Virus and Spyware Removal Guides, uninstall instructions

What is _Crypted?

_Crypted is yet another ransomware-type virus discovered by Michael Gillespie. _Crypted is regular ransomware and has no exceptional behavior.

As with most of these infections, _Crypted stealthily infiltrates the system, encrypts stored data, appends names of compromised files with an extension (in this case, "._Crypted" - for example, "sample.jpg" is renamed to "sample.jpg._Crypted"), and places a ransom-demand message (within the "_CRYPTED_README.html" file) in each folder that contains encrypted data.

What is "McAfee has Blocked your Windows"?

"McAfee has Blocked your Windows" (or "Webroot has Blocked your Windows") is a fake security alert that locks the screen and encourages people to contact scammers ("technical department") via the telephone number provided. This is simply a scam and should not be trusted.

What is Z3b1?

Discovered by MalwareHunterTeam, Z3b1 is a new variant of Jigsaw ransomware. Like most programs of this type, Z3b1 prevents users from accessing their data/files and demands a ransom payment to regain access. It renames each encrypted (locked) file by adding an extension which contains an email address, the name of the ransomware, and a personal victim ID.

For example, "1.jpg" might be renamed to a filename such as "1.jpg Contact onlineservices1@usa.com Hacked by Z3b1 your ID [MI0985547KE] .locked". Z3b1 displays the ransom message in a pop-up window.

What is Grovat?

Ransomware is software that encrypts data stored on a computer and demands payment for decryption. Grovat is a ransomware-type program discovered by Michael Gillespie and belonging to the Djvu family. Like most other programs of this type, it renames encrypted files by adding an additional extension (in this case, ".grovat").

For example, "sample.jpg" becomes "sample.jpg.grovat". It also creates a text file called "_readme.txt" containing a ransom message.

What is Roland?

Roland was discovered by Michael Gillespie and belongs to the Djvu ransomware family. Developers spread this infection to extort cryptocurrency from users with affected computers. Roland encrypts data and makes files unusable unless a ransom is paid. It adds the ".roland" extension to every encrypted file.

For example, "1.jpg" becomes "1.jpg.roland". A ransom message (within the "_readme.txt" text file) can be found in folders that contain encrypted files.

What is Recognizer?

Discovered by JAMESWT, Recognizer is an updated version of high-risk ransomware called Paradise. Just like its predecessor, Recognizer encrypts most stored files and adds the "._      _{file@p-security.li}.Recognizer" extension to the name of each encrypted file.

For instance, "sample.jpg" might be renamed to a filename such as "sample.jpg_      _{file@p-security.li}.Recognizer". It also opens a pop-up window and places a text file ("Instructions with your files.txt") on the desktop.

What is blpsearch.com?

According to the developers, the ConvertoPDF app allows users to quickly convert PDF files directly from their browsers. This may seem to be a useful feature, however, ConvertoPDF is a potentially unwanted application (PUA), a browser hijacker. Generally, people download and install apps of this type inadvertently without their knowledge.

This PUA modifies browser settings (promoting the blpsearch.com search engine) and gathers information relating to users' browsing activity.

What is vxCrypter?

Discovered by Lawrence Abrams, vxCrypter is software that is categorized as ransomware. Like most programs of this type, it prevents victims from accessing their data unless a ransom is paid. It adds the ".xLck" extension to each encrypted file. For example, "1.jpg" is renamed to "1.jpg.xLck" after encryption.

The ransomware deletes duplicate files, however, other files should not be deleted. This malicious program displays a ransom message in a pop-up window that appears once the computer is infected.

What is qsearch.com?

qsearch.com is an untrustworthy website that is promoted through potentially unwanted applications (PUAs). Therefore, most people visit this website due to PUAs installed on their browsers (or computers). These apps cause unwanted redirects, collect user-system information, and display intrusive ads. Generally, people do not download and install PUAs intentionally.

What is tontritrattof.info?

The tontritrattof.info website displays dubious content or opens other malicious websites. This rogue site is very similar to hajoopteg.com, lythenheckwo.info, time2notification.com, and many others. Most visitors are forced to open tontritrattof.info by potentially unwanted applications (PUAs) installed on their systems.

PUAs usually have three main purposes: to cause redirects, collect data, and serve users with ads.