Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is DXXD?

DXXD is ransomware-type malware that encrypts various files stored on the system. During encryption, this ransomware appends a ".dxxd" extension to the name of each encrypted file. For instance, "sample.jpg" is renamed to "sample.jpg.dxxd".

Once the files are encrypted, DXXD generates a text file ("ReadMe.TxT", placed on the desktop) and displays a fake Windows error message. Both inform victims of the encryption.

What is Aerojet?

According to the developers, the Aerojet application significantly enhances the Internet browsing experience by improving Internet search results. These claims often trick users into believing that Aerojet is legitimate and useful, however, this app is categorized as a potentially unwanted program (PUP) and adware.

There are three main reasons for these negative associations: 1) Aerojet often infiltrates systems without users' permission; 2) Aerojet delivers intrusive online advertisements, and; 3) Aerojet continually records information relating to web browsing activity.

What is AppTrailers?

AppTrailers is a rogue application claiming to allow users to watch movie trailers directly from the desktop. On initial inspection, AppTrailers may seem legitimate and useful, however, this app displays intrusive online advertisements and monitors Internet browsing activity.

Furthermore, developers distribute it using a deceptive software marketing method called "bundling". For these reasons, AppTrailers is classed as adware and a potentially unwanted program (PUP).

What is hp.myway.com?

Developed by Mindspark Interactive Network, AudioToAudio is a rogue application that supposedly allows conversion of various audio formats.

Many users believe that AudioToAudio is a legitimate and useful application, however, this application is classed as a browser hijacker and a potentially unwanted program (PUP). AudioToAudio infiltrates systems without users' permission, causes unwanted browser redirects, and continually gathers information relating to Internet browsing activity.

What is help_you@india.com?

help_you@india.com is regular ransomware-type malware originating from the Purge virus family. Research shows that help_you@india.com is designed to encrypt a variety of files stored on the system.

During encryption, help_you@india renames encrypted files using the "[7_random_letters].[help_you@india.com].[17_random letters_and_numbers].xtbl" pattern (e.g., bhaYgCM.help_you@india.com.CGzp76HGV832ajfbO.xtbl).

Following successful encryption, help_you@india.com creates a "How to restore files.hta" file (a pop-up window that informs victims of the encryption) and places it in each existing folder.

What is Odin?

Odin is a new version of Locky ransomware. Cyber criminals proliferate Odin via malicious script files attached to spam emails. Once the script is executed, a malicious encrypted file is downloaded, decrypted, and executed using a Windows program (Rundll32.exe).

This malicious file then encrypts and renames various files (for example, .doc, .ppt, .php, .html, etc.) stored on the computer.

Odin has identical behavior to its previous version (Locky), however, rather than adding a ".locky" or ".zepto" extension, this version appends ".odin". The files are renamed using the "[Victim ID]-[4 symbols]-[12 symbols].odin" pattern (e.g., "sample.jpg" might be renamed to "D56F3331-E80D-9E17-8D2A-1A11D40A6BD3.odin").

Following successful encryption, Odin creates three files ("_5_HOWDO_text.html", "_HOWDO_text.bmp" [set as the desktop wallpaper], and "_HOWDO_text.html") and places them on the desktop.

What is Usr0?

Usr0 is a ransomware-type virus that infiltrates the system and encrypts a number of file types (e.g., .jpg, .doc, .ppt, etc.) stored on the infected system.

This ransomware adds the ".usr0" extension to the name of each encrypted file (e.g., "sample.jpg" is renamed to "sample.jpg.usr0"). Once files are encrypted, Usr0 creates a text file ("Важная информация.txt"), placing it on the desktop.

What is help_dcfile?

Help_dcfile is a ransomware designed to encrypt files using asymmetric cryptography. During encryption, help_dcfile modifies the names of encrypted files using the "10_random_characters.xxx" pattern. For example, "sample.jpg" might be renamed to "Kf4lAyhpGm.xxx".

Once the files are encrypted, help_dcfile opens a window and creates a text file ("help_dcfile.txt", placed on the desktop), both containing a ransom-demand message.

What is Unblockupc?

Unblockupc is ransomware-type malware that stealthily infiltrates the system and encrypts files using AES-128 cryptography. Unlike other ransomware, Unblockupc does not change the names of encrypted files or add any type of extension.

Following successful encryption, Unblockpc generates a ransom-demand message containing a text file ("Files encrypted.txt", which is placed in each folder containing encrypted files) and changes the desktop wallpaper.

What is slivnewbest.ru?

Identical to chromestart4.ru, climbon.top, mystartpage1.ru, and a number of other rogue sites, slivnewbest.ru/i/rt5.html is a fake Internet search engine that supposedly generates the most relevant search results. 

Many users believe that this website is legitimate and useful, however, developers promote slivnewbest.ru using rogue software download/installation set-ups designed to hijack web browsers (Internet Explorer, Google Chrome, and Mozilla Firefox) and stealthily modify various options.

In addition, slivnewbest.ru continually monitors users' Internet browsing activity by gathering various user/system data.