Virus and Spyware Removal Guides, uninstall instructions

What is Spyhunter?

Spyhunter is the name of a legitimate anti-malware program, however, cyber criminals have recently started to exploit this name in their ransomware campaign. Developers (cyber criminals) use it to encrypt victims' data (by blocking access) unless a ransom is paid. Spyhunter ransomware adds the ".spyhunter" extension to each encrypted file.

For example, "1.jpg" becomes "1.jpg.spyhunter". It also creates the "$HOWDECRYPT$.txt" text file containing a ransom message. It is possible that Spyhunter is a version of GarrantyDecrypt (another ransomware infection). This version was discovered by Karsten Hahn.

What kind of malware is Raldug?

Raldug is another variant of high-risk ransomware called Djvu. As with its predecessor, Raldug encrypts stored data, thereby making it unusable. Additionally, Raldug appends filenames with the ".raldug" extension (e.g., "sample.jpg" is renamed to "sample.jpg.raldug"). Raldug also places the "_readme.txt" text file in each existing folder.

It is common for Djvu ransomware to be distributed alongside information stealers such a Vidar or RedLine. Cybercriminals often use information stealers to obtain sensitive information before encrypting files.

What is ytmp3[.]cc?

The ytmp3[.]cc website (called "YouTube to Mp3 Converter") operates as a media converter that allows users to convert YouTube videos to audio or video/mp3 or mp4 formats and then to download them.

The website uses various advertising networks that display ads leading to other untrustworthy sites. It does not specifically operate as malicious website, however, downloading videos from YouTube is illegal. Therefore, we advise that you do not use this website.

What is Zumanek?

Zumanek is high-risk malware categorized as a banking/Remote Access Trojan (RAT). This malware is distributed using social engineering. In this way, cyber criminals trick users into downloading and installing Zumanek without their consent. The presence of this infection might cause various privacy issues and significant financial loss.

What is Carcn?

Discovered by Jakub Kroustek, Carcn is a ransomware-type malicious program that belongs to the Dharma malware family. Developers spread this infection to prevent victims accessing their computer files unless a ransom is paid. Carcn is designed to encrypt data and make it unusable.

It also renames each encrypted file by adding the ".id-1E857D00.[carcinoma24@aol.com].carcn" extension, which contains the victim ID plus email address of the cyber criminals who developed Carcn.

For example, "1.jpg" might be renamed to a filename such as "1.jpg.id-1E857D00.[carcinoma24@aol.com].carcn". It also creates two ransom messages - one in a pop-up window and the other in the "FILES ENCRYPTED.txt" text file.

What is ketintontrat[.]info?

ketintontrat[.]info is one of many rogue websites on the internet. This site is similar to hundreds of other pages of this type such as maranhesduve[.]club, undrabbifor[.]info, and tontritrattof[.]info. When visited, it causes redirects to several untrustworthy websites or displays dubious content.

Most people do not visit ketintontrat[.]info intentionally - they are generally redirected to it by potentially unwanted apps (PUAs) that are installed on their browsers or computers. Furthermore, PUAs often gather information and display intrusive ads.

What is feed.ebooks-club.com?

feed.ebooks-club.com is another fake search engine. As with other sites of this type, it is presented as 'useful' - supposedly providing fast searches, accurate results, and so on.

These search engines are often promoted through potentially unwanted applications (PUAs), browser hijackers. In this case, the hijacker is an app called E-Books Club. This PUA collects data and changes browser settings.

What is George Carlin?

George Carlin is a ransomware-type virus that stealthily infiltrates the system and encrypts most stored data. This is a new variant of another ransomware infection called Razy, however, it has many differences.

It is rather unusual as compared to other infections of this type: George Carlin does not append any extension to encrypted files or deliver any ransom-demand message - it simply changes the desktop wallpaper.

What is Chthonic?

Chthonic is a Trojan-type program that is installed through emails sent from hijacked/stolen PayPal accounts. The program leads to a fake Google Chrome update file that is promoted on the hijacked website.

Visitors are informed that their Chrome browser is outdated and needs to be updated by clicking the "Update Chrome" button, which leads to download of a malicious file used to install the Chthonic banking trojan.

What is Conhost.exe?

Conhost.exe (Console Window Host) is the process of a program (cryptominer) that is designed to mine Monero cryptocurrency. Generally, cyber criminals trick people into downloading and installing this program to generate revenue.

In summary, the program uses computer resources to mine cryptocurrency when a user logs into the Windows Operating System. Note that the presence of this malware significantly diminishes computer performance.