Virus and Spyware Removal Guides, uninstall instructions

What is Lilocked?

Lilocked (also known as Lilu) is yet another ransomware-type infection discovered by Michael Gillespie. As with most ransomware infections, Lilocked stealthily infiltrates the system and encrypts stored data, thereby rendering it unusable.

Additionally, Lilocked renames each file by adding the ".lilocked" extension (e.g., "sample.jpg" is renamed to "sample.jpg.lilocked"). Once encryption is complete, Lilocked generates a "#README.txt" file and stores copies in most existing folders.

What is ZeroLocker?

ZeroLocker encrypts files so that victims lose access to them unless a ransom is paid. In this way, cyber criminals use ZeroLocker to extort money  from people by forcing them to buy a decryption key that will supposedly decode their encrypted data. ZeroLocker is designed to add the ".encrypt" extension to each encrypted filename.

For example, "1.jpg" becomes "1.jpg.encrypt". It also displays the ransom message in a pop-up window called "Task Manager".

What is Com2?

Discovered by Jakub Kroustek, Com2 is a high-risk ransomware-type infection from the Dharma ransomware family. The purpose of this ransomware is to stealthily infiltrate the system and encrypt most stored files. Com2 also appends each filename with the victim's unique ID, developer's email address, and ".com2" extension.

For example, "1.jpg" might be renamed to a filename such as "1.jpg.id-1E857D00.[DonovanTudor@aol.com].com2". Additionally, Com2 opens a pop-up window (an HTML application) and stores the "FILES ENCRYPTED.txt" file on the desktop.

What is hp.myway.com?

VideoConverterHD is a browser app (toolbar) designed by Mindspark. According to developers, VideoConverterHD allows users to download videos from video-sharing sites and convert them to over twenty file formats.

Unfortunately, this app/toolbar is categorized as a potentially unwanted application (PUA), a browser hijacker. People often download and install PUAs unintentionally.

What is RT4BLOCK?

RT4BLOCK is high-risk malware categorized as ransomware. Typically, programs of this type block access to data (encrypt files) and keep them locked unless a ransom is paid. RT4BLOCK is a part of the RotorCrypt ransomware family and was discovered by Michael Gillespie.

It changes filenames of encrypted files by adding the "!-information-...___ ingibitor366 @cumallover.me ___....RT4BLOCK" string.

For example, "1.jpg" is renamed to "1.jpg!-information-...___ ingibitor366@cumallover.me ___....RT4BLOCK". Like most ransomware-type programs, RT4BLOCK creates a ransom message within a text file, in this case called "NEWS_INGiBiToR.txt".

What is "We Detected Unwanted Pop-Ups on Your Mac"?

"We Detected Unwanted Pop-Ups on Your Mac" is one of many scam websites that trick people into contacting scammers via a telephone number provided. This web page states that it has detected adware that can be removed with the help of their tech support (in fact, these are scammers who pose as "Apple Support").

Do not trust this tech-support scam and, more importantly, do not call the number displayed. Additionally, browsers often forcibly open these pages due to potentially unwanted apps (PUAs) already installed on them.

What is Ntuseg?

Ntuseg is high-risk ransomware discovered by Michael Gillespie and belonging to the Djvu ransomware family. After successful infiltration, Ntuseg encrypts most files, thereby rendering them unusable. In doing so, Ntuseg adds the ".ntuseg" appendix (hence its name) to the name of each file.

For example, "1.jpg" is renamed to "1.jpg.ntuseg". Once encryption is complete, Ntuseg generates a text file ("_readme.txt"), placing copies in every existing folder.

What kind of scam is "Windows Antivirus - Critical Alert"?

"Windows Antivirus - Critical Alert" is categorized as tech-support scam. Scams of this type attempt to trick people into believing that their computers and personal details are at risk, and they encourage them to call the telephone number provided.

Typically, scammers promote these so-called 'services' through various untrustworthy web pages, which are often opened by potentially unwanted applications (PUAs) installed on the browser or operating system. If this scam is opened through your browser, we recommend that you ignore it and check for PUAs that might be causing the problem.

What is Acuf2?

First discovered by Jakub Kroustek and belonging to the Dharma ransomware family, Acuf2 is a high-risk infection designed to encrypt files, thereby rendering them unusable. During encryption, Acuf2 also appends each filename with the victim's unique ID, developer's email address, and ".Acuf2" extension (hence the ransomware name).

For example, "1.jpg" might be renamed to a filename such as "1.jpg.id-1E857D00.[panama777@tutanota].Acuf2". Once data is encrypted, Acuf2 stores the "FILES ENCRYPTED.txt" text file on the desktop and opens a pop-up window (HTML application).

What is Limbo?

Limbo is the name of ransomware that prevents victims from accessing their files. The cyber criminals who designed Limbo use it to blackmail people in return for a decryption tool (they demand payment of a ransom). This ransomware is a new variant of Ouroboros and was discovered by GrujaRS.

Limbo changes the names of all encrypted files by adding a personal ID, email address, and ".limbo" extension.

For example, "1.jpg" might be renamed to a filename such as "1.jpg.[id=pKcsgI8CVS] [mail=BackFileHelp@protonmail.com].limbo". This ransomware also creates a text file called "Read-Me-Now.txt", which contains instructions about how to purchase a decryption tool.