Virus and Spyware Removal Guides, uninstall instructions

What is ScreenCapture?

Identical to Spaces.app and Spotlight.app, ScreenCapture (also known as ScreenCapture.app) is an adware-type application designed to promote the searchbaron.com fake search engine, which is designed to redirect users to bing.com by using the Amazon AWS service.

This application typically infiltrates computers without users' consent. Note that adware-type applications often deliver intrusive ads and gather information relating to users' browsing activity.

What is Darus?

First discovered by Michael Gillespie and belonging to the Djvu ransomware family, Darus is a high-risk ransomware infection that stealthily infiltrates computers to encrypt data. In doing so, Darus renames each compromised file by appending the ".darus" extension.

For example, "sample.jpg" is renamed to "sample.jpg.darus". Encrypted data immediately becomes unusable, and after successfully encrypting files, Darus stores a copy of the "_readme.txt" file in most existing folders.

What is Tocue?

Discovered by Michael Gillespie and belonging to the Djvu ransomware family, Tocue is a high-risk infection that stealthily infiltrates computers and encrypts most stored data, thereby rendering it unusable.

Tocue also renames each compromised file by adding the ".tocue" extension (e.g., "sample.jpg" becomes "sample.jpg.tocue"). This malware is also designed to generate a text file named "_readme.txt" and places copies in most existing folders.

What is Vusad?

First discovered by Michael Gillespie, Vusad is yet another ransomware from the Djvu family. The purpose of this ransomware is to encrypt data and keep it in that state unless a ransom is paid. During encryption, Vusad appends each filename with the ".vusad" extension (e.g., "sample.jpg" is renamed to "sample.jpg.vusad").

Additionally, Vusad generates a text file named "_readme.txt" and stores a copy in most existing folders.

What is Gusau?

Gusau is high-risk ransomware that belongs to a family of viruses called Djvu. Following successful infiltration, Gusau encrypts most stored data rendering it unusable. Additionally, Gusau appends names of all encrypted files with the ".gusau" extension (hence the ransomware name).

For example, "sample.jpg" is renamed to "sample.jpg.gusau". Additionally Gusau generates a text file named "_readme.txt" and stores it on the desktop. As with most ransomware from the Djvu family, Gusau was first discovered by malware security researcher, Michael Gillespie.

What is Wacatac?

Wacatac (also known as Trojan:Win32/Wacatac) is a trojan-type infection that stealthily infiltrates computers and performs a number of malicious actions. Cyber criminals typically proliferate this malware using spam email campaigns and fake software 'cracks'.

What is Guesswho?

Discovered by GrujaRS, Guesswho is a high-risk ransomware infection (potentially, a new variant of Rapid ransomware), which stealthily infiltrates computers and encrypts most stored data. In doing so, Guesswho renames each encrypted file to a random string and appends the ".guesswho" extension.

For example, "1.jpg" might be renamed to a filename such as "3STT6YHZTC.guesswho". Encrypted files immediately become unusable and indistinguishable.

Additionally, Guesswho creates a text file ("How Recovery Files.txt") and a shortcut ("grupposupp@protonmail.ch"), which automatically opens the email application and creates a new message with the Guesswho developer's email address as the recipient.

What is Madek?

Madek is a high-risk ransomware infection discovered by Michael Gillespie and belonging to Djvu, a family of ransomware-type infections.

Immediately after infiltration, Madek compromises stored data by encryption, thereby rendering it unusable. In addition, Madek renames each file by adding the ".madek" appendix (e.g., "sample.jpg" is renamed to "sample.jpg.madex"). Once encryption is complete, Madek generates a text file ("_readme.txt") and stores a copy in all existing folders.

What is Gehad?

First discovered by Michael Gillespie and belonging to the Djvu ransomware family, Gehad is a high-risk infection designed to encrypt data and keep it in that state unless a ransom is paid.

During encryption, Gehad appends each filename with the ".gehad" extension (hence its name). After successful encryption, Gehad generates a "_readme.txt" file and stores a copy in every existing folder.

What is Extenbro?

Extenbro is a trojan-type application designed to modify DNS system settings in the IPv4 protocol. Cyber criminals proliferate this malware using the "bundling" method, and thus Extenbro infiltrates computers during installation of other programs.