Virus and Spyware Removal Guides, uninstall instructions

LOVE Ransomware

What is LOVE?

Discovered by Jakub Kroustek and Belonging to the Dharma malware family, LOVE is a malicious program that cyber criminals (developers) use to block access to data. This ransomware-type program is used to encrypt files and prevent access to them unless a ransom is paid.

 This ransomware renames encrypted files by adding an extension which contains the victim's ID, an email address for contacting cyber criminals, and the name of the ransomware.

For example, "1.jpg" might be renamed to a filename such as "1.jpg.id-1E857D00.[seeyoubro@tutanota.com].LOVE". It also creates a short ransom message with the "FILES ENCRYPTED.txt" text file and displays an extended version of this in a pop-up window.

   
Guvara Ransomware

What is Guvara?

Discovered by Michael Gillespie, Guvara is a malicious program that belongs to the Djvu ransomware family. As with most ransomware, Guvara encrypts data and keeps it that state until a ransom is paid. Guvara renames each encrypted file by adding the ".guvara" extension.

For example, "1.jpg" becomes "1.jpg.guvara". It also stores a text file ("_readme.txt") containing a ransom message in every folder that contains encrypted files.

   
French101 Ransomware

What is French101?

Discovered by security researcher Petrovic, French101 is malicious software categorized as ransomware. Developers use it to block access to users' files by encryption. To regain access to their data, victims are encouraged to pay a ransom. Like most ransomware-type programs, it renames encrypted files by adding its own extension.

In this case, it changes the name of the file to a random string and adds the ".french101" extension. For example, "1.jpg" might be renamed to a filename such as "bvMqp5yz0AL98A.french101". French101 also creates a ransom message within the "HOW TO RECOVER ENCRYPTED FILES.TXT" text file.

   
Spi Virus (Mac)

What is Spi?

Spi is an adware-type app that injects various advertisements into legitimate websites such as Google. In summary, it serves unsuspecting users with advertisements when they search. When installed, Spi also displays a number of pop-up windows asking people to provide a Mac user-account username and password.

   
Searchmedia.online Redirect

What is searchmedia.online?

searchmedia.online is a fake search engine that is promoted useful and capable of providing fast searches, accurate results, and so on.

In fact, this site is promoted using a browser hijacker, a potentially unwanted application (PUA) called Movie Browsing. This app promotes a number of other URLS including movies.searchmedia.online and music.searchmedia.online. Note that PUAs usually gather browsing-related data and change browser settings.

   
ATAWARE Ransomware

What is ATAWARE?

Discovered by Securityinbits, ATAWARE is a high-risk virus, a ransomware-type program designed to encrypt files stored on victims' computers and keep them unusable until a ransom is paid. The program adds the ".ATANUR" extension to each encrypted file.

For example, "1.jpg" becomes "1.jpg.ATANUR". Once a computer is infected and files are encrypted, ATAWARE displays a ransom message in a pop-up window. It also creates the "Decryptor.exe" file and places it on the Desktop.

   
bitcoin666 Ransomware

What is bitcoin666?

Discovered by MalwareHunterTeam, bitcoin666 is one of many ransomware-type programs on the internet. Cyber criminals use bitcoin666 to prevent victims from accessing their files (by making the data unusable). To recover their files, victims are encouraged to pay the developers a ransom.

This malicious program renames each encrypted file by adding the ".bitcoin666@cock.li.word" extension. For example, "1.jpg" becomes "1.jpg.bitcoin666@cock.li.word". A ransom message in a text file called "Recover Files.TXT" can be found in each folder that contains encrypted files. Furthermore, bitcoin666 changes the desktop wallpaper.

   
NamPoHyu Ransomware

What is NamPoHyu?

NamPoHyu is a new version of MegaLocker ransomware, which developers (cyber criminals) use to encrypt data stored on Samba servers. After successful infiltration, this ransomware uses 'brute-force attacks' to guess the passwords of Samba servers that are being connected to on the infected computer.

If these servers are hacked, NamPoHyu encrypts files stored on them and makes them unusable unless a ransom is paid. NamPoHyu adds the ".NamPoHyu" extension to each encrypted file.

For example, "1.jpg" becomes "1.jpg.NamPoHyu". It also creates a ransom message within a text file called "! DECRYPT_INSTRUCTION.TXT". Victims can find this file in folders that contain encrypted data.

   
MegaLocker Ransomware

What is MegaLocker?

MegaLocker ransomware is designed to prevent victims from accessing files/data by encryption. In most cases, programs of this type encrypt files stored on the computer, however, following infiltration, MegaLocker searches for connections to Samba servers and attempts to guess passwords used to connect to them. I.e., it initiates a 'brute-force attack'.

After a successful attack, it encrypts files stored on the hacked servers. To decrypt locked data stored on Samba servers, victims are urged to pay a ransom to the cyber criminals. A ransom message can be found in a text file called "! DECRYPT_INSTRUCTION.TXT".

MegaLocker places this file in each folder that contains encrypted data. It also adds the ".crypted" extension to each encrypted file. For example, "1.jpg" becomes "1.jpg.crypted".

   
Langolier Ransomware

What is Langolier?

Langolier was discovered by Emmanuel_ADC-Soft. This malicious program belongs to the Scarab ransomware family. Like most programs of this type, it is used by cyber criminals to encrypt data stored on the victim's computer and to keep it unusable until a ransom is paid.

Langolier renames encrypted files and creates a ransom message in the "HOW TO RECOVER ENCRYPTED FILES.TXT" text file. The program renames encrypted files by adding the ".langolier" extension. For example, "1.jpg" becomes "1.jpg.langolier".

   

Page 1640 of 2329

<< Start < Prev 1631 1632 1633 1634 1635 1636 1637 1638 1639 1640 Next > End >>
About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal