Virus and Spyware Removal Guides, uninstall instructions

What is CottleAkela?

Discovered by Michael Gillespie, CottleAkela is one of many ransomware-type computer infections present on the internet. It blocks access to data (encrypts files stored on the system) and generates a "README-NOW.txt" ransom message. Each encrypted file is renamed by adding the ".locked" extension.

For example, "1.jpg" becomes "1.jpg.locked". The ransomware process can be found running in Task Manager (at time of research, under the name "System").

What kind of malware is ITLOCK?

ITLOCK ransomware was discovered by Cyber Security. This is a malicious program, a new version of Matrix ransomware that is designed by cyber criminals to encrypt computer data and blackmail victims by demanding ransom payments. During the encryption process, ITLOCK opens two Command Prompt windows.

Once data is encrypted, each affected file is renamed by changing the filename: an email address, two random strings and the extension are merged to form an extension with the following format: ".ITLOCK" ("[rescompany19@qq.com].[random_string]-[random_string].ITLOCK").

Renamed files might appear something like this: "[rescompany19@qq.com].8SLV8GMp-hjqo9v3s.ITLOCK". ITLOCK also creates a ransom message in the "!README_ITLOCK!.rtf" file.

What is news-io.com?

news-io.com is a rogue site designed to cause redirects and deliver dubious content. It is virtually identical to newsforyou.pro, nandreskethep.club, ind1cate.com, and many other sites of this kind. Most visitors arrive at news-io.com inadvertently - they are redirected by potentially unwanted applications (PUAs) or intrusive advertisements displayed on other rogue sites.

PUAs usually infiltrate computers without users’ permission and, as well as causing redirects, deliver intrusive advertisements and record user-system information relating to browsing activity.

What is search.byomlapp.com?

There are countless fake search engines similar to search.byomlapp.com. Generally, developers describe them as 'legitimate' search engines that provide improved, more accurate results, faster searches, and so on. In fact, they are promoted using rogue downloaders/installers that usually modify browser settings.

Furthermore, search.byomlapp.com records browsing-related data. As mentioned, there are many fake search engines, all of which are virtually identical. Examples include search.kimosachi.com, search.getvideomonkey.com, and search.maps2go.net.

What is KraKraGames?

According to the developers, the KraKraGames application provides access to a number of online games. For some, this may seem to be a useful app, however, it is classified as potentially unwanted application (PUA) - specifically, an adware-type app. Most people unintentionally install KraKraGames, which then goes on to serve users with advertisements and record data.

What is Cyspt?

Cyspt is a ransomware-type virus discovered by MalwareHunterTeam. Research shows that this ransomware is likely to be a new variant of another virus called AresCrypt. Following successful infiltration, Cyspt encrypts most stored files and appends filenames with the ".OOFNIK" extension.

For instance, "sample.jpg" is renamed to "sample.jpg", and so on. Immediately after encryption, Cyspt opens a pop-op window containing a ransom-demand message.

What is DOC to PDF?

The DOC to PDF application is promoted as the ultimate document converter and capable of converting .doc, .xls, .ppt, .pdf, jpg, and various other files in one click.

Although this may seem to be a legitimate converter, it is also categorized as a potentially unwanted application (PUA), which people often install inadvertently - they are tricked into doing so. To achieve this, developers use a deceptive method called "bundling".

What is Video Monkey?

The Video Monkey application was developed by the same company that developed another app called Maps2Go. The developers claim that this app allows users to convert videos ("any video") to .mp4, .mov, .avi, and other formats.

This app is classified as a potentially unwanted application (PUA), since (like many other apps of this type) it is promoted using the "bundling" method, which allows developers to trick people into installing PUAs unintentionally.

What is Gorgon?

Gorgon ransomware was discovered by Jakub Kroustek. Its developers (cyber criminals) use it to encrypt data and blackmail victims by encouraging them to buy a decryption tool. Like most ransomware-type programs, it renames each encrypted file by adding a new extension, in this case ".[buy-decryptor@pm.me]".

For example, "1.jpg" becomes ".1jpg.[buy-decryptor@pm.me]". It also changes the desktop wallpaper, displays a pop-up window with text available in English, Korean, or Chinese, and places three HTML files on the desktop (English - "#DECRYPT MY FILES#.HTML", Chinese - "#解密我的文件#.HTML", Korean - "#내 파일 복구하기#.HTML").

Updated variants of this ransomware use ".[china-decryptor@pm.me]" extension for encrypted files.

What is newsforyou.pro?

newsforyou.pro is a rogue site identical to nsandreskethep.club, butfirecrangu.club, notify-service.com, and dozens of other deceptive websites. newsforyou.pro causes redirects to other rogue sites and also displays dubious content.

Visitors typically arrive at newsforyou.pro inadvertently - they are redirected by potentially unwanted applications (PUAs) or intrusive ads displayed on other rogue sites. PUAs typically infiltrate computers without users’ permission, deliver intrusive advertisements, and record user-system information relating to browsing activity.