Virus and Spyware Removal Guides, uninstall instructions

FireCrypt Ransomware

What kind of malware is FireCrypt?

FireCrypt is a ransomware-type virus that encrypts files using AES-256 cryptography. The executable used to encrypt files opens a console window that contains various figures drawn using ASCII art. This malware appends the ".firecrypt" extension to the name of each encrypted file.

For instance, "sample.jpg" is renamed to "sample.jpg.firecrypt". Following successful encryption, FireCrypt generates a "READ_ME.html" file and places it on the desktop.

   
MafiaWare Ransomware

What is MafiaWare?

MafiaWare is malware based on an open-source ransomware project called Hidden Tear. Following successful infiltration, MafiaWare encrypts files using AES cryptography. In addition, MafiaWare appends the ".Locked-by-Mafia" (or ".Locked-Mafiaware") extension to the name of each encrypted file (e.g., "sample.jpg" is renamed to "sample.jpg.Locked-by-Mafia").

A text file ("READ_ME.txt") containing a ransom-demand message is then created and placed on the desktop.

   
Zwhip Adware

What is Zwhip?

Zwhip is a rogue application claiming to allow users to access websites that are blocked in their countries.

Initially, this functionality may seem legitimate and useful, however, Zwhip often infiltrates systems without direct permission. In addition, this app continually delivers intrusive online advertisements and tracks users' Internet browsing activity. For these reasons, Zwhip is categorized as a potentially unwanted program (PUP) and adware.

   
SearchFormsOnline Toolbar

What is hp.myway.com?

SearchFormsOnline is a deceptive application that supposedly helps users to find US government forms relating to taxes, healthcare, travel, etc. On initial inspection, this functionality may appear legitimate and useful, however, SearchFormsOnline often infiltrates systems without users' consent.

Furthermore, this app stealthily modifies web browser settings, displays intrusive online advertisements, and continually collects various user/system information. For these reasons, SearchFormsOnline is categorized as a browser hijacker and a potentially unwanted program (PUP).

   
Luckysite123.com Redirect

What is luckysite123.com?

Developers present luckysite123.com as a legitimate Internet search engine that supposedly enhances the Internet browsing experience by generating improved search results. The appearance of this website barely differs from Bing, Google, Yahoo, and other similar legitimate search engines.

Therefore, many users believe that luckysite123.com is also legitimate. In fact, this site gathers various information relating to users' Internet browsing activity. In addition, developers stealthily promote it via rogue download/installation set-ups designed to modify Internet browser options without permission.

   
Myluckysites.com Redirect

What is myluckysites.com?

myluckysites.com is a fake Internet search engine similar to trotux.com and amisites.com. By offering improved search results, myluckysites.com often tricks users into believing that it is a legitimate and useful website.

In fact, developers promote it via deceptive download/installation set-ups that hijack Internet browsers and modify various options without consent. Furthermore, myluckysites.com collects various information relating to users' Internet browsing activity.

   
GOG Ransomware

What is GOG?

GOG is ransomware-type malware designed to encrypt files using RSA-4096 cryptography. During encryption, GOG appends the ".L0CKED" extension to the name of each file.

For example, "sample.jpg" is renamed to "sample.jpg.L0CKED". Following successful encryption, GOG changes the desktop wallpaper and creates a text file ("DecryptFile.txt"), placing it on the desktop. The file contain a ransom-demand message.

   
Erebus Ransomware

What is Erebus?

Erebus is a ransomware-type virus distributed via malicious online advertisements. These ads redirect users to a Rig exploit kit server, which infects the computer system. After infiltration, Erebus encrypts various files using RSA-2048 cryptography.

During encryption, Erebus renames files the following pattern: "[random_characters].ecrypt" (e.g., "sample.jpg" might be renamed to "DG*(AS--gLLMBa23gaPLHG12&aMhoBz66o.ecrypt"). Following successful encryption, Erebus creates two files ("YOUR_FILES_HAS_BEEN_ENCRYPTED.txt" and "YOUR_FILES_HAS_BEEN_ENCRYPTED.html"), placing them on the desktop.

   
FirstRansomware Ransomware

What is FirstRansomware?

FirstRansomware is another malware infection based on an open-source ransomware project named "Hidden Tear". Following successful encryption, FirstRansomware encrypts files using symmetric cryptography (AES). In addition, this malware appends the ".locked" (or ".krzysioka") extension to the name of each encrypted file.

E.g., "sample.jpg" is renamed to "sample.jpg.locked". Once files are encrypted, FirstRansomware opens a pop-up window with a ransom-demand message.

   
OpenToYou Ransomware

What is OpenToYou?

OpenToYou is another ransomware-type virus that encrypts files and renames them by appending the ".-opentoyou@india.com" extension to the name of each encrypted file. For instance, "sample.jpg" is renamed to "sample.jpg.-opentoyou@india.com".

Once files are encrypted, OpenToYou changes the desktop wallpaper and creates a text file ("!!!.txt"), placing it on the desktop.

   

Page 1980 of 2329

<< Start < Prev 1971 1972 1973 1974 1975 1976 1977 1978 1979 1980 Next > End >>
About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal