Virus and Spyware Removal Guides, uninstall instructions

What is Evil Locker?

Evil Locker is a ransomware-type virus discovered by malware security researcher, Jakub Kroustek. After stealthily infiltrating the system, Evil Locker encrypts most stored files and appends filenames with the ".[evil@cock.lu].EVIL" extension. For example, "sample.jpg" is renamed to "sample.jpg.[evil@cock.lu].EVIL".

Once compromised, data immediately becomes unusable. Following successful encryption, Evil Locker generates a text file ("!_HOW_RECOVERY_FILES_!.txt") and places a copy in all existing folders.

What is search.medianewpagesearch.com?

Identical to futuremediatabsearch.com, powermediatabsearch.com, and many others, search.medianewpagesearch.com is a fake Internet search engine that, according to the developers, enhances the browsing experience by generating improved results and providing quick access to popular sites (Facebook, YouTube, Netflix, etc.).

Initially, this site may appear legitimate and useful, however, developers promote search.medianewpagesearch.com using a browser-hijacking application called MediaNewPage. Furthermore, search.medianewpagesearch.com and MediaNewPage continually record information relating to web browsing activity.

What is Rotor?

Rotor or RotorCrypt (Trojan-Ransom.Win32.Rotor) is a ransomware-type virus that infiltrates systems and stealthily encrypts various files. During encryption, Rotor appends the names of encrypted files with:

• !___________ANCABLCITADEL@TUTAMAIL.COM__________.PGP
• !____________ENIGMAPRO@TUTAMAIL.COM_______.PGP
• !____________DESKRYPT@TUTAMAIL.COM________.rar
• !_____FIDEL4000@TUTAMAIL.COM______.biz
• !==solve a problem==stritinge@gmail.com===.SENRUS17
• !-=solve a problem=-=grandums@gmail.com=-.PRIVAT66
• !_____INKASATOR@TUTAMAIL.COM____.ANTIDOT
• !_____DILIGATMAIL7@tutanota.com_____.OTR
• !__recoverynow@india.com__.v8
• !____GLOK9200@GMAIL.COM____.tar
• !____cocoslim98@gmail.com____.tar
• !==SOLUTION OF THE PROBLEM==blacknord@tutanota.com==.Black_OFFserve
• !decrfile@tutanota.com.crypo
• ! ,--, Revert Access ,--, starbax@tutanota.com ,--,.BlockBax_v3.2
• !________INKOGNITO8000@TUTAMAIL.COM_________.SPG
• !@#$%______PANAMA1@TUTAMAIL.com_____%$#@.mail
• !@#$_____ISKANDER@TUTAMAIL.COM_____$#@!.RAR
• !@!@!@_contact mail___boroznsalyuda@gmail.com___!@!@.psd
• !@#$_____INKASATOR1@TUTAMAIL.COM_____$#@!.RAR
• !@$_____inkasator1@tutamail.com_____$@!.rar
• !@$#-unlock-email______zepro190@gmail.com______#$!...ES_HELPs
• !@#$%______PANAMA1@TUTAMAIL.com_____%$#@.mail
• !@#$_(decryp in the EMail)____nautilus369alarm@gmail.com____$#@..AlfaBlock
• !@#$_(decryp in the EMail)____nautilus369alarm@gmail.com____$#@
• !_____ELIZABETH7@PROTONMAIL.COM____.tar
• !_!email__ prusa@goat.si __!..PAYMAN
• !__help2decode@mail.com__.a800
• !@#$%^&-().1c
• !!!! prusa@rape.lol !!!.prus
• !__prontos@cumallover.me__.bak

Unlike other ransomware, this virus does not open pop-up windows or create text files containing ransom-demand messages. Information regarding the infiltration is provided only after victims contact cyber criminals via email addresses provided (added as file extensions).

What is hp.mysearch.com?

Developers state that the StreamFrenzy application allows users to listen worldwide radio stations directly from the browser. Initially, this functionality may seem legitimate and useful, however, this app often infiltrates systems without permission, modifies web browser options, and records various information.

Due to this rogue behavior, StreamFrenzy is categorized as a potentially unwanted program (PUP) and a browser hijacker.

What is Powzip?

Powzip is a deceptive application that falsely claims to provide file compression and other similar functions. Initially, Powzip may seem legitimate and useful, however, it is categorized as a potentially unwanted program (PUP) and adware. There are three main reasons for these negative associations: 1) installation without users' consent; 2) display of intrusive advertisements, and; 3) information tracking.

What is cobalten.com?

cobalten.com is a rogue site similar to onclickbright.com, pttsite.com, obeyter.com, and many others. It cause redirects to various other untrustworthy (potentially, malicious) websites. Many visitors arrive at cobalten.com inadvertently - they are redirected by potentially unwanted programs (PUPs) or advertisements delivered by other rogue sites.

In most cases, PUPs infiltrate systems without permission and, as well as causing redirects, generate intrusive ads and gather sensitive information.

What is FedEx Package Email SPAM?

Similar to Important Documents IRS, Payslip, HM Revenue & Customs Outstanding Amount, and many others, "FedEx Package Email SPAM" is a email spam campaign used to distribute a high-risk virus called Adwind. Email messages state that the user has missed a delivery from the FedEx company and must collect it personally.

For detailed information, users are encouraged to open an attachment. Be aware, however, that the attached .jar file is malicious - once opened, it downloads and installs malware.

What is 24H?

Discovered by Michael Gillespie, 24H is a ransomware-type virus designed to stealthily infiltrate the system and encrypt most stored files.

During encryption, 24H appends filenames with the ".24H" extension (e.g., "sample.jpg" is renamed to "sample.jpg.24H"). Encrypted data immediately becomes unusable. 24H then generates a text file ("ReadME-24H.txt"), placing a copy in every existing folder.

What is Ummy Video Downloader?

Developers present Ummy Video Downloader as a great tool that allows users to download videos from the YouTube, RuTube, and Dailymotion websites.

This application may seem legitimate and useful, however, Ummy Video Downloader is categorized as a potentially unwanted program (PUP) and adware. There are three main reasons for these negative associations: 1) stealth installation without users' consent; 2) tracking of web browsing activity, and; 3) display of intrusive advertisements.

What is HYENA LOCKER?

First discovered by malware security researcher, Michael Gillespie, HYENA LOCKER is a ransomware-type virus that originates from the Everbe ransomware family. Immediately after infiltration, HYENA LOCKER encrypts most stored files and adds the ".[hyena@rape.lol].HYENA" appendix to name of each compromised file (e.g., "sample.jpg" is renamed to "sample.jpg.[hyena@rape.lol].HYENA").

After successfully encrypting data, HYENA LOCKER generates a text file named "!_HOW_RECOVERY_FILES_!.txt" and places a copy in every existing folder.