Virus and Spyware Removal Guides, uninstall instructions

iTunes (FlyStudio) Ransomware

What is iTunes (FlyStudio)?

iTunes (FlyStudio) ransomware was discovered by GrujaRS. Typically, malware of this type encrypts files, modifies the filenames and generates a ransom message. iTunes (FlyStudio) renames encrypted files by appending the ".itunes" extension to filenames.

For example, it would change a file named "1.jpg" to "1.jpg.itunes", "2.jpg" to "2.jpg.itunes", and so on. It also generates a text file (the ransom message) named "itunes-DECRYPT----[random-number].txt".

   
DarkSide Ransomware

What kind of malware is DarkSide?

DarkSide was discovered by MalwareHunterTeam. Malware of this type makes files inaccessible to victims by encryption, modifies filenames, and generates ransom messages. DarkSide renames encrypted files by appending the victim's ID as an extension.

For example, it would rename "1.jpg" to "1.jpg.d0ac7d95", "2.jpg" to "2.jpg.d0ac7d95", and so on. It drops the "README.[victim's_ID].TXT" file (the ransom message) in every folder that contains encrypted data.

   
SkillInitiator Adware (Mac)

What is SkillInitiator?

SkillInitiator is an adware-type application with browser hijacker traits. It operates by delivering intrusive advertisements, making modifications to browser settings and promoting fake search engines. SkillInitiator promotes z6airr.com in this manner, however, on Google Chrome browsers, it promotes search.dominantmethod.com.

Additionally, most adware and browser hijackers have data tracking capabilities, which are employed to monitor browsing activity and collect sensitive information extracted from it. Therefore, it is highly likely that SkillInitiator has this functionality as well. Due to the dubious techniques used to proliferate this app, it is classified as a Potentially Unwanted Application (PUA).

One of the methods used to proliferate SkillInitiator is via fake Adobe Flash Player updates. Note that bogus software updaters/installers also spread malware (e.g. Trojans, ransomware, etc.).

   
FIXI Ransomware

What is FIXI?

Discovered by xiaopao and belonging to the Scarab ransomware family, FIXI ransomware is designed to encrypt files, rename them and create the "HOW TO DECRYPT FILES.TXT" text file (a ransom message) in all folders that contain encrypted files. It renames files by replacing their filenames with a string of random characters and appending the ".FIXI" extension to them.

For example, it would rename a file called "1.jpg" to "2g000000002OwQYLw49dTSM2LH8grKRi.FIXI", "2.jpg" to "2g000000004BwGUOw56cTSM2LH8grCDo.FIXI", etc. Additionally, this ransomware disables Task Manager (preventing access).

   
HDConverterSearch Browser Hijacker

What is HDConverterSearch?

HDConverterSearch is dubious software endorsed as a tool capable of improving web searches. In fact, it operates by making alterations to browser settings to promote hdconvertersearch.com (a bogus search engine). Therefore, HDConverterSearch is categorized as a browser hijacker.

Additionally, it possesses data tracking capabilities, which are used to collect information relating to browsing activity. Since most users install HDConverterSearch inadvertently, it is also classified as a Potentially Unwanted Application (PUA).

   
AB89 Ransomware

What is AB89?

AB89 is part of the Matrix ransomware family and was discovered by Michael Gillespie. Typically, malware of this type is designed to encrypt files, modify their filenames and create and/or display ransom messages.

AB89 renames encrypted files by replacing their filenames with the AdamBrown89@criptext.com email address, a string of random characters and appending the ".AB89" extension.

For example, it would rename "1.jpg" to "[AdamBrown89@criptext.com].COel9CRH-UwxXSDcd.AB89", "2.jpg" to "[AdamBrown89@criptext.com].GUel6TKO-UbgAFPdc.AB89", and so on. A ransom message created by AB89 can be found in all folders that contain encrypted files - this is within a text file named "AB89_INFO.rtf".

   
Social Network Hacks Scam

What is "Social network hacks"?

"Social network hacks" is a large-scale scam promoted through several different campaigns. This scheme is disguised as providing resources for hacking social networking/media and service (e.g. streaming) accounts.

The "hacking tools" are supposedly capable of hijacking Facebook, Instagram, WhatsApp, Snapchat, TikTok and Netflix accounts (possibly, those of other large platforms as well). These "resources" were observed being promoted via compromised official websites, where they were presented as hacking articles.

Another technique was the injection of these scam articles into the topmost Google search engine results when a directly or tangentially-related query was searched. The deceptive articles redirected to various harmful sites, which endorsed malware under the guise of "hacking tools", requested personal and financial information (i.e phishing) or otherwise misused users' trust.

Note that web pages associated with or similar to the "Social network hacks" scam are often unintentionally accessed through redirects caused by intrusive advertisements or Potentially Unwanted Applications (PUAs) already infiltrated into the system.

   
AnyConverterSearch Browser Hijacker

What is AnyConverterSearch?

AnyConverterSearch is a browser hijacker, which changes certain browser settings to portal.anyconvertersearch.com or feed.anyconvertersearch.com (addresses of fake search engines).

Commonly, apps of this type collect browsing-related data as well. Browser hijackers are categorized potentially unwanted applications (PUAs), since users often download and install them inadvertently.

   
Protomolecule Ransomware

What is Protomolecule?

This malware belongs to the Scarab ransomware family and was discovered by xiaopao. Protomolecule ransomware encrypts files and renames each by replacing the filename with a string of random characters, and replacing the extension with ".protonmolecule@gmx.us".

For example, it would rename a file such as "1.jpg" to "2g0000000009GIRwwFPSWdP1Df4D8c4n.protomolecule@gmx.us", "2.jpg" to "2w0000000003EYSddFPSWdU3Of5F4b9o.protomolecule@gmx.us", and so on. Protomolecule also creates a ransom message within a text file named "HOW TO RECOVER ENCRYPTED FILES".

It drops this file in all folders that contain encrypted files.

   
SearchProConverter Browser Hijacker

What is SearchProConverter?

SearchProConverter is a browser hijacker designed to modify browsers to promote searchproconverter.com (a fake search engine). Additionally, this browser hijacker also has data tracking capabilities, which are employed to monitor users' browsing activity.

Due to the dubious methods used to proliferate SearchProConverter, it is classified as a Potentially Unwanted Application (PUA).

   

Page 1074 of 2105

<< Start < Prev 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 Next > End >>
About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal