Virus and Spyware Removal Guides, uninstall instructions

.bat Ransomware

What is .bat?

Discovered by Jakub Kroustek, .bat is a malicious program classified as ransomware. Generally, malware of this type blocks victims from accessing their files by encryption. To decrypt them, victims are forced to buy a decryption tool/key from cyber criminals who developed the program, in this case .bat ransomware.

It also creates a text file called "RETURN FILES.txt" and displays a ransom message in a pop-up window. This ransomware also renames all encrypted files by adding the ".bat" extension (together with the victim's ID and email address of .bat's developers).

For example, if a file is called "1.jpg", .bat will rename it to "1.jpg.id-1E857D00.[decryptyourdata@qq.com].bat", and so on. This malicious program is a part of the Dharma ransomware family and locks files using RSA-1024 encyption.

   
qbix Ransomware

What is qbix?

The number of new ransomware-type programs is growing daily, including qbix, which was discovered by Jakub Kroustek and belongs to the Dharma ransomware family. Like most programs of this type, qbix is used by cyber criminals who aim to extort money from their victims.

Ransomware-type programs encrypt files so that victims are unable to access and use them unless a ransom is paid.

In this particular case, each encrypted file is renamed by adding the ".qbix" extension plus the victim's ID and email address. For example, qbix renames "1.jpg" to "1.jpg.id-1E857D00.[backdata@qq.com].qbix". It also creates a "RETURN FILES.txt" file and displays a ransom message in a pop-up window.

   
MERS Ransomware

What is MERS?

Discovered by Jakub Kroustek, MERS is a ransomware-type program belonging to the Dharma family. Its main purpose is to encrypt data and keep it locked until a ransom is paid (decryption tool is purchased). MERS renames all encrypted files by adding the ".MERS" extension, which also contains a unique victim ID and ransomware developer's email address.

For example, "1.jpg" might be renamed to "1.jpg.id-1E857D00.[crypt1style@aol.com].MERS". It also creates a ransom message in the "RETURN FILES.txt" file and displays a pop-up window with instructions about how to decrypt files.

   
aa1 Ransomware

What is aa1?

aa1 is a ransomware-type virus discovered by Jakub Kroustek. This ransomware is yet another variant of a high-risk infection called Dharma. aa1 is designed to stealthily infiltrate the system and compromise (encrypt) stored data, thereby making it unusable.

In doing so, aa1 appends each filename with the ".aa1" extension plus the developer's email address and victim's unique ID. For instance, "sample.jpg" might be renamed to a filename such as "sample.jpg.id-1E857D00.[who8@mail.fr].aa1". Once files are encrypted, aa1 opens a pop-up window and stores a text file ("FILES ENCRYPTED.txt") on the desktop.

   
TR/Crypt.XPACK.Gen Virus

What is TR/Crypt.XPACK.Gen?

TR/Crypt.XPACK.Gen is the generic name for threats detected by Avira and categorized as unknown Trojans. Typically, these programs are designed to steal personal details or spread other malicious programs such as ransomware.

One of the purposes of this particular Trojan is to monitor victims' browsing (internet) activities. If Trojans are installed on your system, eliminate them immediately.

   
Fedasot Ransomware

What is Fedasot?

Belonging to the Djvu ransomware family, Fedasot is an infection designed to encrypt data and make ransom demands. During encryption, Fedasot appends the ".fedasot" extension to each filename (e.g., "sample.jpg" is renamed to "sample.jpg.fedasot").

Once encrypted, files immediately become unusable. Additionally, Fedasot generates a text file ("_readme.txt") and stores it in every existing folder. The file contains a ransom-demand message.

   
Sarut Ransomware

What is Sarut?

Sarut is yet another version of high-risk ransomware called Djvu. After successful infiltration, Sarut encrypts most stored files, thereby rendering them unusable. Additionally, Sarut appends filenames with the ".sarut" extension. E.g., "sample.jpg" is renamed to "sample.jpg.sarut".

As with other Djvu variants, Sarut generates a text file ("_readme.txt"), which contains a ransom-demand message. Sarut stores a copy of the new text file in every existing folder.

   
SysMenu.dll Virus

What is SysMenu.dll virus?

If a RunDLL pop-up window appears regularly and states that there was a problem starting the "SysMenu.dll" (dynamic-link library) file, it is likely that the computer is infected with adware (advertising-supported software). Apps of this type collect various user-system information and deploy advertisements. This particular adware is installed with the YTDownloader program.

   
WiFi Password Cracker Virus

What is WiFi password cracker?

According to the developers, the "WiFi password cracker" tool allows people to reveal the passwords of password-protected Wi-Fi networks. In fact, this tool is developed and proliferated by cyber criminals to infect computers with a ransomware-type program. For this reason, we strongly recommend that you do not use it.

   
CrossRAT Trojan

What is CrossRAT?

CrossRAT is yet another remote access trojan-type virus that stealthily infiltrates the system and records data. This malware is programmed in the Java language, which gives it a significant feature: it is a cross-platform trojan. Therefore, this trojan is capable of working on multiple operating systems, including Windows, MacOS, and Linux.

   

Page 1630 of 2329

<< Start < Prev 1621 1622 1623 1624 1625 1626 1627 1628 1629 1630 Next > End >>
About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal