Virus and Spyware Removal Guides, uninstall instructions

What is NamPoHyu?

NamPoHyu is a new version of MegaLocker ransomware, which developers (cyber criminals) use to encrypt data stored on Samba servers. After successful infiltration, this ransomware uses 'brute-force attacks' to guess the passwords of Samba servers that are being connected to on the infected computer.

If these servers are hacked, NamPoHyu encrypts files stored on them and makes them unusable unless a ransom is paid. NamPoHyu adds the ".NamPoHyu" extension to each encrypted file.

For example, "1.jpg" becomes "1.jpg.NamPoHyu". It also creates a ransom message within a text file called "! DECRYPT_INSTRUCTION.TXT". Victims can find this file in folders that contain encrypted data.

What is MegaLocker?

MegaLocker ransomware is designed to prevent victims from accessing files/data by encryption. In most cases, programs of this type encrypt files stored on the computer, however, following infiltration, MegaLocker searches for connections to Samba servers and attempts to guess passwords used to connect to them. I.e., it initiates a 'brute-force attack'.

After a successful attack, it encrypts files stored on the hacked servers. To decrypt locked data stored on Samba servers, victims are urged to pay a ransom to the cyber criminals. A ransom message can be found in a text file called "! DECRYPT_INSTRUCTION.TXT".

MegaLocker places this file in each folder that contains encrypted data. It also adds the ".crypted" extension to each encrypted file. For example, "1.jpg" becomes "1.jpg.crypted".

What is Langolier?

Langolier was discovered by Emmanuel_ADC-Soft. This malicious program belongs to the Scarab ransomware family. Like most programs of this type, it is used by cyber criminals to encrypt data stored on the victim's computer and to keep it unusable until a ransom is paid.

Langolier renames encrypted files and creates a ransom message in the "HOW TO RECOVER ENCRYPTED FILES.TXT" text file. The program renames encrypted files by adding the ".langolier" extension. For example, "1.jpg" becomes "1.jpg.langolier".

What is Etols?

Etols is a malicious program, a ransomware-type virus that encrypts files stored on the computer and allows developers to demand ransom payments. The program belongs to the Djvu ransomware family. Etols renames each encrypted by adding the ".etols" extension.

For example, "1.jpg" becomes "1.jpg.etols". It also creates a ransom message in the "_readme.txt", which can be found in all folders that contain encrypted files.

What kind of malware is Tellyouthepass?

Discovered by GrujaRS, Tellyouthepass is one of many ransomware-type programs used to block access to files by encryption and keep them in this state unless a ransom is paid.

The program renames all encrypted files by adding the ".locked" extension and creates a ransom message in a text file called "README.html". For example, "1.jpg" is renamed by Tellyouthepass to "1.jpg.locked".

What is "Trojan IRC/Backdor.SdBot4.FRV"?

"Trojan IRC/Backdor.SdBot4.FRV" is a fake virus alert that appears when users visit a scam website. Scammers use the site to trick people into downloading an unwanted application called MacRepair that supposedly removes 'detected viruses'. We strongly recommend that you do not trust this scam.

If the website was opened unintentionally, it is likely that this was done by a potentially unwanted application (PUA) installed on the system. PUAs usually cause unwanted redirects, deliver intrusive ads, and collect data.

What is "Your Mac is infected with 4 viruses"?

"Your Mac is infected with 4 viruses" is a fake virus alert that appears when opening a scam website. Like most scams of this type, it attempts to trick people into downloading a dubious application - in this case, cleaning software for Mac computers.

Typically, these websites are opened by potentially unwanted apps (PUAs) that people have installed on their browsers or computers. PUAs feed users with intrusive ads and gather data.

What is butitereventwil[.]info?

butitereventwil[.]info is one of many rogue websites designed to cause redirects to other untrustworthy sites or display dubious content.

This website is similar to many other pages of this type such as refrebrepheon[.]info, ketintontrat[.]info, and maranhesduve[.]club. People do not generally visit butitereventwil[.]info intentionally - potentially unwanted apps (PUAs) installed on their systems open this site. In addition, PUAs usually gather browsing-related data and deliver advertisements.

What is "apple.security-help-center[.]club"?

The internet is full of deceptive websites such as apple.security-help-center[.]club. This site is a scam that promotes a potentially unwanted application (PUA) called Mac-Tuneup-Pro. It does this by displaying fake virus alerts urging visitors to scan their systems, and then to download and install the aforementioned PUA.

We strongly recommend that you ignore this website and do not trust it. Furthermore, do not download or install applications promoted through websites of this type.

What is Easy Access to Internet Services?

As its name suggests, the Easy Access to Internet Services application provides quick and easy access to popular websites such as Facebook, Twitter, Netflix, and many others. In fact, this app is categorized as a potentially unwanted application (PUA), a browser hijacker.

Most people install PUAs unintentionally. Easy Access to Internet Services promotes various dubious websites (mostly fake search engines) by changing browser settings and gathers data relating to users' browsing habits.