Virus and Spyware Removal Guides, uninstall instructions

What is the BBC ransomware?

BBC is a malicious program belonging to the Phobos ransomware family. This malware operates by encrypting the data of infected systems in order to demand ransom payments for decryption.

During the encryption process, all affected files are renamed according to this pattern: original filename, unique ID assigned to the victims, cyber criminals' email address and the ".bbc" extension.

For example, a file such as "1.jpg" would appear as something similar to "1.jpg.id[1E857D00-2893].[0x1service@protonmail.com].bbc" following encryption. After this process is compete, ransom messages (within "info.hta" and "info.txt") are created.

What is Searchsio?

Searchsio is a browser hijacker promoted as a tool to improve the browsing experience. It can supposedly provide easy access to favorite topics, news, videos, images and so on. In fact, it diminishes the browsing experience by modifying browsers to promote a fake search engine (feed.searchsio.com).

Additionally, Searchsio monitors users' browsing habits. Since most users install this software unintentionally, it is also categorized as a Potentially Unwanted Application (PUA).

What is the captcha244[.]ga site?

captcha244[.]ga is a deceptive website, running various scams. It has been observed promoting a scheme claiming that spyware has been detected on visitors' Apple devices. The scam urges users to call a fake technical support line. Trusting the content promoted on this site can lead to serious issues.

Typically, users access these deceptive/scam web pages unintentionally - most are redirected to them through redirects caused by intrusive ads or Potentially Unwanted Applications (PUAs). This software does not need explicit user permission to be installed onto systems.

What is SearchTopic?

SearchTopic serve advertisements and promote the address of a fake search engine by modifying certain browser settings. In this context, the app has characteristics of adware and a browser hijacker. It is also possible that SearchTopic will gather data relating to users' browsing habits.

People often download and install programs such as SearchTopic inadvertently and, therefore, they are categorized as potentially unwanted applications (PUAs). Research shows that users are often tricked into installing SearchTopic through a deceptive Adobe Flash Player installer.

What is BigLock?

Discovered by GrujaRS, BigLock, also known as corona-lock, is a malicious malware program classified as ransomware. BigLock is designed to encrypt data and demand payment for decryption tools. During the encryption process, all affected files are appended with the ".corona-lock" extension.

Therefore, a file originally named something like "1.jpg" would appear as "1.jpg.corona-lock" following encryption. After this process is complete, a ransom message ("README_LOCK.TXT") is created.

What is News Precinct?

News Precinct is classified as a browser hijacker, since it promotes a fake search engine (newsprecinct.com) by changing certain browser settings. Commonly, apps of this type not only modify settings, but also collect various browsing-related information.

Users often download and install browser hijackers inadvertently and, therefore, these apps are categorized as potentially unwanted applications (PUAs). Note that News Precinct is installed with another PUA named Protect My Search Daily.

What kind of malware is Avaddon?

This ransomware was discovered by GrujaRS. Avaddon encrypts files with the AES encryption algorithm and encrypts an AES key using the RSA algorithm. It also changes the desktop wallpaper and renames all files by appending the ".avdn" extension. For example, it renames a file named "1.jpg" to "1.jpg.avdn", "2.jpg" to "2.jpg.avdn", and so on.

Instructions about how to access the website, which victims must supposed use to pay the ransom, are provided in the "[random_numbers]-readme.html" file. Avaddon drops this file in every folder that contains encrypted files.

What is .rar (Jigsaw)?

.rar (Jigsaw) malware is a part of the Jigsaw ransomware family. It encrypts files, modifies their filenames and displays a ransom message (pop-up window). It renames all encrypted files by appending the ".rar" extension to filenames. For example, it renames "1.jpg" to "1.jpg.rar", "2.jpg" to "2.jpg.rar", and so on.

Note that .rar is the extension of RAR, a legitimate archive file format and it is just a coincidence that this ransomware uses the same extension. Note also that it is possible to decrypt files encrypted by .rar (Jigsaw) ransomware with a free decryption tool developed by Emsisoft.

What is Kreberisec?

Kreberisec has characteristics of browser hijackers and adware: it changes certain browser settings to promote the address of a fake search engine and displays advertisements. It might also be capable of accessing and collecting browsing-related information.

Commonly, users download and install programs such as Kreberisec unintentionally and, therefore, they are categorized as potentially unwanted applications (PUAs). This particular app is distributed through a deceptive Adobe Flash Player installer.

What is ProduceStyle?

ProduceStyle is a rogue application categorized as adware. It runs intrusive ad campaigns (i.e., delivers various dubious and harmful advertisements). Additionally, this app has browser hijacker traits, such as browser settings modification and promotion of fake search engines.

ProduceStyle promotes Safe Finder via akamaihd.net. Since most users download/install this adware unintentionally, it is also classified as a Potentially Unwanted Application (PUA). Most apps of this type record browsing-related information, and it is highly likely that ProduceStyle does so as well.