Virus and Spyware Removal Guides, uninstall instructions

TOR13 Ransomware

What is TOR13?

Belonging to the Dharma family, TOR13 is yet another ransomware-type infection discovered by Jakub Kroustek. After stealthily infiltrating the system, TOR13 encrypts most stored files using RSA-1024 cryptography. In doing so, TOR13 appends filenames with the victim's unique ID, developer's email address, and the ".TOR13" extension.

For example, "sample.jpg" might be renamed to a filename such as "sample.jpg.id-1E857D00.[chanelcrypt@aol.com].TOR13". Compromised data immediately becomes unusable. TOR13 is also designed to open a pop-up window and place the "RETURN FILES.txt" text file on the desktop.

   
Androponhowrow.info POP-UP Ads

What is androponhowrow[.]info?

androponhowrow[.]info is a rogue website that shares similarities with fortorsarrabse.info, press2continue.com, feenotifyfriends.info, and dozens of other similar sites. Note that androponhowrow[.]info is designed to deliver dubious content and redirect users to other rogue sites.

Most users visit androponhowrow[.]info inadvertently. They are redirected by potentially unwanted applications (PUAs) or intrusive ads delivered by other rogue sites. PUAs are known to infiltrate computers without users' consent. In addition to causing redirects, these applications deliver intrusive advertisements and gather sensitive data.

   
Dr. Wolf Internet Security Unwanted Application

What is Dr. Wolf Internet Security?

Dr. Wolf Internet Security is anti-virus software that provides protection for users of desktop computers and Android mobile devices.

It protects against viruses, spyware, malware, trojans, ransomware, and other threats. In summary, it is promoted as a legitimate anti-virus suite, however, it is also categorized as a potentially unwanted app (PUA), since many people install it unintentionally. This is due to a deceptive marketing method called "bundling", which developers use to promote it. 

   
Mcold Ransomware

What is Mcold?

Discovered by Michael Gillespie, Mcold is a malicious program classified as ransomware and belonging to the Maoloa ransomware family. Developers (cyber criminals) use it to extort money from people by encrypting their data and keeping it in that state unless a ransom is paid (in effect, a decryption tool [key] is purchased). 

Mcold renames all encrypted files by adding the ".[epta.mcold@gmail.com]" extension. For example, "1.jpg" becomes "1.jpg.[epta.mcold@gmail.com]". Previous Mcold versions used the ".Tiger4444" and ".Ox4444" extensions. Like most programs of this type, Mcold creates a ransom message within a text file, in this case "!INSTRUCTI0NS!.TXT".

   
Fortorsarrabse.info POP-UP Ads

What is fortorsarrabse[.]info?

fortorsarrabse[.]info is a rogue website similar to lalittandkedsi.info, gotwidores.info, lodder.club, and many others. It is designed to deliver various content and redirect users to other dubious websites.

Visitors typically arrive at fortorsarrabse[.]info inadvertently - they are redirected by potentially unwanted applications (PUAs) or intrusive advertisements displayed on untrustworthy websites.

PUAs usually infiltrate computers without users’ permission. In addition to causing redirects, they are likely to deliver intrusive advertisements and gather information relating to browsing activity.

   
Radman Ransomware

What is Radman?

Radman is yet another variant of Djvu ransomware and was first discovered by malware researcher Michael Gillespie.

After successfully infiltrating the system, Radman encrypts most stored data and appends filenames with the ".radman" extension. For example, "sample.jpg" becomes "sample.jpg.radman". Encrypted data immediately becomes unusable. Radman also stores the "_readme.txt" text file in every existing folder.

   
Ads by FirePlayer

What is FirePlayer?

FirePlayer is a deceptive application that supposedly allows users to play various media in the HD format. On initial inspection, FirePlayer may appear legitimate and useful, however, this app is categorized as an unwanted program and adware.

There are three main reasons for these negative associations: 1) stealth installation without consent; 2) display of intrusive online advertisements, and; 3) tracking of users' Internet browsing activity.

   
Giph It Browser Hijacker

What is feed.giph-it.com?

Giph It is a potentially unwanted application (PUA), a browser hijacker that supposedly provides a collection of various GIFs. Giph It is categorized as a PUA, since most people install it unintentionally.

Furthermore, as with most apps of this type, Giph It changes browser settings, thereby promoting a dubious website (the feed.giph-it.com fake search engine). It also gathers information relating to users' browsing habits.

   
Press2continue.com POP-UP Ads

What is press2continue[.]com?

Similar to deloplen.com, checkpost.space, pro-news.net, and many others, press2continue[.]com is a rogue website designed to redirect users to other dubious sites and deliver dubious content.

Research shows that users generally visit websites such as press2continue[.]com inadvertently - they are redirected by intrusive advertisements (delivered by other rogue sites) or potentially unwanted applications (PUAs). Furthermore, PUAs often infiltrate computers without permission.

In addition to causing redirects, they generate intrusive advertisements and record user-system information relating to web browsing habits.

   
Trojan.U83 POP-UP Scam (Mac)

What is "Trojan.U83"?

"Trojan.U83" is the name of a malicious program, which is supposedly detected by a deceptive website. This is a typical scam designed to promote an unwanted application called Mac Heal Pro.

By using this deceptive website, scammers attempt to trick people (visitors to the site) into believing that their Mac computers are infected with the aforementioned Trojan.U83 program and encourage them to download and install software that will supposedly eliminate it.

Typically, websites of this type are opened by installed potentially unwanted apps (PUAs). These also deliver ads and collect various user-system information.

   

Page 1622 of 2329

<< Start < Prev 1621 1622 1623 1624 1625 1626 1627 1628 1629 1630 Next > End >>
About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal