits and/or serve unwanted, intrusive advertisements.

What kind of malware is no_more_ransom?

The no_more_ransom ransomware infection is a part of Rapid, a family of ransomware-type programs. Like most malicious programs of this type, no_more_ransom encrypts files stored on the computer. Therefore, victims lose access to files unless they pay a ransom.

This ransomware renames files by adding the ".no_more_ransom" extension to filenames. For example, "1.jpg" becomes "1.jpg.no_more_ransom". Additionally, no_more_ransom generates a ransom message within the "How Recovery Files.txt" file.

This file contains instructions about how to purchase a decryption tool. Cyber criminals named this ransomware using the No More Ransom project title (the main aim of this project is to help victims of ransomware recover their files without having to pay cyber criminals).

What is Proced?

Discovered by MalwareHunterTeam, Proced is malicious software classified as ransomware. It is designed to encrypt data and keep it locked until a ransom is paid (i.e., decryption tool/software is purchased). During the encryption process, all files are renamed by adding the ".proced" extension.

For example, "1.jpg" becomes "1.jpg.proced". Once this process is complete, Proced displays a pop-up window, which details the decryption instructions.

What is Angus?

Discovered by GrujaRS, Angus is categorized as ransomware and is part of the King Ouroboros ransomware family. Programs of this type are designed to prevent victims from accessing their files by encryption. To decrypt files, victims are encouraged to purchase decryption tools from ransomware developers (I.e., pay ransoms).

Angus renames encrypted files by adding an email address, victim's ID, and ".Angus" extension to filenames. For example, "1.jpg" might be renamed to "1.jpg.Email=[Legion.developers72@gmail.com] ID=[0H1Khr79qvNDB4M].Angus". Angus also creates a ransom message with the "HowToDecrypt.txt" text file and displays the same message in a pop-up window.

What is apple.com-guard-device[.]live?

apple.com-guard-device[.]live is a scam site, which is designed to endorse the Cleanup My Mac application using scare tactics. This website operates by alerting users of supposed threats it has detected. Note that any viruses apple.com-guard-device[.]live detects are false.

This web page should not be trusted and the products it advertises should not be downloaded or installed.

Typically, scam websites offer apps, which are fake and nonoperational. Few users access apple.com-guard-device[.]live intentionally - most are redirected to it by intrusive advertisements or potentially unwanted applications (PUAs) already present on their Mac operating systems.

What is OnlyApplication?

Developers advertise OnlyApplication as a useful tool which provides faster searches, accurate results, and an enhanced browsing experience.

In fact, this program is classified as a potentially unwanted application (PUA), an adware-type app that serves unwanted, intrusive advertisements. PUAs often collect various user-system information. Generally, people download and install adware (and other PUAs) unintentionally.

What is Kuub?

Kuub is malicious software categorized as ransomware. It belongs to the Djvu ransomware family and was discovered by Michael Gillespie. Kuub operates by encrypting victims' files and demanding ransom payments for decryption. I.e., affected users must purchase decryption tools/software and keys from the developers of this malicious program.

During encryption, all files are renamed with the ".kuub" extension. Therefore, "1.jpg" becomes "1.jpg.kuub". After the process is complete, a text file called "_readme.txt" is created and stored in each encrypted folder.