Virus and Spyware Removal Guides, uninstall instructions

What is Dcrtr-Crypt?

Dcrtr-Crypt is categorized as ransomware-type program, a new version of Dcrtr ransomware. It encrypts all data stored on a computer and displays a ransom-demand messages in a pop-up window and the "HOW TO DECRYPT FILES.txt" text file. The pop-up window is opened through the "info.hta" file.

The .hta and "HOW TO DECRYPT FILES.txt" files can be found in every folder containing encrypted data. Dcrtr-Crypt renames encrypted files by adding the ".crypt" extension. For example, "1.jpg" becomes "1.jpg.crypt".

What is "Mac Speedup Pro"?

Developers promote Mac Speedup Pro (also known as MacSpeedup Pro or Mac~Speedup~Pro) as an app that enhances Mac computer performance by allowing users to scan for various issues. Generally, this app is offered as an optimization-oriented app, however, it is also categorized as a potentially unwanted application (PUA). 

Mac Speedup Pro is promoted using the "bundling" method, and thus many people install it inadvertently.

What is LoryEstside?

Discovered by Cyber Security, LoryEstside is a new variant of BitPaymer ransomware. Most ransomware-programs are designed to encrypt data and block access to it unless a ransom is paid. LoryEstside adds the ".locked!" extension to every encrypted file. For example, "1.jpg" becomes "1.jpg.locked!".

It also generates a text file (ransom message) for each encrypted file. The ".txt" extension must be manually added to the filenames to open the files.

For instance, LoryEstside creates a "1.jpg.readme_txt" text file for a file called "1.jpg". To open this file, it must be renamed to "1.jpg.readme_txt.txt", and so on. All of these text files contain an identical ransom demand message.

What is AUF?

Discovered by Jakub Kroustek, AUF is a ransomware-type program and a new variant of Dharma ransomware. Like most other computer infections of this type, AUF encrypts data and delivers a ransom message. In this case, it generates a "FILES ENCRYPTED.txt" file and opens a ransom demand pop-up window.

It also changes all filename extensions of encrypted files by adding ".AUF" plus a unique victim ID and the ransomware developer's email address. For example, "1.jpg" might become "1.jpg.id-1E857D00.[Decisivekey@tutanota.com].AUF".

What is PC-FunHACKED!?

PC-FunHACKED! is one of many ransomware-type programs online. This example is a new variant of Jigsaw ransomware and was discovered by Michael Gillespie. Like most programs of this type, it is designed to encrypt data and make ransom demands.

It displays a ransom message within a pop-up window, generates an "Address.txt" text file, which contains a Bitcoin wallet address, and a random "dr" file. In the version we tested, PC-FunHACKED! ransomware did not change the filename extension of encrypted files, however, in other cases, it has added the ".PC-FunHACKED!-Hello" extension tens of times.

For example, "1.jpg" might be renamed to "1.jpg.PC-FunHACKED!-Hello.PC-FunHACKED!-Hello.PC-FunHACKED!-Hello...", and so on.

What is "Install" Would Like To Control This Computer?

"Install" Would Like To Control This Computer is a deceptive pop-up window that asks Mac users to allow "Install" to control the Safari browser and computer using accessibility features. It asks for these permissions within two different pop-up windows.

Typically, these windows are displayed by adware - programs that deliver various advertisements. Some examples of other fake system pop-ups include "Bash wants to control System Events", "Osascript wants to control Safari", and "Terminal would like to control this computer".

What is Paradise .xyz?

Paradise .xyz is a new variant of Paradise and was discovered by MalwareHunterTeam. This computer infection is categorized as ransomware: it encrypts data and blocks the access to it unless the ransom is paid. Paradise .xyz renames each encrypted file by adding an extension, which contains a unique victim ID and an email address.

For example, "1.jpg" might be renamed to "1.jpg_Qe9Qu6Ev6u11D6vD_{admin@prt-decrypt.xyz}.xyz". Furthermore, Paradise .xyz creates an "Instructions with your files.txt" file and opens a pop-up window.

What is Rumba?

Rumba is a high-risk computer infection categorized as ransomware. It is a new variant of Djvu ransomware and was discovered by Michael Gillespie. Programs of this type are designed to encrypt data (rendering it unusable) and keep it in that state unless a ransom is paid.

To retrieve their files, users are encouraged to purchase a decryption tool. After encryption, all files are renamed by adding the ".rumba" extension. For example, "1.jpg" becomes "1.jpg.rumba". Instructions about how to decrypt files can be found in the "_openme.txt" text file (ransom message).

What is "Dear Browser User"?

"Dear Browser User" is categorized as a scam that is distributed through a deceptive website which cannot be trusted. In this case, scammers attempt to trick people into completing a survey by offering a chance to win access to HD movie streaming services.

Most people end up visiting this website due to potentially unwanted apps (PUAs) installed on their computers or web browsers. Therefore, PUAs force directs to these untrustworthy sites. Furthermore, PUAs often collect browsing-related information and deliver intrusive ads.

What is bohemuchnehe.club?

bohemuchnehe.club is categorized as a rogue website identical to haphetititletleres.club, firearrest.fun, ind1cate.com and many others of this type.

Users often visit bohemuchnehe.club inadvertently - they are redirected to the site by potentially unwanted applications (PUAs) that are installed without users' consent. PUAs cause redirects, deploy unwanted/intrusive ads, and collect browsing-related information.