Virus and Spyware Removal Guides, uninstall instructions

Web Saver Adware

What kind of application is Web Saver?

We discovered the Web Saver application on a shady website offering to install it before continuing to the page. After installing this app, we learned that it functions as adware - it displays annoying advertisements. The download page for Web Saver states that this app removes error pages and provides useful information.

   
VastVista Adware (Mac)

What is VastVista?

VastVista is a rogue app that our researchers found while inspecting new submissions to VirusTotal. Once we installed this application on our test machine, we learned that VastVista operates as adware and belongs to the AdLoad malware family.

   
Text Info Adware

What is browser extension is "text info"?

While inspecting questionable download webpages, our research team discovered the text info browser extension. Our analysis of this piece of software revealed that it operates as adware.

   
McAfee - Your Iphone Is Infected With 5 Viruses! POP-UP Scam (Mac)

What kind of scam is "McAfee - Your iPhone is infected with 5 viruses!"?

It is a scam that uses a scare tactic to trick visitors into purchasing a McAfee Total Protection subscription. The McAfee company does not use websites like this one to promote its products. Thus, this site must be ignored. Our team has discovered this scam page while inspecting pages that use rogue advertising networks.

   
Keep Secure Search Browser Hijacker

What is Keep Secure Search?

Our researchers found the Keep Secure Search browser extension while inspecting deceptive download webpages. After analyzing this piece of software, we determined that it is a browser hijacker promoting the keepsecuresearch.com fake search engine.

   
Tap togo Browser Hijacker

What kind of application is Tap togo?

We have discovered the Tap togo application while inspecting various deceptive websites. After downloading the app, we found that it functions as a browser hijacker: it changes certain settings to promote togosearching.com - a fake search engine.

   
ERMAC 2.0 Trojan (Android)

What is ERMAC 2.0?

ERMAC 2.0 is the name of an Android banking Trojan targeting Polish users. We have discovered it on a hacker forum. Its developer sells it for $5000 per month. ERMAC 2.0 masquerades as a legitimate Bolt Food application. This malware steals credentials for financial and cryptocurrency applications.

   
Pay Ransomware

What is Pay ransomware?

Pay is the name of a ransomware-type program that our research team discovered while inspecting new submissions to VirusTotal. We determined that this program is part of the Xorist ransomware family.

After we executed a sample of Pay ransomware on our test system, it encrypted files and appended their filenames with a ".Pay" extension. For example, a file originally named "1.jpg" appeared as "1.jpg.Pay", "2.png" as "2.png.Pay", and so on.

Once the encryption process was completed, this ransomware displayed a pop-up window and created a text file titled "HOW TO DECRYPT FILES.txt". Both of these messages contain identical ransom notes.

   
Shieldproblocker.xyz POP-UP Scam (Mac)

What kind of page is shieldproblocker[.]xyz?

Shieldproblocker[.]xyz is a deceptive website that uses a scare tactic to trick visitors into downloading an application. It displays a fake system notification claiming that a device has been compromised. Our team has discovered shieldproblocker[.]xyz while inspecting other sites that use rogue advertising networks.

   
Hacker Crypt2020 Ransomware

What is Hacker Crypt2020 ransomware?

During a routine inspection of new malware submissions, our researchers found a new ransomware-type program from the Xorist family - called Hacker Crypt2020.

After a sample of this ransomware was launched on our test machine, it encrypted files and appended their filenames with a ".hacker crypt2020.data" extension. For example, a file initially named "1.jpg" appeared as "1.jpg.hacker crypt2020.data", "2.png" appeared as "2.png.hacker crypt2020.data", etc.

Once this process was completed, Hacker Crypt2020 changed the desktop wallpaper, created a text file named - "HOW TO DECRYPT FILES.txt", and displayed a pop-up window. All three contained identical ransom notes in the Czech language. It is notable that these messages had elements of a sextortion scam.

   

Page 2 of 1563

<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>
About PCrisk

PCrisk logo

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal