Virus and Spyware Removal Guides, uninstall instructions

CryptoViki Ransomware

CryptoViki ransomware removal instructions

What is CryptoViki?

CryptoViki is a ransomware-type virus discovered by malware security researcher, Marcelo Rivero. Once infiltrated, CryptoViki encrypts various data and appends the ".viki" extension to the names of all compromised files. For instance, "sample.jpg" is renamed to "sample.jpg.viki". Following successful encryption, CryptoViki changes the desktop wallpaper and creates a text file ("readme.txt"), placing it in each folder containing encrypted files.

   
ShareWithUs Adware

ShareWithUs removal instructions

What is ShareWithUs?

ShareWithUs is a deceptive application that stealthily infiltrates systems during installation of other programs (the "bundling" method). Following infiltration, this app generates various intrusive online advertisements and continually records information relating to users' Internet browsing activity. For these reasons, ShareWithUs is categorized as adware and a potentially unwanted program (PUP).

   
GruxEx Ransomware

GruxEx ransomware removal instructions

What is GruxEx?

GruxEx is a copy of an open-source ransomware project called Hidden Tear. Once infiltrated, GruxEx employs AES cryptography to encrypt various files. During encryption, this ransomware appends the ".grux" extension to the name of each encrypted file. For instance, "sample.jpg" is renamed to "sample.jpg.grux". Following successful encryption, GruxEx opens a pop-up window containing a ransom-demand message.

   
DarkoderCrypt0r Ransomware

DarkoderCrypt0r ransomware removal instructions

What is DarkoderCrypt0r?

Discovered by security researcher, Lawrence Abrams, DarkoderCrypt0r is a copy of a ransomware-type virus called Wcry (WannaCry). Once infiltrated, DarkoderCrypt0r encrypts various data and appends the ".DARKCRY" extension to the name of each encrypted file (for example, "sample.jpg" is renamed to "sample.jpg.DARKCRY"). Following successful encryption, DarkoderCrypt0r opens a pop-up window with a ransom-demand message. Note that this ransomware is still under development and, thus, currently only encrypts files stored on the desktop.

   
Your Windows Computer Has Been Blocked Scam

Your Windows Computer Has Been Blocked removal instructions

What is Your Windows Computer Has Been Blocked?

"Your Windows Computer Has Been Blocked" is a fake error message displayed by a malicious website. Users are redirected to this site by potentially unwanted adware-type programs (PUPs). These apps often infiltrate systems without users' consent. In addition, they collect personally identifiable information and deliver intrusive online advertisements.

   
Rambler.ru Redirect

How to eliminate browser redirects to rambler.ru?

What is rambler.ru?

Developers present rambler.ru as an Internet search engine that supposedly generates improved search results and, therefore, enhances the Internet browsing experience. Judging on appearance alone, rambler.ru may appear legitimate and useful, however, this site records various user-system information relating to Internet browsing activity. In addition, developers promote this rogue website by employing deceptive download/installation set-ups that stealthily modify web browser settings without users' permission.

   
Spora Ransomware

Spora ransomware removal instructions

What is Spora?

Spora is a ransomware-type virus distributed via spam emails (malicious attachments). Each rogue email contains an HTA file which, once executed, extracts a Javascript file ("closed.js"), placing it in the system "%Temp%" folder. The Javascript file extracts an executable with a random name and runs it. The executable then starts to encrypt files using RSA cryptography. Note that, unlike other ransomware-type viruses, Spora does not rename encrypted files. The aforementioned HTA file also extracts a DOCX file. This file is corrupted and, thus, an error will be displayed once opened. This is being performed to trick victims into believing that the download of email attachments has failed. Following successful encryption, Spora generate a .html and .KEY files (both named using random characters), placing them in all folders that contain encrypted files.

   
GlobeImposter Ransomware

GlobeImposter ransomware removal instructions

What is GlobeImposter?

GlobeImposter is a ransomware-type virus that mimics Purge (Globe) ransomware. Following infiltration, GlobeImposter encrypts various files and appends ".515", ".nCrypt", ".hNcrypt", ".medal", ".paycyka", ".2cXpCihgsVxB3", ".vdul", ".keepcalm", ".legally", ".crypt", ".wallet" or ".pizdec" extension to the name of each encrypted file. For example, "sample.jpg" is renamed to "sample.jpg.crypt". Following successful encryption, GlobeImposter creates an HTA file ("HOW_OPEN_FILES.hta"), placing it in each folder containing encrypted files. In addition, GlobeImposter opens a pop-up window.

   
UIWIX Ransomware

UIWIX ransomware removal instructions

What is UIWIX?

Discovered by Michael Gillespie, UIWIX is a ransomware-type virus that stealthily infiltrates systems and encrypts various data. In doing so, UIWIX appends filenames with the "._[victim’s id].UIWIX" extension. For example, "sample.jpg" might be renamed to a filename similar to "sample.jpg._2314324924.UIWIX". The virus then creates a text file ("_DECODE_FILES.txt") containing a ransom-demand message.

   
Wcry Ransomware

Wcry ransomware removal instructions

What is Wcry?

Wcry (also known as WannaCry, Wana Decrypt0r 2.0WanaDecryptor or WNCRY virus) is a ransomware-type virus discovered by security reasearcher S!Ri. Once infiltrated, Wcry encrypts files using AES-128 cryptography. During encryption, this malware appends filenames with the ".wcry" extension (for example, "sample.jpg" is renamed to "sample.jpg.wcry"). Updated variants of this ransomware use .wncry extension for encrypted files (encrypted .bmp files receive .WNCRYT extension). Following successful encryption, Wcry opens a pop-up window with a ransom-demand message.

   

Page 2 of 410

<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>