Virus and Spyware Removal Guides, uninstall instructions

What is CMG?

CMG is a malicious program that is categorized as ransomware. Developers (cyber criminals) use it to blackmail people by encrypting data and making ransom demands. Once data is encrypted, it cannot be accessed or used.

Note that CMG is a computer infection that belongs to the GlobeImposter ransomware family and was discovered by Michael Gillespie. It adds the ".{CALLMEGOAT@PROTONMAIL.COM}CMG" extension to every encrypted file. For example, "1.jpg" becomes "1.jpg.{CALLMEGOAT@PROTONMAIL.COM}CMG".

It also generates a ransom message within the "decrypt_files.html" HTML file, which can be found in all folders containing encrypted files.

What is L1LL?

L1LL is another ransomware-type virus discovered by Michael Gillespie. After successfully infiltrating the system, L1LL encrypts most stored data and appends filenames with the ".L1LL" extension (e.g., "sample.jpg" is renamed to "sample.jpg.L1LL"). Encrypted data immediately becomes unusable.

Following successful encryption, L1LL generates a text file ("help.txt") and places a copy in every existing folder.

What is Prus?

First discovered by malware security researcher, Michael Gillespie, Prus is a ransomware-type virus that belongs to the Rotor malware family. After successful infiltration, Prus encrypts stored data using the AES-128 and RSA-2048 encryption algorithms. In addition, it appends each filename with the developer's email address and ".prus" extension.

For example, "sample.jpg" becomes "sample.jpg!!!!       prusa@rape.lol    !!!.prus". Encrypted data immediately becomes unusable. Following successful encryption, Prus places a text file ("informprus.txt") in every folder containing encrypted files.

What is searchpage.com?

Developers claim that the Kittens new tab app allows users to search and access their bookmarks and applications using a customized homepage/search engine. Using this app, is possible to change the background image by choosing from over 30 HD pictures.

 Kittens is presented as a useful application with various features, however, it is classified as a browser hijacker, a potentially unwanted application (PUA).

Most people download and install apps of this type unintentionally. Furthermore, Kittens new tab promotes a dubious (fake) search engine, searchpage.com. It also changes browser settings and collects information relating to users' browsing habits.

What is bRcrypT?

This high-risk computer infection was discovered by Michael Gillespie. bRcrypT is one of many ransomware-type programs used to encrypt data and make ransom demands. This particular ransomware creates a ransom message within a text file called "FILES ENCRYPTED.txt" (found in each folder containing encrypted files).

Like most programs of this type, bRcrypT renames all encrypted files by adding the ".bRcrypT" extension. For example, "1.jpg" becomes "1.jpg.bRcrypT".

What is ciantel.com?

Similar to initdex.com, defendsearch.com, and many others, ciantel.com is a fake search engine that, according to the developers, enhances the browsing experience by generating improved results and providing quick access to various popular websites.

On initial inspection, ciantel.com may seem legitimate and useful, however, developers promote this site using rogue download/installation set-ups designed to modify browser options without consent. In addition, ciantel.com continually records information relating to browsing activity.

What is "Electronic materials involving underage children"?

"Electronic materials involving underage children" is presented as an email from the Central Intelligence Agency (CIA) regarding an international paedophile case. The main purpose of this email is to trick recipients into believing that they are one of the suspects and that some of their personal information is also at risk.

To avoid problems, recipients of this email are urged to pay a specific amount in a cryptocurrency. This is a common scam used to make threats and extort money from innocent people. Do not trust this or other similar emails.

What is H-WORM?

H-WORM is a remote access tool (RAT) developed using VBScript. Research shows that this trojan was developed by a criminal who goes by the name of 'Houdini'. H-WORM is mainly distributed using spam email campaigns and has a USB distribution function implemented, however, at time of research, this function was not working correctly.

What is Azero?

First discovered by malware security researcher, Jakub Kroustek, Azero is yet another ransomware infection that belongs to the Dharma malware family. As with other variants of Dharma, Azero encrypts stored files and appends filenames with the ".azero" extension plus the cyber criminal's email address and victim's unique ID.

For instance, "sample.jpg" might be renamed to a filename such as "sample.jpg.id-1E857D00.[cryptor55@cock.li].azero". This malware is also designed to open a pop-up window and store a text file ("FILES ENCRYPTED.txt") on the desktop.

What kind of malware is ETH?

First discovered by malware security researcher, Jakub Kroustek, ETH is a new variant of a high-risk ransomware infection called Dharma. After successful infiltration, ETH encrypts most stored files and appends filenames with the ".ETH" extension plus the developer's email address and victim's ID.

For example, "sample.jpg" might be renamed to "sample.jpg.id-1E857D00.[helpfilerestore@india.com].ETH". Once data is encrypted, ETH generates a text file ("FILES ENCRYPTED.txt"), which is placed on the desktop, and opens a pop-up window. Updated variants of this ransomware use ".[datasafe@cock.li].ETH" extension for encrypted files.