Virus and Spyware Removal Guides, uninstall instructions

What is Hidden Bee?

Hidden Bee (also known as Hidden Mellifera) is a trojan-type infection designed to mine cryptocurrency. Therefore, it diminishes system performance. This malware infiltrates computers without users' consent and research shows that cyber criminals proliferate Hidden Bee using the Popcash advertising network and Underminer Exploit Kit (EK).

What is 1BTC?

First discovered by Jakub Kroustek, 1BTC is yet another variant of high-risk ransomware called Dharma. As with its predecessor, 1BTC encrypts most stored files and appends each filename with the victim's unique ID, developer's email address, and ".1BTC" extension.

For example, "sample.jpg" might be renamed to a filename such as "sample.jpg.id-1E857D00.[btcdecoding@foxmail.com].1BTC". Following successful encryption, 1BTC opens a pop-up window and stores the "RETURN FILES.txt" text file on the desktop.

What is V6cye?

First discovered by Michael Gillespie, V6cye is a ransomware-type infection that belongs to the Snatch ransomware family. This malware is designed to encrypt data and make ransom demands. During encryption, V6cye adds the ".v6cye" extension to each filename. Additionally, V6cye stores the "RESTORE_V6CYE_FILES.txt" text file on the desktop.

What is Berosuce?

Discovered by Michael Gillespie, Berosuce is yet another ransomware infection from the Djvu family. As with other malware from this family, Berosuce encrypts most data stored on the system. It also appends filenames with the ".berosuce" extension (e.g., "sample.jpg" is renamed to "sample.jpg.berosuce").

Encrypted data immediately becomes unusable. After successful encryption, Berosuce generates a text file named "_readme.txt" and stores copies in all existing folders.

What is gloyah[.]net?

gloyah[.]net is related to adf.ly, a legitimate website that provides a URL-shortening service. The users of this service are paid for shortening URLs and promoting them, since each visitor is presented with a five-second advertisement before the target (website) is reached. Note that gloyah[.]net is one of the websites promoted by adf.ly

What is Spaces?

Identical to Spotlight.app, Spaces (also known as Spaces.app) is a rogue adware-type application that promotes the searchbaron.com fake search engine. This application monitors web browsing activity and redirects users to searchbaron.com when they enter a search query. Spaces usually infiltrates computers without users' consent.

What is Actor?

Belonging to the Phobos ransomware family, Actor is high-risk malware discovered by GrujaRS. After successful infiltration, Actor encrypts most stored files and appends filenames with the ".actor" extension, the developer's email address, and the victim's unique ID.

For example, "1.jpg" might be renamed to a filename such as "1.jpg.id[1E857D00-2224].[zoye1596@msgden.net].actor". Once data is encrypted, Actor generates two files ("info.txt" and "info.hta"), storing them on the desktop.

What is Acton?

Discovered by GrujaRS, Acton is a new version of high-risk ransomware called Phobos. This malware is designed to stealthily infiltrate computers and encrypt most stored data. In doing so, Acton appends each filename with the victim's unique ID, developer's email address, and ".Acton" extension.

For example, "sample.jpg" might be renamed to a filename such as "sample.jpg.id[1E857D00-1091].[b.morningtonjones@aol.com].Acton". Encrypted data immediately becomes unusable. Additionally, Acton generates a text ("info.txt") file and an HTML application ("info.hta"), placing both on the desktop.

What is Herad?

Herad is yet another ransomware-type infection that belongs to the Djvu family. As with most Djvu variants, Herad was first discovered by Michael Gillespie.

After successful infiltration, Herad encrypts most stored files and appends each filename with the ".herad" extension (hence the ransomware name). Additionally, Herad generates a text file ("_readme.txt") and stores a copy in most existing folders.

What is central-messages[.]com?

central-messages[.]com is a rogue website designed to feed users with dubious content and redirect them to other untrustworthy sites. It is virtually identical to news-easy.com, forryortitwas.info, chanelets-aurning.com, and many others.

Research shows that users typically visit central-messages[.]com inadvertently - they are redirected by potentially unwanted applications (PUAs) and intrusive advertisements encountered on other sites. PUAs often infiltrate computers without users' consent. As well as causing redirects, they deploy intrusive advertisements and gather information relating to browsing activity.