Virus and Spyware Removal Guides, uninstall instructions

Payms Ransomware

What is Payms?

Payms is a ransomware-type virus based on the source code of another ransomware infection called Jigsaw. Developers of Jigsaw sell the source code in dark web and, thus, new variants of this ransomware are common. Once infiltrated, Payms employs an asymmetric algorithm to encrypt files stored in victims' computers.

The name of each encrypted file is appended with the .paymrss, .paym, .payrms, .payms, .paymst, or .pays extension. A "Payment_Instructions.txt" file is then created, which is placed on the desktop.

   
Yakes Ransomware

What is Yakes?

Yakes (Mobef) is ransomware-type malware similar to Salam!. After infiltrating the system, Yakes encrypts various types of files (for example, .doc, .ppt, .pdf, etc.) stored on victims' computers. Some variants of this ransomware extend the names of encrypted files with the Lokmann.Key993, .KEYH0LES or .KEYZ extension, however, others make no changes.

Therefore, it is often difficult to determine which files are encrypted. Following encryption, a message is displayed making a ransom demand.

   
Vault Ransomware

What is Vault ransomware?

Vault is ransomware-type malware designed to encrypt various files stored on infected computers. During encryption, this ransomware adds a ".vault" or ".xort" extension to each encrypted file and, therefore, it is easy to determine which files are affected.

All files are encrypted using the RSA algorithm and, thus, a private key is required to decrypt them. In exchange for the key, developers of Vault encourage victims to pay a ransom. Note that this malware targets users located in Russia.

   
7ev3n Ransomware

What kind of malware is 7ev3n

7ev3n ransomware stealthily infiltrates systems via malicious e-mail attachments, P2P networks, and fake software updates. After system infiltration, 7ev3n encrypts files stored on computers and adds the .r5a (or .r4a) extension to compromised files. Once files are successfully encrypted, a pop-up message is displayed providing information regarding the encryption.

Payment of a ransom is demanded in exchange for a private key, which is used to decrypt the files. If the ransom is not paid within the given time frame, the private key will be destroyed and all files will remain encrypted forever.

   
CryptXXX Ransomware

What is CryptXXX?

CryptXXX is ransomware-type malware distributed using the Angler Exploit Kit. Following infiltration, CryptXXX encrypts various files stored on local and mounted drives using RSA4096 - an asymmetric encryption algorithm. Thus, public (to encrypt) and private (to decrypt) keys are generated during encryption.

To the restore files, victims require the private key, which is stored on Command and Control (C&C) servers belonging to the cyber criminals. To receive the decrypter (with the private key embedded), victims must supposedly pay a ransom. In addition, CryptXXX gathers various private data (browsing details, cookies, etc.)

   
GamesCake Ads

What is GamesCake?

GamesCake is a deceptive application identical to GamingTreasure, ArcadeTropics, GamesLagoon, and a number of other bogus programs. All (including GamesCake) offer functionality to play various Flash games, however, these false claims are merely attempts to trick users into believing that this application is legitimate.

In fact, GamesCake is categorized as a potentially unwanted program (PUP) and adware. One of the main reasons for these negative associations is stealth installation - GamesCake usually infiltrates systems without users’ consent. Users' web browsing activity is then tracked and intrusive online advertisements displayed.

   
Searchswapper.com Redirect

What is searchswapper.com?

searchswapper.com is a fake Internet search engine claiming to enhance the web browsing experience by generating the most relevant search results. Judging by appearance alone, searchswapper.com may seem very similar to Google, Yahoo, Bing, and other legitimate Internet search engines.

Therefore, users often believe that searchswapper.com is also legitimate. Be aware, however, that developers promote this site using dubious application 'installers' that modify web browser settings without users' consent. In addition, searchswapper.com continually gathers various user/system information.

   
Aga Ransomware

What is Aga?

Aga is another ransomware-type virus that targets Russian users and encrypts files (.doc, .jpg, ppt, .pdf, etc). During encryption, this ransomware adds the .aga extension to the name of each encrypted file (for example, a file named "sample.jpg" is renamed to "sample.jpg.aga"). A text file named "Instructionaga" is then generated.

   
GamesCrystal Adware

What is GamesCrystal?

GamesCrystal is a potentially unwanted program (PUP) claiming to allow users to play various Flash games. These fake promises often trick users into believing that GamesCrystal is a legitimate app, however, that this PUP usually infiltrates systems without users’ permission.

Furthermore, GamesCrystal continually monitors users' web browsing activity and generates intrusive online advertisements. For these reasons, it is classed as adware.

   
JuicyLemon Ransomware

What is JuicyLemon?

JuicyLemon is a ransomware-type virus that infiltrates the system and then encrypts stored files.

During encryption, this virus extends the name of each file with the ".id-[victim’s ID]_email1_support_@_juicylemon.biz_email2_provectus_@_protenmail.com_BitMessage_BM-NBRCUPTenKgYbLVCAfeVUHVsHFK6Ue2F" extension.

Two text files - "RESTORE FILES.txt" and "[victims-ID].txt" are then created and placed in each folder containing the encrypted files.

   

Page 2043 of 2329

<< Start < Prev 2041 2042 2043 2044 2045 2046 2047 2048 2049 2050 Next > End >>
About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal