Virus and Spyware Removal Guides, uninstall instructions

What is "American Express" email virus?

"American Express Email Virus" is one of many spam campaigns used by scammers to proliferate computer infections. Scammers use this (and other similar) email scams to trick people into opening presented attachments (HTML files). Opening this particular attachment will result in users having various personal details stolen.

What is KingMiner?

KingMiner is a malicious program (malware) that uses XMRig, a legitimate cryptocurrency program to mine Monero cryptocurrency. A running process called "powered.exe" can be found in Task Manager - this virus infiltrates systems and mines cryptocurrency without users' consent.

What is Bkpx?

Bkpx is is a ransomware-type virus that belongs to the Dharma family and was discovered by Jakub Kroustek. The main purpose of Bkpx is to encrypt data stored on an infected system and keep it locked until a decryption tool is purchased and ransom is paid.

The virus renames all encrypted files by adding the ".bkpx" extension plus an ID number and email address. For example, "sample.jpg" becomes "sample.jpg.id-1E857D00.[Admin@decryption.biz].bkpx", and so on. Bkpx also generates a ransom note presented in the "FILES ENCRYPTED.txt" file and opens a pop-up window.

What is "Terminal would like to control this computer"?

"Terminal would like to control this computer" is a fake pop-up window/message that asks Mac users permission for "Terminal" to control the computer using accessibility features. Many users encounter this pop-up on their Macs, however, it is merely a scam and should be ignored. Access should be denied.

What is "IRS Email Virus"?

Scammers (cyber criminals) use the "IRS Email Virus" spam email campaign to spread Emotet, a high-risk computer infection. This is malicious software used to record personal data and even distribute other infections.

Spam campaigns such as "IRS Email Virus" usually contain an infected attachment that, once opened, installs a virus (in this case, Emotet). This particular email is presented as an email from the IRS (Internal Revenue Service).

What is Dablio?

Dablio is a ransomware-type computer virus discovered by Karsten Hahn. Its purpose is to encrypt files (rendering them unusable) and make ransom demands for their release. Each encrypted file is renamed by adding "(encrypted)" to the filename. For example, "1.jpg" becomes "(encrypted) 1.jpg", and so on.

When a system is infected with this virus, a ransom-demand pop-up window is displayed. This ransomware was developed using the Python programming language.

What is search.hogwarin.com?

search.hogwarin.com is one of many fake search engines that supposedly provide more accurate results and an improved overall browsing experience.

Judging on appearance, this may seem to be a legitimate search engine, similar to Google, Yahoo, and other well-known sites, however, search.hogwarin.com is promoted through rogue download/installation set-ups that modify affected browser settings and record/track information relating to browsing habits.

What is FilesLocker v2.0?

FilesLocker v2.0 (also known as FilesLocker RANSOMWARE v2.0) is a computer infection designed to render data unusable by encryption. Discovered by MalwareHunterTeam, this ransomware-type virus is a new (updated) version of FilesLocker. Once files are encrypted, they are renamed by adding the ".[fileslocker@pm.me]" extension.

For example, "sample.jpg" is renamed to "sample.jpg.[fileslocker@pm.me]", and so on. FilesLocker v2.0 also changes the desktop wallpaper and places two ransom-demand messages (text files called "#DECRYPT MY FILES#.txt" and "#解密我的文件#.txt") on the desktop itself. It also displays a ransom-demand pop-up window.

What is GandCrab 5.0.9?

Discovered by Marcelo Rivero, GandCrab 5.0.9 is a variant of a high-risk ransomware-type infection called GandCrab. Like most viruses of this type, it is designed to encrypt data, rendering affected files unusable. It renames each encrypted file by appending the victim's ID to the file extension (e.g. ".wwzaf").

For example, it renames "1.jpg" to "1.jpg.wwzaf", and so on. GandCrab 5.0.9 also generates a ransom note within a text file named "WWZAF-DECRYPT.txt". As with the appended extension, this filename is associated with the victim's ID. GandCrab 5.0.9 places the text file in each folder containing encrypted files and changes the desktop wallpaper.

What is "Correspondence Email Virus"?

"Correspondence Email Virus" is a spam email campaign that cyber criminals (scammers) use to distribute a high-risk virus called LokiBot (a computer infection that steals data). In this case, scammers proliferate the virus by sending a banking-related email message that contains a malicious attachment.

The main purpose of this spam campaign is to trick people into opening the attachment and infecting computers with the aforementioned virus.