Virus and Spyware Removal Guides, uninstall instructions

Exotic Ransomware

What is Exotic?

Exotic is ransomware that encrypts and renames files using the "[several_random_characters].exotic" pattern. For instance, "sample.jpg" is renamed to "78!bk).exotic". Once files are encrypted, Exotic opens a pop-up message informing victims of the infection. A window is then displayed containing a ransom-demand message.

   
Windows Defender Has Detected Critically Corrupted File System! Scam

What is Windows Defender has detected Critically Corrupted File System!?

"Windows Defender has detected Critically Corrupted File System!" is a fake error message distributed using various adware-type applications.

This error locks the computer screen and claims that Windows Defender has detected corrupted files. Adware-type applications often infiltrate systems during installation of other programs. Furthermore, these apps continually gather various user/system information, cause unwanted browser redirects, and deliver intrusive online advertisements.

   
TVPlusNewtab Browser Hijacker

What is TVPlusNewtab?

TVPlusNewtab is a browser hijacker, endorsed as a tool for easy access to movie trailers, TV series and celebrity content. It is also supposedly capable of allowing users to quickly view PDF documents. TVPlusNewtab operates by making modifications to browser settings in order to promote search.tvplusnewtabsearch.com - a fake search engine.

Additionally, this browser hijacker has data tracking abilities, which are used to record information relating to users' Internet browsing activity. Since most users install TVPlusNewtab inadvertently, it is also considered to be a PUA (Potentially Unwanted Application).

   
Ncrypt Ransomware

What is Ncrypt?

Ncrypt is a ransomware-type malware designed to encrypt victims' files. It was first discovered by a security researcher Michael Gillespie

During encryption, this malware appends a ".NCRYPT" extension to the name of each file. For instance, "sample.jpg" is renamed to "sample.jpg.NCRYPT". After encryption, Ncrypt creates a "_FILE_RETRIEVAL_INFORMATION.html" file (placed on the desktop) containing a ransom-demand message.

   
CryptoLocker 5.1 Ransomware

What is CryptoLocker 5.1?

CryptoLocker 5.1 is newly-discovered ransomware claiming to be the CryptoLocker virus. It is based on Hidden Tear - an open-source ransomware project. Following system infiltration, CryptoLocker 5.1 encrypts files using RSA-2048 cryptography and appends a ".locked" extension to the name of each encrypted file.

For example, "sample.jpg" is renamed to "sample.jpg.locked". Most ransomware appends unique extensions, however, recently, the ".locked" extension is popular amongst these viruses. Following encryption, CryptoLocker 5.1 opens a pop-up window and creates a "LEGGI.txt" file, placing it on the desktop. Both contain ransom-demand messages.

   
FunSafeTab Browser Hijacker

What is FunSafeTab?

FunSafeTab is a browser hijacker, endorsed as a tool to increase user security when browsing. It operates by modifying web browser settings in order to promote search.funsafetabsearch.com - a fake search engine. Search.funsafetabsearch.com may appear legitimate and useful, however it is unable to provide search results.

Additionally, FunSafeTab tracks data, specifically information relating to Internet browsing activity. Due to its dubious proliferation methods, FunSafeTab is also considered to an unwanted application.

   
APT Ransomware

What is APT ransomware?

APT Ransomware v2.0 is a ransomware-type virus designed to encrypt files using RSA-4096 cryptography. This ransomware is based on a Hidden Tear project (so-called 'educational ransomware' that was released as Open Source in August 2015). APT appends a ".dll" extension to the name of each encrypted file.

For example, "sample.jpg" would be renamed to "sample.jpg.dll". In fact, ".dll" files are used by MS Windows (read more).

Therefore, we assume that by adding this extension to regular files, APT's developers attempt to confuse victims. Once the encryption is finished, APT creates a "DECRYPT_YOUR_FILES.html" file and places it in each folder that contains encrypted files.

   
Enigma Ransomware

What is Enigma ransomware?

Enigma is a ransomware-type virus that encrypts files using AES-128 cryptography. During encryption, Enigma appends a ".1txt" extension to the name of each encrypted file (a previous version of Enigma appended the ".enigma" extension). For example, "sample.jpg" is renamed to "sample.jpg.1txt".

Once the files are encrypted, Enigma opens a pop-up window and creates a text file ("enigma_info.txt", previously "E_N_I_G_M_A.txt" and "enigma_encr.txt"). Both contain an identical ransom-demanding message.

Be aware that this ransomware is not related to or affiliated with any legitimate company whose name has the word "Enigma" in it.

   
Login.hhtxnet.com Redirect

What is login.hhtxnet.com?

login.hhtxnet.com is a rogue website claiming to be a legitimate Internet search engine. Developers promote this site via malicious javascript files that stealthily modify web browser settings without users' consent. Furthermore, login.hhtxnet.com continually gathers information relating to Internet browsing activity.

   
Comrade Circle Ransomware

What is Comrade Circle?

Comrade Circle is newly-discovered ransomware similar to Fantom. Following infiltration, Comrade Circle encrypts files and renames them using a "[6-16 random symbols].comrade" pattern. For instance, "sample.jpg" might be renamed to "sdf9K21a=G.comrade".

Updated variants of this ransomware use .encrypted4 extension. Furthermore, Comrade Circle displays a fake Windows Update screen during the encryption process.

After encrypting files, Comrade Circle creates a "RESTORE-FILES![random_number].txt" file and places it in each folder containing encrypted files. The ransomware also changes the desktop wallpaper.

   

Page 2002 of 2329

<< Start < Prev 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 Next > End >>
About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal