Virus and Spyware Removal Guides, uninstall instructions

SystemJump Adware (Mac)

What is SystemJump?

SystemJump is endorsed as an app supposedly capable of enhancing the browsing experience by providing fast searches, accurate search results, etc. In fact, it behaves as adware. Adware-type apps operate by delivering intrusive advertisement campaigns (they display various unwanted ads).

Due to its dubious distribution methods, SystemJump is categorized as a Potentially Unwanted Application (PUA). Note that most apps of this type have data tracking capabilities.

   
MedusaLocker Ransomware

What is MedusaLocker?

Discovered by MalwareHunterTeam, MedusaLocker is malicious software, which is classified as ransomware. It operates by encrypting files and keeping them inaccessible until a ransom is paid (i.e. the decryption software/tool is purchased). During the encryption process, all files are renamed with the ".encrypted" extension.

For example, "1.jpg" becomes "1.jpg.encrypted". Once data is encrypted, MedusaLocker stores an HTML file ("HOW_TO_RECOVER_DATA.html") containing a ransom message on the victim's desktop.

Other variants of this ransomware use the ".bomber", ".boroff", ".breakingbad", ".locker16", ".newlock", ".nlocker", ".skynet", ".deadfiles", ".abstergo", ".himynameisransom", ".ReadInstructions", ".EG", ".decrypme", ".ReadTheInstructions", and ".READINSTRUCTIONS" extensions for encrypted files.

   
Prize-mania.mobi Ads

What is prize-mania[.]mobi?

prize-mania[.]mobi is an untrustworthy website, which redirects visitors to other sites of this kind or displays dubious content. Generally, people do not visit/open prize-mania[.]mobi intentionally - in most cases, browsers open these web pages when a potentially unwanted application (PUA) is installed.

Typically, PUAs force browsers to open dubious web pages and display ads. Furthermore, they often gather information relating to users. Other examples of sites similar to prize-mania[.]mobi include sentfromfriend[.]com, allwebdesignesu[.]info, and pushs-veriprt[.]com.

   
Mon-thu POP-UP Scam (Mac)

What is Mon-thu?

Mon-thu is a family of many untrustworthy web pages that deceptively advertise dubious applications. Mon-thu tricks people into believing that their Mac computers are infected with viruses and encourages them to download and install the Smart Mac Booster app (or other similar apps).

Websites of this type and apps promoted on them should never be trusted. Browsers usually open these web pages due to potentially unwanted applications (PUAs) installed on them. PUAs can cause redirects to dubious pages, display unwanted ads, and gather information relating to users.

   
oo7 Ransomware

What is oo7?

Discovered by Jakub Kroustek, this ransomware belongs to the Crysis/Dharma malware family. oo7 is designed to encrypt data and keep it locked, until a ransom is paid (i.e. until the decryption tool is purchased). During the encryption process, files are renamed with the victim's unique ID number, developer's email address, and the ".oo7" extension.

For example, "1.jpg" might be renamed to a filename such as "1.jpg.id-1E857D00.[b1tc01n@aol.com].oo7". Once the process is complete, a text file called "FILES ENCRYPTED.txt" is stored on the desktop and a pop-up window is displayed.

   
AppleJeus Malware (Mac)

What kind of malware is AppleJeus?

AppleJeus is the name of backdoor malware that was distributed by the Lazarus group. They spread this malicious software through a fake app disguised as a cryptocurrency trading application called Celas Trade Pro.

There is now a new trojanized cryptocurrency trading app called JMT Trader that operates in a similar manner - it installs the AppleJeus backdoor trojan on the victim's computer. JMT Trader can be installed on Windows and MacOS computers.

   
Leto Ransomware

What is Leto?

Leto is malicious software, belonging to the Djvu ransomware family. It operates by encrypting data and keeping it locked until a ransom is paid (i.e., decryption software/tool and a unique key are purchased). As Leto encrypts, it renames all files by adding the ".leto extension.

For example, a file named "1.jpg" will appear as "1.jpg.leto", and so on. After the process is complete, a text file called "_readme.txt" is stored on the desktop.

   
Cobain Ransomware

What is Cobain?

Discovered by dnwls0719, Cobain is malicious software classified as ransomware. Cobain originates from another ransomware infection called Hermes837. It is designed to encrypt data and keep it inaccessible until a ransom is paid (i.e. until the decryption software/tool and private key is purchased).

During the encryption process, all files are renamed with the ".cobain" extension. Therefore, "1.jpg" becomes "1.jpg.cobain". After the process is complete, a text file - "!!!READ_ME!!!.txt" containing the ransom message is stored on the affected user's desktop.

   
Mondaysunday POP-UP Scam (Mac)

What is Mondaysunday?

Mondaysunday is a deceptive website used to advertise a rogue application called Smart Mac Booster. When opened, it informs visitors that their computers are infected with viruses and encourages them to remove the threats with the aforementioned application.

Websites such as Mondaysunday and apps promoted on them should not be trusted. Typically, websites of this type are opened by potentially unwanted applications (PUAs) that are installed on browsers or computers. PUAs are often designed to record various user-system information and display annoying, often deceptive advertisements.

   
Mybestmv.com Ads

What is mybestmv.com?

mybestmv.com is a rogue website designed to cause redirects to other dubious sites. It is virtually identical to notifychheck.com, servedbytrackingdesk.com, notification-browser.tools, and many others.

Generally, users visit mybestmv.com inadvertently - they are redirected by potentially unwanted applications (PUAs) or intrusive advertisements displayed on untrustworthy sites. Research shows that PUAs typically infiltrate systems without permission and, cause redirects, record user-system information, and deliver intrusive advertisements.

   

Page 1299 of 2106

<< Start < Prev 1291 1292 1293 1294 1295 1296 1297 1298 1299 1300 Next > End >>
About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal