Virus and Spyware Removal Guides, uninstall instructions

What is "Flash Player Auto Update Daemon"?

"Flash Player Auto Update Daemon" is a fake system notification (pop-up window) encouraging Mac users to update their Flash Players. Typically, such notifications appear due to installed adware-type apps that are categorized as potentially unwanted applications (PUAs). These usually feed users with ads and collect browsing-related data.

What is securityP?

Originating from Paradise malware family, securityP is a high-risk ransomware discovered by Michael Gillespie.

This malware is designed to encrypt stored data and append filenames with the ".securityP" extension plus the victim's unique ID and developer's email address (e.g., "sample.jpg" might be renamed to a filename such as "sample.jpg_wblbXJ_{support@p-security.li}.securityP").

Compromised data immediately becomes unusable. After successful encryption, securityP places a text file ("Instructions with your files.txt") in each folder containing encrypted files and opens a pop-up window - this behavior is common to rogue software.

What is Baldr?

Baldr stealer (also known as Trojan:MSIL/Darbl.A) is a malicious program that steals data. Cyber criminals can purchase this tool from hacking forums to generate revenue by misusing recorded (stolen) information. Generally, they present this program as a tool that can be used for a number of purposes.

At time of research, it was promoted through CS:GO cheat videos as a program that supposedly allows users to cheat when playing this particular game. In this way, cyber criminals trick people into downloading and installing this rogue program.

What is Stun?

Stun is yet another variant of Dharma ransomware and was first discovered by Jakub Kroustek. As with its predecessor, Stun also encrypts most stored files and appends filenames with the ".stun" extension plus the victim's unique ID and developer's email address.

For example, "sample.jpg" might be renamed to a filename such as "sample.jpg.id-1E857D00.[unlockdata@foxmail.com].stun". Encrypted data immediately becomes unusable. Stun also opens a pop-up window and places a "FILES ENCRYPTED.txt" file on the desktop.

What is Unnam3d?

Most ransomware-type programs are designed to encrypt files, prevent victims from accessing them, and keep them in that state until a ransom is paid. Unnam3d differs, since it places files into RAR archives that cannot be extracted without entering a password. It also changes the wallpaper and displays a ransom message in a pop-up window.

What is Tronas?

Discovered by Michael Gillespie, Tronas is a part of the Djvu ransomware family. Developers (cyber criminals) distribute the program to extort money from people. Tronas encrypts files stored on computers and prevents victims from accessing them until a ransom is paid.

This malicious program creates a "_open_.txt" text file and renames encrypted files by adding the ".tronas" extension. For example, "sample.jpg" becomes "sample.jpg.tronas".

What is lythenheckwo.info?

lythenheckwo.info is yet another rogue website that shares similarities with time2notification.com, push-checking.com, luckypushh.com, and dozens of others. It redirect users to malicious websites and delivers dubious content.

Users typically visit lythenheckwo.info inadvertently - they are redirected by potentially unwanted applications (PUAs) or intrusive advertisements displayed on other rogue sites. Most PUAs infiltrate computers without permission and, in addition to causing redirects, deploy advertisements and gather sensitive information.

What kind of malware is Farfli?

Farfli is a Remote Access Trojan (RAT), a program that allows criminals to control an infected computer remotely. It is installed together with a 'keystroke logger', which records keys pressed on the keyboard.

Typically, people install this trojan-type program unintentionally, since they are tricked by cyber criminals. Note that having Farfli installed on your system can lead to serious problems.

What is Grovas?

Grovas belongs to the Djvu ransomware family and was discovered by Michael Gillespie. This is high-risk virus, a ransomware-type program that blocks access to data/files by encryption. Cyber criminals use these programs to blackmail victims: to receive a decryption tool, victims must pay a ransom.

Grovas adds the ".grovas" extension to all encrypted files (e.g., "1.jpg" becomes "1.jpg.grovas") and creates a text file called "_readme.txt", which can be found in all folders containing encrypted data.

What is Trosak?

Discovered by Michael Gillespie, Trosak is classified as a ransomware program from the Djvu ransomware family. It is designed to encrypt data (files stored on a computer) and prevent victims from accessing their files unless a ransom is paid.

Trosak adds the ".trosak" extension to every encrypted file. For example, "1.jpg" becomes "1.jpg.trosak". It also creates a ransom message in a text file called "_readme.txt".