Virus and Spyware Removal Guides, uninstall instructions

What is "Required video codec is not installed on your computer"?

Blue screen of death (BSoD) is an error screen that appears when the Windows Operating System can no longer operate. This website loads a fake BSoD stating that Windows Media Player cannot play a video because the required video codec is not installed on the operating system.

It is very likely that this web page is used to trick visitors into downloading and installing a potentially unwanted application (PUA). At the time of research, this social engineering scam distributed ZLoader malware. Note that this web page is promoted via fake movie streaming websites, which users do not visit intentionally.

What is Lola?

This ransomware was discovered by MalwareHunterTeam. Malware of this type encrypts and renames victims' files, and generates a ransom message. Lola renames encrypted files by appending the ".lola" extension. For example, "1.jpg" is renamed to "1.jpg.lola", "2.jpg" to "2.jpg.lola", and so on.

Lola creates the "Please_Read.txt" text file (the ransom message) in each folder that contains encrypted files.

What is Muti-webtool?

Like most browser hijackers, Muti-webtool promotes a fake search engine address. Additionally, it collects browsing data. Typically, users do not download or install browser hijackers intentionally. Therefore, Muti-webtool is categorized as potentially unwanted application (PUA).

What is NocryCrypt0r?

NocryCrypt0r was discovered by xiaopao. This ransomware encrypts files, changes their extensions and creates a ransom message. It renames files by appending ".partially.nocry" as the new extension. For example, "1.jpg" is renamed to "1.jpg.partially.nocry", "2.jpg" to "2.jpg.partially.nocry", and so on.

NocryCrypt0r creates the ransom message in a text file named "CryptoJoker Recovery Information.txt".

What is PowerMyMac?

PowerMyMac is advertised as a tool that optimizes and cleans Mac computers, however, this app is proliferated using dubious methods, which increases the chance that users will download and install it inadvertently. For this reason PowerMyMac is categorized as a potentially unwanted application (PUA).

What is Dex ransomware?

Dex ransomware belongs to the Dharma family. It encrypts victims' files, renames each encrypted file, displays a pop-up window, and creates the "FILES ENCRYPTED.txt" text file. The pop-up and text file contain instructions about how to contact the ransomware developers.

Dex renames files by adding the victim's ID, decryptex@airmail.cc email address, and appending the ".dex" extension to filenames. For example, "1.jpg" is renamed to "1.jpg.id-C279F237.[decryptex@airmail.cc].dex", "2.jpg" to "2.jpg.id-C279F237.[decryptex@airmail.cc].dex", etc.

What is RequestPlan?

RequestPlan is designed to function as an adware-type application and a browser hijacker. Therefore, it serves advertisements and promotes a fake search engine address by making changes to certain browser settings. This app can also read sensitive information from browsers that have this app installed on them.

In most cases, users download and install apps such as RequestPlan inadvertently and, for this reason, they are classified as potentially unwanted applications (PUAs).

What is Sglh?

Belonging to the Djvu ransomware family, Sglh encrypts files and renames them by appending the ".sglh" extension to filenames. For example, "1.jpg" is renamed to "1.jpg.sglh", "2.jpg" to "2.jpg.sglh", and so on.

Like most programs of this type, Sglh creates a ransom message (in this case, within the "_readme.txt" text file) demanding a fee to be paid. The file is created in each folder that contains encrypted files.

What is TopSportsSearch?

TopSportsSearch is rogue software classified as a browser hijacker. Following successful installation, it makes modifications to browser settings to promote topsportssearch.com (a bogus search engine). Additionally, TopSportsSearch collects browsing-related information.

Due to the dubious techniques used to proliferate this browser hijacker, it is also classified as a Potentially Unwanted Application (PUA).

What is Hidden ransomware?

Hidden is a malicious program belonging to the Voidcrypt ransomware family. It operates by encrypting data and demanding ransoms for decryption tools. During the encryption process, all affected files are renamed following this pattern: original filename, cyber criminals' email address, unique ID assigned to the victims and the ".Hidden" extension.

For example, a file originally named "1.jpg" would appear as something similar to "1.jpg.[Wannadecryption@gmail.com][7W20T6934HP1LFO].Hidden" following encryption. After this process is complete, ransom messages within "!INFO.HTA" files are dropped into compromised folders.