Virus and Spyware Removal Guides, uninstall instructions

What is Porn ransomware?

Porn ransomware is designed to encrypt files, append the ".porn" extension to their filenames, display a pop-up window, and create the "RECUPERAR__.porn.txt" file. Porn changes a file named "1.jpg" to "1.jpg.porn", "2.jpg" to "2.jpg.porn", and so on. The displayed pop-up window and created text file are Porn's ransom notes.

What is WebSearchStreams?

WebSearchStreams is a potentially unwanted application (PUA) that hijacks a browser by changing its settings. The main purpose of this application is to promote a fake search engine, the websearchstreams.com address. WebSearchStreams is a PUA because users often download and install apps of this type inadvertently.

What is Abc ransomware?

Abc is part of the CryptoWall ransomware family. It encrypts files and appends the ".abc" extension to filenames (for example, it renames "1.jpg" to "1.jpg.abc", "2.jpg" to "2.jpg.abc". Abc creates three ransom notes: "RESTORE_FILES.TXT", "RESTORE_FILES.BMP" and "RESTORE_FILES.HTML".

What is "Unfortunately, there are some bad news for you" email scam?

"Unfortunately, there are some bad news for you" is the name of a sextortion spam campaign. The emails sent through this campaign claim that the sender has made a sexually explicit video featuring the recipient, and this recording will be publicized - unless the ransom demands are met.

It must be emphasized that this is a scam; hence, no compromising videos of the recipient exist, and all the other claims made by these letters are false.

What is J4fsf ransomware?

J4fsf is a ransomware-type program, which encrypts data and demands payment for the decryption. Affected files are appended with - ".[random_string].j4fsf extension", which consists of a random character string, and the ".j4fsf" extension. For example, a file like "1.jpg" would appear as something similar to "1.jpg.1iaO5JmmZdx7bxmbLyv8-dSa2NalpxJSYoliQDFkhPURh7sTZt2PGF1UlUZosBpd.j4fsf".

Afterwards, a ransom note in a text file named "R7vw_HOW_TO_DECRYPT.txt" is created. This file is dropped onto the desktop.

What is SuccessAdvanced?

SuccessAdvanced is a rogue application classified as adware. It also has browser hijacker qualities. What is more, since most users download/install apps of this type inadvertently, they are categorized as PUAs (Potentially Unwanted Applications) as well.

What is Nomad ransomware?

Nomad is a malicious program that belongs to the Dharma ransomware family. It is designed to encrypt data (render files inaccessible) and demand ransoms for the decryption.

Affected files are renamed following this pattern: initial filename, unique ID assigned to the victim, cyber criminals' email address, and a ".nomad" extension. For example, a file like "1.jpg" would appear as something similar to "1.jpg.id-C279F237.[nomad.crypt@onionmail.org].nomad" - after encryption. Once this process is complete, ransom notes are created/displayed in a pop-up window and "info.txt" text file.

What is centralheat[.]me page?

Centralheat[.]me is designed to trick visitors into allowing it to show notifications. It uses a clickbait technique for that. Also, centralheat[.]me is used to promote questionable websites. This page shares similarities with plenty of other pages, for example, fast-travel[.]org, joaglouwulin[.]com, and tionalmorei[.]online.

What is Rigd ransomware?

Rigd is part of the Djvu ransomware family. This variant encrypts files and appends the ".rigd" extension to their filenames (for example, it changes "1.jpg" to "1.jpg.rigd", "2.jpg" to "2.jpg.rigd"). Instructions on how to contact the attackers and other details are provided in the "_readme.txt" file.

What is "Voicemail email scam"?

"Voicemail email scam" refers to a spam campaign - a mass-scale operation during which thousands of deceptive emails are sent. The letters distributed through this campaign - are disguised as notifications concerning a new voicemail.

This spam mail aims to promote a phishing website designed to record information entered into it. The page requests users to sign in using their email account log-in credentials (i.e., email addresses and corresponding passwords). Hence, by trying to log in through this webpage - users can have their email accounts stolen.