Virus and Spyware Removal Guides, uninstall instructions

What is Lockify?

First discovered by malware security researcher, Michael Gillespie, Lockify is a virus based on an open source ransomware project called Hidden Tear.

Once infiltrated, Lockify encrypts various data using AES cryptography. This malware appends filenames with the ".lockify" extension (for example, "sample.jpg" is renamed to "sample.jpg.lockify"). After successfully encrypting files, Lockify places a "readme.HTA" file in each folder containing encrypted data.

What is hp.myway.com?

Developed by Mindspark Interactive Network, DirectionsOnline is a deceptive application that supposedly allows users to use GPS functions.

Judging on appearance alone, DirectionsOnline might seem legitimate and useful, however, this app is categorized as a potentially unwanted program (PUP) and a browser hijacker. There are three main reasons for these negative associations: 1) stealth installation without consent; 2) modification of web browser settings, and; 3) tracking of Internet browsing activity.

What is PEC 2017?

Discovered by xXToffeeXx, PEC 2017 is a ransomware-type virus distributed via spam emails containing a fake CV attachment, which installs malware by employing a CVE-2017-0199 exploit. Once infiltrated, PEC 2017 encrypts various data using AES-256 cryptography.

During encryption, PEC 2017 appends the ".pec" extension to the name of each compromised file. The virus then creates an HTML file ("AIUTO_COME_DECIFRARE_FILE.html"), placing it in each folder containing encrypted files.

What is WiseFolderLock?

WiseFolderLock is a deceptive application that supposedly allows users to lock various folders. Judging on appearance alone, WiseFolderLock may appear legitimate and useful, however, this app infiltrates systems without consent.

Furthermore, it delivers intrusive online advertisements and records information relating to users' Internet browsing activity. For these reasons, WiseFolderLock is categorized as a potentially unwanted program (PUP) and a browser hijacker.

What is UpdateAdmin?

UpdateAdmin is a rogue application claiming to provide various useful features. Although this functionality may seem legitimate, UpdateAdmin is categorized as a potentially unwanted program (PUP) or adware.

One of the reasons for these negative associations is a deceptive software marketing method called 'bundling' used to install UpdateAdmin on systems without users' permission. Bundling is a way to stealthily distribute third party applications together with regular software.

Therefore, users often install this adware inadvertently with free software downloadable on freeware download websites. After infiltration, UpdateAdmin generates various intrusive online advertisements (banner, pop-up, etc.) that often redirect to bogus websites, thereby exposing your computer to risk of infection.

What is googlescan.ru?

Developers present googlescan.ru as a 'high-experience' search engine that enhances the Internet browsing experience by generating improved results. Judging on appearance alone, googlescan.ru barely differs from Bing, Yahoo, Google, and other legitimate search engines.

Therefore, many users believe that this rogue website is legitimate. In fact, developers promote it by employing deceptive download/installation set-ups designed to modify browser settings without consent. Furthermore, googlescan.ru continually records various information relating to users' Internet browsing activity.

What is hp.myway.com?

DownloadManagerNow is a deceptive application developed by Mindspark Interactive Network. By claiming to ease the data download process, DownloadManagerNow attempts to give the impression of legitimacy, however, this app is categorized as a potentially unwanted program (PUP) and a browser hijacker.

There are three main reasons for these negative associations: 1) installation without consent; 2) modification of web browser settings, and; 3) tracking of users' Internet browsing activity.

What is Mordor?

Mordor is a ransomware-type virus discovered by MalwareHunterTeam. This malware is a based on an open source ransomware project called Hidden Tear. Cyber criminals edit Hidden Tear source code and attempt to generate revenue by providing Mordor as a RaaS (Ransomware-as-a-Service).

Mordor is distributed using spam emails that contain malicious Javascript attachments designed to run the ransomware. Once infiltrated, Mordor encrypts various files and appends the ".mordor" extension to each of them. The virus then creates an HTML file ("READ_ME.html"), placing it on the desktop.

What is restore@protonmail.ch?

Restore@protonmail.ch is an new version of Fantom ransomware. Once infiltrated, restore@protonmail.ch encrypts files using asymmetric cryptography. As with Fantom, restore@protonmail.ch also displays a fake Windows Update screen during file encryption.

Furthermore, this ransomware renames encrypted files using the "8_random_characters.locked" pattern (e.g., "sample.jpg" might be renamed to "MS5qcGc=.locked").

The desktop wallpaper is then modified and two files created: 1) an executable file ("READ_ME!.exe"), which opens a ransom-demand pop-up, and; 2) a random file ("16_random_characters.locked", content unknown). Both files are placed in every existing folder.

What is OzozaLocker?

OzozaLocker is a ransomware-type virus that infiltrates the system and encrypts various data. During encryption, OzozaLocker appends the ".locked" extension to the name of each encrypted file. For instance, "sample.jpg" is renamed to "sample.jpg.locked".

A text file ("HOW TO DECRYPT YOU FILES.txt") is then created and placed on the desktop. The file contains a ransom-demand message.