Virus and Spyware Removal Guides, uninstall instructions

What is Quaverse?

Quaverse (also known as QRAT and Qua RAT) is a Remote Access Trojan (RAT) based on the Java programming language. Like most RATs, it allows cyber criminals responsible to remotely control infected computers. In most cases, RATs are used to steal sensitive information and distribute other malicious programs.

Research shows that Quaverse is offered under the software-as-a-service (SaaS) model - it can be accessed online via a subscription.

What is LaunchSystem?

LaunchSystem functions as adware, browser hijacker, and a data collector. It serves advertisements, promotes a fake search engine address by changing browser settings, and gathers sensitive information.

Generally, users download and install applications such as LaunchSystem inadvertently and, for this reason, they are categorized as potentially unwanted applications (PUAs). This particular app is distributed via a deceptive (fake) installer disguised as an installer for Adobe Flash Player.

What is Elvis ransomware?

This ransomware is a part of the Dharma ransomware family. It prevents victims from accessing/using their files by encrypting them, renames all encrypted files, displays a pop-up window (a ransom message) and creates the "FILES ENCRYPTED.txt" text file (another ransom message).

Elvis ransomware adds the victim's ID, the elvisdark@aol.com email address and appends the ".Elvis" extension to filenames of the encrypted files. For example, "1.jpg" is renamed to "1.jpg.id-C279F237.[ElvisDark@aol.com].Elvis", "2.jpg" to "2.jpg.id-C279F237.[ElvisDark@aol.com].Elvis", and so on.

What is Banjo?

Banjo is a malicious program belonging to the Phobos ransomware family. Like most programs of this type, Banjo is designed to encrypt files, modify their filenames, and provide instructions about how to contact the developers. It renames files by adding the victim's ID, the mutud@airmail.cc email address, and appending the ".banjo" extension.

For example, "1.jpg" is renamed to "1.jpg.id[C279F237-3069].[mutud@airmail.cc].banjo", "2.jpg" to "2.jpg.id[C279F237-3069].[mutud@airmail.cc].banjo", and so on. Banjo issues instructions about how to contact its developers in a pop-up window and "info.txt" text file.

What is Pethya Zaplat Zasifrovano?

Pethya Zaplat Zasifrovano was discovered by xiaopao. This ransomware is designed to encrypt files, modify their filenames, change the desktop wallpaper, display a number of pop-up windows, and create the "HOW TO DECRYPT FILES.txt" text file in folders containing encrypted files.

Its desktop wallpaper, one of the pop-up windows, and text files are the ransom messages. Pethya Zaplat Zasifrovano renames encrypted files by appending ".pethya zaplat zasifrovano" to the filenames. For example, "1.jpg" is renamed to "1.jpg.pethya zaplat zasifrovano", "2.jpg" to "2.jpg.pethya zaplat zasifrovano", and so on.

What is Spacerin?

Spacerin promotes spacerin.com (the address of a fake search engine) by changing certain browser settings. These apps also collect information relating to users' browsing habits. Note that people often download and install browser hijackers inadvertently. Therefore, Spacerin and other apps of this type are categorized as potentially unwanted applications (PUAs).

What is CC1H?

CC1H belongs to the GlobeImposter ransomware family. There are at least two variants of CC1H, both of which encrypt files, rename them, and create "INFO.html" files (ransom messages) in all folders that contain encrypted files. One variant appends the ".CC1H" extension to the filenames of encrypted files, whilst the other appends the ".CC4H" extension.

For example, one variant would rename a file named "1.jpg" to "1.jpg.CC1H", "2.jpg" to "2.jpg.CC1H", and so on. The other variant would rename "1.jpg" to "1.jpg.CC4H", "2.jpg" to "2.jpg.CC4H", and so on.

What is V3JS?

V3JS Ransomware encrypts files and displays a window containing a ransom message. Unlike many other malicious programs of this type, it does not rename any of the encrypted files. Note that the ransom message is in Polish and English and, therefore, it is likely that V3JS's developers are Polish and/or target users living in Poland.

What is the "Google Chrome Blocked for Security Reasons" scam?

In affiliate programs, individuals have the opportunity to make money by promoting products or services created by other companies - they can receive a commission for each product that was purchased via their affiliate link. This website promotes legitimate antivirus programs, however, its promotion strategy is based on deception.

Note that users do not often visit such web pages intentionally - they are opened through other untrusted sites, deceptive ads, or by potentially unwanted apps (PUAs) that are installed on browsers and/or computers.

What is UpdateAdmin?

UpdateAdmin is designed to serve advertisements, promote 6v5f3l.com and search.basicgeneration.com (fake search engines), and collect sensitive information. This app functions as adware and a browser hijacker.

Typically, users do not download or install UpdateAdmin or similar apps intentionally and, for this reason, they are classified as potentially unwanted applications (PUAs). Developers attempt to trick users into installing UpdateAdmin via a fake installer for Adobe Flash Player.