Virus and Spyware Removal Guides, uninstall instructions

What is LCK ransomware?

LCK is a malicious program belonging to the Dharma ransomware family. This particular program encrypts files, renames them, displays a pop-up window, and creates the "FILES ENCRYPTED.txt" text file. LCK renames files by adding the victim's ID, triplock@tutanota.com email address and ".LCK" extension to filenames.

For example, "1.jpg" is renamed to "1.jpg.id-C279F237.[triplock@tutanota.com].LCK", "2.jpg" to "2.jpg.id-C279F237.[triplock@tutanota.com].LCK", etc. The "FILES ENCRYPTED.txt" file and pop-up window displayed by LCK include ransom messages that contain instructions about how to contact the developers.

What is Slfyvggi ransomware?

Slfyvggi is malicious software belonging to the Snatch ransomware family. Systems infected with this malware have their data encrypted and users receive ransom demands for decryption. During the encryption process, all affected files are appended with the ".slfyvggi" extension.

For example, a file originally named something like "1.jpg" would appear as "1.jpg.slfyvggi" following encryption. Once this process is complete, ransom messages within "HOW TO RESTORE YOUR FILES.TXT" text files are dropped into compromised folders.

What is newscatch24[.]com?

Commonly, newscatch24[.]com and similar sites are opened by browsers that have potentially unwanted applications (PUAs) installed. PUAs also serve advertisements and collect data. Note that these apps are classified as PUAs because, in most cases, users download and install them inadvertently.

More examples of web pages that are function in a similar manner to newscatch24[.]com are rex-news[.]org, samizdat-philosophy[.]com and revoluciondron[.]com.

What is Wowbrowse?

Wowbrowse is a typical browser hijacker - it promotes a fake search engine( in this case, tailsearch.com) and forces users to visit this address at certain times. Additionally, it can read browsing data. Apps such as Wowbrowse are classified as potentially unwanted applications (PUAs), since users often download and install them inadvertently.

What is rex-news[.]org site?

Sharing similarities with samizdat-philosophy.com, revoluciondron.com, houstontexansteamstore.com and countless others, rex-news[.]org is a rogue website. This web page operates by presenting visitors with dubious content and/or redirecting them to other similarly untrusted or possibly malicious sites.

Few users enter rex-news[.]org intentionally - most are redirected to it by intrusive ads or by Potentially Unwanted Applications (PUAs) already installed on their devices. This software does not require explicit user permission to infiltrate systems. PUAs cause redirects, deliver intrusive ad campaigns and collect browsing-related data.

What is the Crypt ransomware?

Crypt is a malicious program belonging to the Dharma ransomware group. Systems infected with this malware experience data encryption and users receive ransom demands for decryption. During the encryption process, files are renamed following this pattern: original filename, unique ID assigned to the victim, cyber criminals' email address and the ".Crypt" extension.

For example, a file originally named "1.jpg" would appear as something similar to "1.jpg.id-C279F237.[Decrypt@msgsafe.io].Crypt" following encryption. After this process is complete, ransom messages are created in a pop-up window and "FILES ENCRYPTED.txt" text file.

What is Chromium Shield?

Chromium Shield is a rogue browser based on a legitimate, open-source project called Chromium. This piece of software is endorsed as supposedly capable of providing safe, secure and fast browsing.

Amongst its listed features are: free VPN; advertisement blocking; protection against tracking, surveillance and censorship; increased widow/tab response (i.e. reduced "freezing" of windows), and so on. In fact, the Chromium Shield browser operates as adware (i.e. delivers intrusive ad campaigns) and promotes fake search engines (e.g. opti-page.com).

Due to the dubious techniques used to proliferate Chromium Shield, it is also classified as a Potentially Unwanted Application (PUA). Additionally, most PUAs monitor users' browsing activity and collect sensitive information extracted from it. Therefore, it is likely that Chromium Shield also has such data tracking capabilities.

What kind of malware is MessedUp?

MessedUp is part of the Phobos ransomware family. It encrypts files, modifies their filenames, displays a ransom message and creates a text file (containing another ransom message). MessedUp renames encrypted files by adding the victim's ID, ICQ username (to contact the developers), and appending the ".messedup" extension.

For example, "1.jpg" is renamed to "1.jpg.id[C279F237-2797].[ICQ@FIREYOURITGUY].messedup", "2.jpg" to "2.jpg.id[C279F237-2797].[ICQ@FIREYOURITGUY].messedup", and so on. The "info.hta" and "info.txt" files are ransom messages, which contain instructions about how to contact the cyber criminals behind MessedUp.

What is samizdat-philosophy[.]com?

Typically, users arrive at web pages such as samizdat-philosophy[.]com via deceptive ads, untrusted pages or when they are opened by potentially unwanted applications (PUAs) installed on browsers or operating systems. Note that PUAs can display ads and gather certain information (e.g., browsing data).

They are classified as PUAs because users often download and install them inadvertently. More examples of deceptive websites similar to samizdat-philosophy[.]com include critical-alert[.]info, espublicaldru[.]info and doswinuba[.]com.

What is revoluciondron[.]com?

revoluciondron[.]com is an untrusted website with many similarities to critical-alert.info, myfreshposts.com, vildq.com, ngcomunicazione.com and countless others. Visitors to this page are presented with dubious content and/or are redirected to other bogus/malicious sites.

Few users enter revoluciondron[.]com or similar web pages intentionally - most are redirected to them by intrusive ads or by Potentially Unwanted Applications (PUAs) already installed on their devices. This software does not need express user permission to infiltrate systems.

PUAs cause redirects, deliver intrusive advertisement campaigns and collect browsing-related information.