Virus and Spyware Removal Guides, uninstall instructions

What is A1ndh ransomware?

A1ndh is a ransomware-type program that encrypts data (locks files) and demands payment for the decryption (access recovery).

Affected files are appended with a random character string and the ".a1ndh" extension. For example, a file like "1.jpg" would appear similar to "1.jpg.L75lyBa9fsElkmD6_0ZKnkg97Wn10mUAfjyEE74Qlwf_UFuBoYQt0fw0.a1ndh", and so forth. Afterwards, a ransom-demanding message - "9dkh_HOW_TO_DECRYPT.txt" - is created.

What kind of page is protectionyoupc[.]com?

Protectionyoupc[.]com displays deceptive content, asks for permission to deliver notifications, and redirects visitors to potentially malicious pages. It shares these qualities (at least two of them) with captcharesolverhere[.]top, indexforcaptchas[.]top, bitcoinshortener[.]top, and plenty of other pages.

What is the "Access via Seed Phrase" scam?

"Access via Seed Phrase" is a phishing scam that targets cryptocurrency wallet credentials (i.e., passphrases). Through this scheme, users can supposedly access their digital wallets (e.g., MetaMask, Trezor, Ledger, Fortmatic, etc.); however, by attempting to do so - they will inadvertently expose their cryptowallets and the currency stored therein.

What is L41 ransomware?

L41 is a malicious program belonging to the MedusaLocker ransomware group. This malware is designed to encrypt data (render files unusable) and demand ransoms for the decryption.

Compromised files are appended with the ".L41" extension. For example, a file titled "1.jpg" would appear as "1.jpg.L41", "2.jpg" as "2.jpg.L41", "3.jpg" as "3.jpg.L41", and so on. Once this process is completed, a ransom note - "HOW_TO_RECOVER_DATA.html" - is dropped onto the desktop.

What is BBB email virus?

Cybercriminals behind this email attempt to trick recipients into believing that they have received an email from a nonprofit organization called Better Business Bureau (BBB) and opening a malicious attachment. The file attached to it is used to distribute Dridex banking malware.

What is Cent Browser?

Cent Browser is an untrustworthy browser based on the Chromium open-source project. It has been observed operating as adware, and it also promotes the internet-start.net fake search engine - which is a browser hijacker trait. Since most users install Cent Browser unintentionally, it is also classified as a PUA (Potentially Unwanted Application).

What kind of application is WebCouponSearch?

WebCouponSearch is a browser-hijacking application designed to promote the webcouponsearch.com address. Webcouponsearch.com is a fake search engine. WebCouponSearch promotes it by changing web browser's settings.

What is ShieldBrowser?

ShieldBrowser is an untrustworthy browser, which is detected as adware. Software within this classification operates by running intrusive advertisement campaigns and usually has data tracking abilities. Due to the dubious methods used to distribute ShieldBrowser, it is also categorized as a PUA (Potentially Unwanted Application).

What kind of malware is Geqp9?

Geqp9 is ransomware that makes files inaccessible for victims by encrypting them. Also, it renames all of the encrypted files and creates the "uKz4_HOW_TO_DECRYPT.txt" file (a ransom note). Geqp9 appends a string of random characters and the ".geqp9" extension to filenames.

For example, it renames a file named "1.jpg" to "1.jpg.-PiSsj-ZxRAZnqIOXsczckKgpyF6wdmMbyqqHmW581__kx6s4r19Gz40.geqp9", "sample.png" to "sample.png.-PiSsj-ZxRAZnqIOXsczckKgpyF6wdmMbyqqHmW581__kx6s4r19Gz40.geqp9".

What is Fileslock ransomware?

Fileslock is a piece of malicious software classified as ransomware. It is designed to encrypt data (lock files) and demand ransoms for the decryption.

Affected files are appended with a ".fileslock" extension. For example, a file like "1.jpg" would appear as "1.jpg.fileslock", etc. After this process is completed, a ransom note - "HOW_TO_RECOVER_DATA.html" - is created. Fileslock malicious program belongs to the MedusaLocker ransomware family.