Virus and Spyware Removal Guides, uninstall instructions

Zenon Clipper

What is Zenon clipper?

Zenon is malicious software classified as a 'clipper'. The primary functionality of this malware is stealing outgoing transfers from digital currency wallets. It does this by replacing the addresses of recipient cryptocurrency wallets and other e-wallets with those under possession of cyber criminals using Zenon.

Furthermore, this clipper has significant anti-detection and anti-analysis capabilities. The Zenon clipper is classified as a highly dangerous program. Therefore, its infections must be eliminated immediately upon detection.

   
EasyRansom Ransomware

What is EasyRansom?

Discovered by GrujaRS, EasyRansom is a malicious program categorized as ransomware. Systems infected with this malware experience data encryption and users receive ransom demands for decryption. Once the malicious executable, which initiates the infection process of EasyRansom is opened, it displays a pop-up window.

During the encryption process, all affected files are appended with the ".easyransom" extension. For example, a file originally named something like "1.jpg" would appear as "1.jpg.easyransom", "2.jpg" as "2.jpg.easyransom", and so on.

After this process is complete, ransom messages in Korean within text files named "easyransom_readme.txt" are dropped into compromised folders.

   
Egregor Ransomware

What is Egregor?

Egregor belongs to the family of ransomware called Sekhmet. It appends a string or random characters as the new extension of each encrypted file. For example, "1.jpg" is renamed to "1.jpg.JhWeA", "2.jpg" to "2.jpg.JhWeA", and so on. Egregor also creates the "RECOVER-FILES.txt" text file/ransom message in all folders that contain encrypted files.

   
OperativeProgram Adware (Mac)

What is OperativeProgram?

OperativeProgram is an adware-type app with browser hijacker characteristics. Following successful installation, it delivers intrusive advertisement campaigns and makes changes to browser settings to promote fake search engines. Additionally, most adware-type apps and browser hijackers monitor users' browsing activity.

Due to the dubious tactics used to proliferate OperativeProgram, it is also classified as a Potentially Unwanted Application (PUA).

   
Meetclick.biz Ads

What is meetclick[.]biz?

meetclick[.]biz is a rogue website which promotes other untrusted pages or displays dubious content. Generally, users arrive at these pages through deceptive ads, other sites of this kind, or when potentially unwanted applications (PUAs) are installed on the browser and/or computer.

I.e., users do not often visit sites such as meetclick[.]biz intentionally. Other examples of similar sites are tiktok-news[.]com, shopgirlmtl[.]com and superduniya[.]com.

   
ProgressBuffer Adware (Mac)

What is ProgressBuffer?

ProgressBuffer is an adware-type application with browser hijacker characteristics. Following successful installation, it runs intrusive advertisement campaigns and makes modifications to browser settings to promote fake search engines. Most adware-type apps and browser hijackers collect browsing-related information.

Due to the dubious methods used to proliferate ProgressBuffer, it is also classified as Potentially Unwanted Application (PUA).

   
ControlFraction Adware (Mac)

What is ControlFraction?

ControlFraction is dubious software classified as adware. It operates by running intrusive advertisement campaigns (i.e. delivering various ads), however, this application also makes modifications to browser settings to promote fake search engines - these capabilities are common to browser hijackers.

Since most users download/install ControlFraction unintentionally, it is classified as a Potentially Unwanted Application (PUA). Typically, PUAs monitor browsing activity and it is likely that ControlFraction does so as well.

   
Umobile-security.com POP-UP Scam (Mac)

What is umobile-security[.]com?

umobile-security[.]com is a deceptive website running a variety of scams. At the time of research, this web page promoted several scam variants, one of which was the "Your Apple iPhone is severely damaged" scheme. The website operates by making false claims (e.g. that the device is infected or the internet connection is unsafe) to promote various products.

Typically, scams of this type promote fake anti-viruses, adware, browser hijackers and other Potentially Unwanted Applications (PUAs), however, umobile-security[.]com has been observed promoting genuine software products as well. Few users access these sites intentionally - most are redirected to them by intrusive advertisements or PUAs.

No website can detect threats or issues present on visitors' devices.

   
Searchseries Redirect

What is Searchseries?

Searchseries is rogue software classified as a browser hijacker. Following successful infiltration, it makes alterations to browser settings to promote keysearchs.com (a fake search engine). It might also redirect to other search engines, bogus and legitimate sites.

Additionally, Searchseries monitors users' browsing activity. Due to the dubious methods used to proliferate browser hijackers, they are also classified as Potentially Unwanted Applications (PUAs).

   
ExecutorV3 Ransomware

What is the ExecutorV3 ransomware?

ExecutorV3, also known as Babaxed, is a ransomware-type malicious program. Systems infected with this malware experience data encryption and users receive ransom demands for decryption. During the encryption process, all compromised files are appended with the ".babaxed" extension.

For example, a file originally named something like "1.jpg" would appear as "1.jpg.babaxed" following encryption.

Once this process is complete, ExecutorV3 creates ten identical ransom messages in files named "RECOVERY INSTRUCTIONS 0.txt", "RECOVERY INSTRUCTIONS 1.txt", "RECOVERY INSTRUCTIONS 2.txt", (. . .), "RECOVERY INSTRUCTIONS 9.txt" (the numbers in the filenames range 0 to 9).

Due to 'buggy' (i.e. faulty) coding, however, this ransomware persists with the process and encrypts these text files a few minutes after the ransom-demand messages are created. Therefore, the important details inside them (i.e., cyber criminals' contact information, payment instructions, etc.) are rendered inaccessible.

This defeats ExecutorV3's entire purpose of demanding payment.

   

Page 1029 of 2106

<< Start < Prev 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 Next > End >>
About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal