Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is Cerber?

Cerber (also called CRBR Encryptor) is a ransomware-type malware that infiltrates systems, encrypting various file types including .jpg, .doc, .raw, .avi, etc. Cerber adds a .cerber (some variants add .cerber2 or .cerber3) extension to each encrypted file.

Notice that some variants of this ransomware add random file extensions - for example: “.ba99”, ”.98a0", ".a37b", ".a563" etc. There are also variants of this ransomware that add .beef extension to encrypted files. Following successful infiltration, Cerber demands a ransom payment to decrypt these files.

It is stated that payment of the ransom must fall within the given time frame (seven days), otherwise the ransom amount will double.

Some variants of this ransomware disclose their versions - for example: "Cerber Ransomware 4.1.3", "Cerber Ransomware 4.1.5", "Cerber Ransomware 4.1.6", "Cerber Ransomware 5.0.0"  ( the latest variant demands a ransom of $499) etc.

What is GPAA?

Discovered by malware security researcher, Michael Gillespie, GPAA (Global Poverty Aid Agency) is a ransomware-type virus that stealthily infiltrates systems and encrypts various data using RSA-4096 cryptography. During encryption, GPAA renames encrypted files using the "[16_random_characters].cerber6" pattern.

For instance, "sample.jpg" might be renamed to a filename such as "GHl3_pl8ant3HAE-.cerber6" or similar. Once files are encrypted, GPAA creates an HTML file ("!READ.htm"), placing it in each folder containing encrypted files. Note that GPAA is not related to another high-risk malware infection called Cerber.

What is webdown-loader.com?

Developers present webdown-loader.com as an Internet search engine that generates improved results and, therefore, enhances the browsing experience. Judging on appearance alone, webdown-loader.com barely differs from Google, Yahoo, Bing, and other legitimate search engines.

Therefore, many users believe that webdown-loader.com is also legitimate and useful. In fact, developers promote this site via rogue downloaders/installers that modify browser settings without permission.

What is BeethoveN?

BeethoveN is a ransomware-type virus discovered by malware security researcher, MalwareHunterTeam. Once infiltrated, BeethoveN encrypts files using AES-256 and RSA-2048 algorithms, appending filenames with the ".BeethoveN" extension (for example, "sample.jpg" is renamed to "sample.jpg.BeethoveN").

Following successful encryption, the virus opens a pop-up window containing a ransom-demand message and creates a text file ("FILELIST.TXT") with a list of encrypted files, placing it on the desktop.

What is loadstart.biz?

loadstart.biz is presented as a 'high-experience' Internet search engine that significantly enhances the browsing experience by generating improved results.

Judging on appearance alone, loadstart.biz may appear legitimate and useful, however, this website continually tracks browsing activity by gathering user-system information. In addition, developers promote loadstart.biz by employing rogue download/installation set-ups designed to modify browser settings without permission.

What is alldownloads.hapc.gdn?

alldownloads.hapc.gdn is a rogue deceptive site designed to redirect users to various other rogue websites. Users often visit alldownloads.hapc.gdn inadvertently - they are redirected by potentially unwanted adware-type programs (PUPs) that infiltrate systems without permission (the "bundling" method).

As well as causing redirects, PUPs deliver intrusive advertisements and continually gather various user-system information.

What is search.searchitradionow.com?

Listen To The Radio Now is a deceptive application that supposedly allows users to listen to various radio stations free of charge.

Initially, Listen To The Radio Now may seem legitimate and useful, however, this site is categorized as a potentially unwanted program (PUP) and a browser hijacker. There are three main reasons for these negative associations: 1) stealth installation without consent; 2) modification of web browser settings, and; 3) tracking of users' Internet browsing activity.

What is youfreenews.net?

According to the developers, youfreenews.net is an Internet search engine that significantly enhances the browsing experience by generating improved results. Judging on appearance alone, youfreenews.net barely differs from Google, Yahoo, Bing, and other legitimate search engines.

Therefore, many users believe that this site is also legitimate. In fact, it records various user-system information relating to Internet browsing activity. Furthermore, developers promote youfreenews.net via rogue download/installation set-ups that modify web browser settings without permission.

What is Spectre?

Spectre is a ransomware-type virus discovered by malware security researcher, MalwareHunterTeam. Once infiltrated, Spectre encrypts files using AES-256 cryptography and renames them using the "[24_random_characters].spectre" pattern.

For instance, "1.jpg" might be renamed to a filename such as "mjYd+aHaQB9v5cpTI6sTDg==.spectre" or similar. Following successful encryption, Spectre creates a text file ("HowToDecryptIMPORTANT!.txt") containing a ransom-demand message and places it on the desktop.

What is Prime Updater?

Prime Updater (also known as "PrimUp!") is a deceptive application that supposedly allows users to update installed software. Judging on appearance alone, Prime Updater may appear legitimate and useful, however, this application often infiltrates systems without consent.

Furthermore, it proliferates rogue applications, delivers intrusive advertisements, and continually records various user-system information. For these reasons, Prime Updater is categorized as adware and a potentially unwanted program (PUP).