Virus and Spyware Removal Guides, uninstall instructions

.HOW Ransomware

What is .HOW ransomware?

Discovered by Jakub Kroustek, .HOW belongs to the Dharma ransomware family. This malware encrypts files, changes filenames, and generates ransom messages. It renames encrypted files by adding the victim's ID, how_decrypt@aol.com email address and appending the ".HOW" extension to filenames.

For example, it renames "1.jpg" to "1.jpg.id-1E857D00.[how_decrypt@aol.com].HOW", "2.jpg" to "2.jpg.id-1E857D00.[how_decrypt@aol.com].HOW", and so on. Instructions about how to contact cyber criminals behind .HOW are in a displayed pop-up window and text file named "FILES ENCRYPTED.txt".

   
MyAudioTab Toolbar

What is hp.myway.com?

MyAudioTab is a browser hijacker designed by Mindspark Interactive Network. It supposedly provides quick access to various audio conversion tools. In fact, its main purpose is to promote hp.myway.com (the address of a fake search engine) by changing certain browser settings.

Typically, apps of this type collect browsing data and other information. People do not often download or install browser hijackers intentionally and, therefore, they are categorized as potentially unwanted applications (PUAs).

   
WastedLocker Ransomware

What is WastedLocker?

WastedLocker is a malicious program classified as ransomware. Systems infected with this malware suffer data encryption and users receive ransom demands for decryption.

There are multiple variants of this ransomware. During the encryption process, WastedLocker renames affected files by appending them with an extension consisting of three characters (which depend on the malware variant) and the word "wasted" (without a space between the three letters and the word).

The researched variants appended files with the ".bbawasted" extension, and another with ".rlhwasted". To elaborate, a file originally named "1.jpg" would appear as "1.jpg.bbawasted", "1.jpg.rlhwasted", or something similar to these examples. After the encryption process is complete, WastedLocker creates a ransom message for each encrypted file.

Ransom messages are named in accordance with encrypted files (e.g. "1.jpg.bbawasted_info", "1.jpg.rlhwasted_info", etc.). The text presented in these ransom demand messages is practically identical throughout the ransomware variants.

   
MyDocsHere Toolbar

What is hp.myway.com?

There are many browser hijackers designed by Mindspark, including MyDocsHere. This app hijacks browsers by assigning certain settings to hp.myway.com (the address of a fake search engine). It is possible that this app might also be capable of collecting various data.

Typically, users do not download or install apps such as MyDocsHere intentionally and, therefore, they are categorized as potentially unwanted applications (PUAs).

   
Keysdigita.com Ads

What is keysdigita[.]com?

keysdigita[.]com is often visited by people unintentionally when they are opened by installed potentially unwanted applications (PUAs). When visited, the site opens a number of other bogus web pages or displays dubious content. There are many websites similar to keysdigita[.]com including, for example, zmusic-online[.]com, routemob[.]com and rministencew[.]club.

Note that PUAs not only promote bogus web pages, but also display ads and collect data.

   
My Email Checker Browser Hijacker

What is My Email Checker?

The My Email Checker app is supposedly designed to provide quick access to email service providers. In fact, its main purpose is to promote the hp.hmyemailchecker.co (or search.hmyemailchecker.co) address (a fake search engine) by changing certain browser settings.

It might also be capable of collecting various information. In most cases, users download and install browser hijackers inadvertently and, therefore, apps of this type are categorized as potentially unwanted applications (PUAs). Note that My Email Checker is distributed with Hide My History, another PUA.

   
XpertRAT Malware

What is XpertRAT?

XpertRAT is a Remote Administration Trojan, a malicious program that allows cyber criminals to remotely access and control infected computers. Typically, users download and install this software inadvertently because they are tricked. By having computers infected with malware such as XpertRAT, users can experience serious problems.

   
VenomRAT Malware

What kind of malware is VenomRAT?

VenomRAT is a malicious program and a common malware infection presented as an innocuous Remote Access Tool (RAT). In fact, VenomRAT has multiple dangerous capabilities clearly designed with malicious purposes in mind - it is therefore also classified as a Remote Access Trojan.

At the time of research, VenomRAT was offered at these costs: one month at US$150, three at $350, and six at $550. Malware within the RAT category operates by granting remote access and control over an infected device. These Trojans can have a wide variety of functionalities that enable likewise varied misuse.

VenomRAT is classified as a highly dangerous piece of software and it can cause serious issues.

   
A Virus Has Been Detected On Your Computer POP-UP Scam

What is "A virus has been detected on your computer"?

This is a typical tech support scam in which criminals claim to offer a legitimate technical support service.

Typically, the scammers responsible attempt to trick unsuspecting users into paying for supposedly legitimate software or services, or even installing a Remote Administration Tool (RAT), which would allow them to remotely access and control computers. In any case, you are strongly advised to ignore such scams and never trust the messages.

   
Credo Ransomware

What is Credo?

Discovered by dnwls0719, Credo belongs to the Dharma ransomware family. Credo is typical ransomware: it encrypts files, renames them and generates a ransom message. It renames encrypted files by adding the victim's ID, Recovery@qbmail.biz email address and appending the ".credo" extension to filenames.

For example, it would change a file named "1.jpg" to "1.jpg.id-1E857D00.[Recovery@qbmail.biz].credo", "2.jpg" to "2.jpg.id-1E857D00.[Recovery@qbmail.biz].credo", and so on. Credo generates two ransom messages: it displays one in a pop-up window and creates another in a text file named "FILES ENCRYPTED.txt".

   

Page 1101 of 2107

<< Start < Prev 1101 1102 1103 1104 1105 1106 1107 1108 1109 1110 Next > End >>
About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal