Virus and Spyware Removal Guides, uninstall instructions

Search Power+ Browser Hijacker

Search Power+ browser hijacker removal instructions

What is Search Power+?

Search Power+ is a potentially unwanted application (PUA), a browser hijacker. It hijacks a browser by changing certain browsers settings to, address of a fake search engine. Quite often apps of this type collect various information too. Browser hijackers are categorized as PUAs because users tend to download and install them unknowingly (inadvertently).

Eventbot Banking Trojan (Android)

Eventbot malware removal guide

What is Eventbot?

Eventbot is the name of a banking Trojan which targets Android users. It attempts to steal sensitive information (like credit card details, credentials) by using overlay technique, also, it abuses the Accessibility Service. Eventbot can be the reason behind serious privacy issues, cause monetary loss and other problems.

Pekraut RAT

Pekraut virus removal guide

What is Pekraut RAT?

Pekraut is a piece of malicious software, classified as a Remote Access Trojan (RAT). This malware is designed to allow remote access and control over the infected device. RATs can have a wide variety of abilities/features, which enable a broad range of misuse. Pekraut trojan has 27 commands, though at the time of research one of them did not seem to be fully implemented. There is reason to believe that Pekraut RAT is of German origin, as the commands' (which are in English themselves) descriptions are in German. This is a high-risk malware, which can cause especially severe issues.

Mpaj Ransomware

Mpaj ransomware removal instructions

What is Mpaj?

Mpaj is malicious software which belongs to a family of ransomware called Djvu. It is designed to encrypt victim's files, rename them by appending its extension and create a ransom note. This ransomware renames all encrypted files by appending the ".mpaj" extension, for example, it changes a file named "1.jpg" to "1.jpg.mpaj", "2.jpg" to "2.jpg.mpaj", etc., and creates a ransom note, a text file named "_readme.txt".

Tilde Ransomware

Tilde ransomware removal instructions

What is Tilde?

Tilde is a piece of malicious program, classified as ransomware. Credit for this malware's discovery belongs to dnwls0719. During the encryption process, all affected files are appended with the ".~~~~" extension. For example, a file originally named as something like "1.jpg" would appear as "1.jpg.~~~~" - following encryption. Once this process is complete, a ransom note - "Read~ME.txt" is dropped into every compromised folder.

Random Ransom Ransomware

Random Ransom ransomware removal instructions

What is Random Ransom?

Random Ransom was discovered by S!Ri. It encrypts files, modifies their filenames and displays a pop-up window with a note in it. Random Ransom changes encrypted files by appending the ".RANDOM" extension to their filenames. For example, it renames a file named "1.jpg" to "1.jpg.RANDOM", "2.jpg" to "2.jpg.RANDOM", and so on. In order to be restore (decrypt files) victims have to follow the instructions in a pop-up window.

ActiveMulti Adware (Mac)

How to remove ActiveMulti from Mac?

What is ActiveMulti?

ActiveMulti is a rogue application, it is classified as adware and has browser hijacker qualities. It operates by delivering intrusive advertisements, altering browser settings and promoting fake search engines. Via this app promotes Safe Finder. Additionally, most adwares and browser hijackers have data tracking abilities, which are employed to spy on users' browsing habits. Since most users download/install ActiveMulti intentionally, it is also considered to be a PUA (Potentially Unwanted Application).

Netuniverse POP-UP Scam (Mac)

How to remove redirects to the Netuniverse websites from from Mac?

What are the Netuniverse sites?

Netuniverse is a group of deceptive websites, running various schemes. Sites belonging to this family have been observed promoting "Dear Safari User, You Are Today's Lucky Visitor" scam. However, they may push other schemes as well. Few users access Netuniverse pages intentionally, most get redirected to them by intrusive advertisements or by PUAs (Potentially Unwanted Applications), already installed onto the system. Redirect redirect removal instructions

What is is an address of a fake search engine. Typically, fake search engines are promoted through potentially unwanted applications (PUAs) classified as browser hijackers. is promoted through a PUA named MySuperTab. Apps of this type promote addresses of fake search engines by modifying browser's settings. It is common that browser hijackers collect various information too. Typically, users download and install browser hijackers unintentionally.

Revon Ransomware

Revon ransomware removal instructions

What is Revon?

Revon is a malicious program, belonging to the Phobos ransomware family. It encrypts data and demands payment for the decryption tools/software. During the encryption, the files are renamed according to this pattern: original filename, unique ID, cyber criminals' email address and the ".revon" extension. For example, a file originally titled "1.jpg" would appear as something similar to "[1E857D00-2795].[].revon", and so on for all of the compromised files. Once this process is complete, ransom notes - "info.hta" and "info.txt" are created.


Page 1 of 952

<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>
Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal