Virus and Spyware Removal Guides, uninstall instructions

What is UnblockAndRecover?

Malware security researcher, Jack, was the first to discover UnlockAndRecover, a ransomware-type computer infection that cyber criminals use to blackmail victims. There are many viruses of this type that lock (encrypt) files and keep them in that state until the ransom is paid.

Note, however, that UnlockAndRecover deletes files rather than encrypting them. Once a computer is infected, the virus generates a "Warning.txt" text file.

What is Djvu ransomware?

Djvu is a high-risk virus that belongs to STOP malware family. It was firstly discovered by Michael Gillespie. It is categorized as ransomware and designed to lock (encrypt) files using a cryptography algorithm.

Djvu renames each encrypted file by adding the ".djvu" or ".djvu*" extension (updated variants of this ransomware use ".djvuu", ".udjvu", ".djvuq", ".uudjvu", ".djvus", ".djuvt", ".djvur", and ".DJVUT" extensions for encrypted files). For example, "1.jpg" becomes "1.jpg.djvu" or "1.jpg.djvu*". All Djvu victims are provided with a ransom-demand message in a "_openme.txt" text file.

What is "A2 Trading Corp Email Virus"?

"A2 Trading Corp Email Virus" is a scam (spam email campaign) used by cyber criminals who attempt to trick recipients of the email to download and open an executable file. This then installs LokiBot, trojan-type malware that steals various personal/private data.

We strongly recommend that you ignore the "A2 Trading Corp Email Virus" email and avoid downloading or opening the presented malicious attachment.

What is "XMRig"?

XMRig is a legitimate open-source application that allows utilization of system CPU resources to mine cryptocurrency. Cyber criminals often misuse these tools to generate revenue in malicious ways. Here, we look at malware that combines a backdoor-tool called EmPyre with XMRig and allows cyber criminals to exploit infected systems to mine cryptocurrency.

What is bing.com?

bing.com is a well-known, legitimate search engine owned by Microsoft and is not associated with any viruses, malware, and so on.

Despite this, many browser hijackers, potentially unwanted applications (PUAs), promote bing.com to give the impression of legitimacy. Typically, users install apps of this type unintentionally. Once installed, they modify browser settings, deliver ads, and collect data relating to users' browsing activity.

What is severeweathercheck.com?

severeweathercheck.com is one of many fake search engines available and is promoted using the Severe Weather Check application. According to the developers, this site can track weather changes in a specific area when users enter a city or ZIP code.

This may seem to be a legitimate and useful app, however, it is classified as a browser hijacker and a potentially unwanted app (PUA). Users often install these apps unintentionally. Furthermore, once installed, Severe Weather Check collects browsing-related data and changes browser settings.

What is .SYS?

Discovered by Michael Gillespie, .SYS is another ransomware-type infection. As with most of these infections, it is designed to block access to files by encryption and keep them locked until ransom demands are met. Once the computer is infected and files are encrypted, .SYS replaces extensions with a 16-character hexadecimal string filename.

For example, "1E857D004DFB70F474DFF1B265DAB864.SYS". All encrypted files receive a different string. Note that .SYS places a ransom-demand text file ("_HELP_INSTRUCTION.TXT") in each folder containing encrypted files.

What is Mercury?

Discovered by Michael Gillespie, Mercury is malicious software (ransomware) that encrypts data and prevents victims from accessing it. Once encryption is finished, all infected files are renamed by adding the ".Mercury" extension. For example, a file with the filename "1.jpg" becomes "1.jpg.Mercury".

Mercury also generates the "!!!READ_ME!!!.txt" text file containing a ransom-demand message. This file is placed in each folder containing encrypted data.

What is Kali?

Kali ransomware is malicious software that cyber criminals (the developers of the software) use to block access to data on an infected computer by encryption. Once encrypted, files become unusable. Kali renames every affected file by changing the extension and adding ".kali".

For example, "sample.jpg" becomes "sample.jpg.kali". Kali's victims are provided with a ransom message within a text file called "HOW TO DECRYPT FILES.txt", which can be found in each folder that contains encrypted data.

What is Forma?

Discovered by GrujaRS, Forma is a high-risk computer infection that is classified as ransomware. Forma's developers use it to affect computers by encrypting data, thus making files unusable. Files are encrypted using SHA-2 (SHA-256) cryptography and victims cannot use their files unless a ransom is paid.

Every encrypted file is renamed by addition of the ".locked" extension. For example, "1.jpg" is renamed to "1.jpg.locked". This ransomware also opens a full-screen pop-up window, changes the desktop wallpaper, and generates a text file (containing a ransom message).