Virus and Spyware Removal Guides, uninstall instructions

What is .gif?

First discovered by malware security researcher, Brad, .gif is a new ransomware virus belonging to GlobeImposter's malware "family". Criminals spread this malware using spam emails (false job applications with malicious attachments).

Immediately after infiltration, .gif encrypts most stored files, appending filenames with the ".gif" extension (e.g., "sample.jpg" is renamed to "sample.jpg.gif"). Once files are encrypted, using them becomes impossible. After successfully encrypting data, .gif places the "Read_ME.txt" text file in every existing folder. This file contains a ransom-demand message.

What kind of scam is "Do Not Ignore This Windows Alert"?

"Do Not Ignore This Windows Alert" is a fake pop-up error displayed by a malicious website. Users often visit this website inadvertently - they are redirected by rogue adware-type applications that infiltrate usually infiltrate systems without consent (bundling method).

As well as causing unwanted redirects, these potentially unwanted programs (PUPs) collect various data types and deliver intrusive online advertisements.

What is BlackRuby?

BlackRuby is a ransomware-type virus first discovered by MalwareHunterTeam. Immediately after infiltration, BlackRuby encrypts most stored files and renames them using the "ENCRYPTED_[random_characters_and_digits].BlackRuby" pattern.

For instance, "1.jpg" might be renamed to a filename such as "Encrypted_zIX2dFXFt9qNfifBu1mqkNVYTX79ZS48TWWU5BRm3Q.BlackRuby".

Henceforth, files become unusable and indistinguishable. Following successful encryption, BlackRuby creates a text file ("how-to-decrypt-files.txt"), placing a copy in every existing folder.

What is trafficsel.com?

trafficsel.com is a rogue site identical to redirecting.zone, nametraff.com, goldoffer.online, and many others. This site promotes other dubious websites - it simply redirects users without their consent.

Research shows that, in most cases, users visit trafficsel.com inadvertently - they are redirected by potentially unwanted programs (PUPs) that infiltrate systems without permission. As well as causing unwanted redirects, PUPs deliver intrusive advertisements, gather sensitive data, and sometimes misuse system resources to run unwanted processes.

What is search.searchcfpdf.com?

Identical to Login Email Faster, Track Packages, Watch TV Instantly, and many others, Convert Free PDFs is a rogue application that supposedly enables conversion of various documents to and from PDF format. 

Judging on appearance alone, Convert Free PDFs may seem legitimate and useful, however, this PUP (potentially unwanted program) often infiltrates systems without permission and continually records sensitive information.

In addition, Convert Free PDFs is categorized as a browser hijacker - a form of deceptive software that modifies Internet browser options without direct user permission.

What is Creeper?

Creeper is a ransomware-type virus first discovered by malware security researcher, Michael Gillespie. Once infiltrated, Creeper encrypts stored files and adds the ".creeper" extension to the name of each affected file. For example, "sample.jpg" is renamed to "sample.jpg.creeper".

Following successful infiltration, Creeper places a text file ("DECRIPT_MY_FILES.txt") on the desktop. This file contains a ransom-demand message.

What is search.hfreeformsnow.com?

Developers present Free Forms Now as a legitimate application that supposedly provides various printable document forms. Initially, these functions may appear legitimate and useful, however, Free Forms Now is categorized as a potentially unwanted program (PUP) and a browser hijacker.

There are three main reasons for these negative associations: 1) installation without users' consent; 2) promotion of a fake search engine (search.hfreeformsnow.com), and; 3) monitoring of web browsing activity.

What is HrHr?

HrHr is a newly-discovered ransomware-type virus that, once infiltrated, encrypts stored files. During encryption, HrHr adds the ".leenapidx@snakebite.com.hrhr" extension to the name of each encrypted file.

For example, "sample.jpg" is renamed to "sample.jpg.leenapidx@snakebite.com.hrhr". Following successful encryption, HrHr creates a text file ("help.txt"), placing it on the desktop.

What is inspiratiooo.com?

According to the developers, inspiratiooo.com is a legitimate Internet search engine that generates improved results and, therefore, enhances the web browsing experience.

Judging on appearance alone, inspiratiooo.com may seem legitimate and useful, however, developers promote this site using a browser-hijacking app called Inspiratiooo. Together, inspiratiooo.com and Inspiratiooo gather various data relating to browsing activity.

What is GANDCRAB?

GANDCRAB is another ransomware-type virus distributed using RigEK toolkit. Once infiltrated, encrypts most stored data and adds the ".GDCB" extension to the name of each compromised file. From this point, files become unusable. Immediately after encryption, GANDCRAB generates a "GDCB-DECRYPT.txt" file and places a copy in every existing folder.

GANDCRAB's developers have released a number of different GANDCRAB's versions. The list includes: GANDCRAB V2.0, GANDCRAB 3, GANDCRAB V5.0, GANDCRAB 5.0.2, GANDCRAB V5.0.3, GANDCRAB 5.0.4, GANDCRAB 5.0.5, GANDCRAB 5.0.7, GANDCRAB 5.0.8, GANDCRAB 5.0.9, GANDCRAB 5.1.0, GANDCRAB 5.1.4, GANDCRAB 5.1.5, GANDCRAB V5.1.6.

All of these viruses behave exactly the same - encrypt data and make ransom demands. The main differences are: added file extension, ransom text, website's design, price and cryptocurrency wallet.