Virus and Spyware Removal Guides, uninstall instructions
What is LOVE?
Discovered by Jakub Kroustek and Belonging to the Dharma malware family, LOVE is a malicious program that cyber criminals (developers) use to block access to data. This ransomware-type program is used to encrypt files and prevent access to them unless a ransom is paid.
This ransomware renames encrypted files by adding an extension which contains the victim's ID, an email address for contacting cyber criminals, and the name of the ransomware.
For example, "1.jpg" might be renamed to a filename such as "1.jpg.id-1E857D00.[seeyoubro@tutanota.com].LOVE". It also creates a short ransom message with the "FILES ENCRYPTED.txt" text file and displays an extended version of this in a pop-up window.
What is Guvara?
Discovered by Michael Gillespie, Guvara is a malicious program that belongs to the Djvu ransomware family. As with most ransomware, Guvara encrypts data and keeps it that state until a ransom is paid. Guvara renames each encrypted file by adding the ".guvara" extension.
For example, "1.jpg" becomes "1.jpg.guvara". It also stores a text file ("_readme.txt") containing a ransom message in every folder that contains encrypted files.
What is French101?
Discovered by security researcher Petrovic, French101 is malicious software categorized as ransomware. Developers use it to block access to users' files by encryption. To regain access to their data, victims are encouraged to pay a ransom. Like most ransomware-type programs, it renames encrypted files by adding its own extension.
In this case, it changes the name of the file to a random string and adds the ".french101" extension. For example, "1.jpg" might be renamed to a filename such as "bvMqp5yz0AL98A.french101". French101 also creates a ransom message within the "HOW TO RECOVER ENCRYPTED FILES.TXT" text file.
What is Spi?
Spi is an adware-type app that injects various advertisements into legitimate websites such as Google. In summary, it serves unsuspecting users with advertisements when they search. When installed, Spi also displays a number of pop-up windows asking people to provide a Mac user-account username and password.
What is searchmedia.online?
searchmedia.online is a fake search engine that is promoted useful and capable of providing fast searches, accurate results, and so on.
In fact, this site is promoted using a browser hijacker, a potentially unwanted application (PUA) called Movie Browsing. This app promotes a number of other URLS including movies.searchmedia.online and music.searchmedia.online. Note that PUAs usually gather browsing-related data and change browser settings.
What is ATAWARE?
Discovered by Securityinbits, ATAWARE is a high-risk virus, a ransomware-type program designed to encrypt files stored on victims' computers and keep them unusable until a ransom is paid. The program adds the ".ATANUR" extension to each encrypted file.
For example, "1.jpg" becomes "1.jpg.ATANUR". Once a computer is infected and files are encrypted, ATAWARE displays a ransom message in a pop-up window. It also creates the "Decryptor.exe" file and places it on the Desktop.
What is bitcoin666?
Discovered by MalwareHunterTeam, bitcoin666 is one of many ransomware-type programs on the internet. Cyber criminals use bitcoin666 to prevent victims from accessing their files (by making the data unusable). To recover their files, victims are encouraged to pay the developers a ransom.
This malicious program renames each encrypted file by adding the ".bitcoin666@cock.li.word" extension. For example, "1.jpg" becomes "1.jpg.bitcoin666@cock.li.word". A ransom message in a text file called "Recover Files.TXT" can be found in each folder that contains encrypted files. Furthermore, bitcoin666 changes the desktop wallpaper.
What is NamPoHyu?
NamPoHyu is a new version of MegaLocker ransomware, which developers (cyber criminals) use to encrypt data stored on Samba servers. After successful infiltration, this ransomware uses 'brute-force attacks' to guess the passwords of Samba servers that are being connected to on the infected computer.
If these servers are hacked, NamPoHyu encrypts files stored on them and makes them unusable unless a ransom is paid. NamPoHyu adds the ".NamPoHyu" extension to each encrypted file.
For example, "1.jpg" becomes "1.jpg.NamPoHyu". It also creates a ransom message within a text file called "! DECRYPT_INSTRUCTION.TXT". Victims can find this file in folders that contain encrypted data.
What is MegaLocker?
MegaLocker ransomware is designed to prevent victims from accessing files/data by encryption. In most cases, programs of this type encrypt files stored on the computer, however, following infiltration, MegaLocker searches for connections to Samba servers and attempts to guess passwords used to connect to them. I.e., it initiates a 'brute-force attack'.
After a successful attack, it encrypts files stored on the hacked servers. To decrypt locked data stored on Samba servers, victims are urged to pay a ransom to the cyber criminals. A ransom message can be found in a text file called "! DECRYPT_INSTRUCTION.TXT".
MegaLocker places this file in each folder that contains encrypted data. It also adds the ".crypted" extension to each encrypted file. For example, "1.jpg" becomes "1.jpg.crypted".
What is Langolier?
Langolier was discovered by Emmanuel_ADC-Soft. This malicious program belongs to the Scarab ransomware family. Like most programs of this type, it is used by cyber criminals to encrypt data stored on the victim's computer and to keep it unusable until a ransom is paid.
Langolier renames encrypted files and creates a ransom message in the "HOW TO RECOVER ENCRYPTED FILES.TXT" text file. The program renames encrypted files by adding the ".langolier" extension. For example, "1.jpg" becomes "1.jpg.langolier".
More Articles...
Page 1640 of 2329
<< Start < Prev 1631 1632 1633 1634 1635 1636 1637 1638 1639 1640 Next > End >>