Virus and Spyware Removal Guides, uninstall instructions

What is ALVIN ransomware?

ALVIN is a ransomware-type program. Systems infected suffer data encryption and users receive ransom demands for decryption.

During the encryption process, all affected files are renamed following this pattern: "[rimon.argan@gmail.com][id=victim's_ID][original_filename].ALVIN", which consists of the cyber criminals' email address, unique ID assigned to the victims, the file's original title and the ".ALVIN" extension.

For example, a file named "1.jpg" would appear as something similar to "[rimon.argan@gmail.com][id=5AE4D12C]1.jpg.ALVIN" following encryption. Once this process is complete, text files named "HOW TO RECOVER ENCRYPTED FILES.txt" are dropped into compromised folders.

What is Pizhon?

Discovered by GrujaRS, Pizhon ransomware encrypt files, renames them, and provides instructions about how to contact the developers and various other details. Pizhon renames files by appending the ".pizhon" extension with a string of random characters.

For example, "1.jpg" is renamed to "1.jpg.pizhon-3f7d14a8467d2bc2", "2.jpg" to "2.jpg.pizhon-4f8e25b9578e3cb3", etc. It also creates a ransom message (within the "!!!README!!!.txt" file) in all folders that contain encrypted files.

What is the-best-push-news[.]com?

the-best-push-news[.]com is promoted via dubious websites, deceptive advertisements, and potentially unwanted applications (PUAs). I.e., users do often not visit these websites intentionally. There are many other examples on the web including alltopposts[.]com, reightpainf[.]top and content4you[.]net.

What is Xdddd ransomware?

Xdddd is malicious software and part of the Paradise ransomware group. Systems infected with this malware have their data encrypted, filenames altered, and users receive ransom demands for decryption tools.

During the encryption process, files are renamed following this pattern: original filename, unique ID assigned to the victims, cyber criminals' email address and the ".xdddd" extension. For example, "1.jpg" would appear as something similar to "1.jpeg[id-1EcoY95E].[asdasda@hotmail.com].xdddd" for all affected files.

After this process is complete, ransom-demand messages in "#DECRYPT MY FILES#.html" are dropped into compromised folders.

What is USAA email scam?

Commonly, phishing emails such as this example are used to trick recipients into providing sensitive information such as credit card details, login credentials (emails, usernames, passwords) or other details, which could be misused for malicious purposes.

Generally, cyber criminals attempt to trick recipients into proving this information by disguising their emails as important and official and/or by exploiting names of legitimate companies. In this particular case, an email is disguised as a message from USAA, a legitimate financial services company.

What is Abaddon?

Abaddon is a Remote Access Trojan (RAT) that receives commands via Discord. I.e., this RAT uses Discord as its Command and Control (C2) server. Additionally, Abaddon has a ransomware feature and could be used to execute commands to encrypt files.

Therefore, cyber criminals might use this malware to collect sensitive information and also to prevent victims from accessing their system and force them to pay a ransom.

What is Iiss?

Belonging to the Djvu ransomware family, Iiss encrypts files, modifies their filenames by appending its extension and creates a ransom message in all folders that contain encrypted files. It renames encrypted files by appending the ".iiss" extension to filenames.

For example, "1.jpg" is renamed to "1.jpg.iiss", "2.jpg" to "2.jpg.iiss", and so on. Instructions about how to contact Iiss's developers and other details are provided in "_readme.txt" text files (the ransom message).

What is Take mytab?

Take mytab is a browser hijacker. Following successful infiltration, this piece of rogue software changes browser settings to promote keysearchs.com (a fake search engine). Rogue search engines cannot provide unique results, and so they redirect to genuine sites.

Where Take mytab redirects to depends on users' geolocations. Additionally, this browser hijacker monitors browsing activity. Due to the dubious techniques used to proliferate Take mytab, it is also classified as a Potentially Unwanted Application (PUA).

What is AllStreamSearch?

Like most browser hijackers, AllStreamSearch promotes a fake search engine. In this case, by changing certain browser settings to allstreamsearch.com. It also records data relating to users' browsing habits. Commonly, users download and install browser hijackers inadvertently and, therefore, apps of this type are categorized as potentially unwanted applications (PUAs).

What is _encrypted (RRansom) ransomware?

Discovered by xiaopao, _encrypted (RRansom) is a malicious program classified as ransomware. Systems infected with this malware experience data encryption and users receive ransom demands for decryption. During the encryption process, files are appended with the "_encrypted" extension.

For example, a file originally named something like "1.jpg" would appear as "1.jpg_encrypted" following encryption. After this process is complete, a ransom message within the "README_encrypted.txt" file is created.