Virus and Spyware Removal Guides, uninstall instructions

What is .VIRUS?

Discovered by Jakub Kroustek and belonging to the Dharma ransomware family, .VIRUS is malicious software, which is categorized as ransomware. This program operates by encrypting data and demanding ransom payments for decryption software/tools.

When .VIRUS encrypts files, it renames them with the victim's unique ID number, the developer's email address, and ".VIRUS" extension.

Therefore, "1.jpg" might appear similar to "1.jpg.id-1E857D00.[amandacerny89@aol.com].VIRUS", and so on. After this process is complete, a text file ("FILES ENCRYPTED.txt") is created on the desktop and a pop-up window is displayed.

What is Get Breaking News?

The Get Breaking News app supposedly provides quick access to various popular news websites, however, it promotes a fake search engine (search.getbreakingnewstabnet.com) by changing browser settings. It also gathers information relating to users' browsing activities.

Apps that operate in this way are called browser hijackers - they are potentially unwanted applications (PUAs), which most people download and install unintentionally. Furthermore, Get Breaking News is installed together with another PUA called Hide My Searches.

What is apple.com-mac-optimizing[.]live?

apple.com-mac-optimizing[.]live is the address of a deceptive website, which scammers use to trick visitors into downloading and installing a rogue app called Cleanup My Mac. This web page informs visitors that their computers are infected with a virus and they should remove it with the aforementioned application immediately.

Websites such as apple.com-mac-optimizing[.]live should never be trusted, and the same applies to apps advertised on them. These sites are usually opened by potentially unwanted applications (PUAs) already installed on computers and/or browsers.

What is CYBORG?

CYBORG is malicious software discovered by GrujaRS. This malware is classified as ransomware and is designed to encrypt data and demand ransom payments for decryption tools/software.

During the encryption process, files are renames with the ".petra" extension. For example, "1.jpg" becomes "1.jpg.petra" and so on for all compromised files. Updated variants of CYBORG ransomware append ".lazareus" and ".Cyborg1" extensions.

Once this process is complete, CYBORG stores a text file ("Cyborg_DECRYPT.txt") on the desktop and changes the wallpaper.

What is Meka?

Meka ransomware is designed to encrypt files and keep them inaccessible unless victims purchase a decryption tool and key from the cyber criminals who created this malware. Meka is a part of Djvu ransomware family. Like most programs of this type, it renames encrypted files and creates a ransom message.

Meka renames files by adding the ".meka" extension to filenames. For example, "1.jpg" becomes "1.jpg.meka". Instructions about how to pay for decryption are provided in the "_readme.txt" text file.

What is "On this day I hacked your OS"?

"On this day I hacked your OS" is an email scam, which uses a blackmailing tactic called "sextortion" - it extorts money from users via threats to expose evidence of their 'sexual activity'. This scam claims to have obtained audio and visual content via the device's camera and microphone.

It informs users that this evidence will be sent to all of their contacts, unless a certain sum in transferred to the account of cyber criminals behind the rogue email. Note that these claims are false and no such compromising material exists. Emails of this type should be ignored.

What is Toec?

Toec is ransomware that belongs to the Djvu ransomware family. Typically, people who have computers infected with malware like Toec cannot access or use their files, since these programs encrypt data with strong encryption algorithms.

In most cases, the only way to decrypt files is to use decryption tools and/or keys, which can only be purchased from the cyber criminals who designed the ransomware. Therefore, victims are forced to pay ransoms. Toec renames encrypted files by appending the ".toec" extension.

For example, "1.jpg" becomes "1.jpg.toec". It also creates a ransom message within the "_readme.txt" text file.

What is True PC Booster Master?

The True PC Booster Master program is identical to PC Power Plus. It is promoted as a computer performance enhancing tool, supposedly capable of detecting and removing malware, spyware, adware and various unwanted files.

This software has a promotional website, from which it can be downloaded free of charge or purchased, however, this is not the only way it is installed onto devices. True PC Booster Master can also infiltrate systems through the download/installation set-ups of other programs.

This marketing method ("bundling") is dubious and, therefore, True PC Booster Master is classified as a Potentially Unwanted Application (PUA).

What is "I'm a programmer who cracked your email Scam"?

Like most spam campaigns, "I'm a programmer who cracked your email Scam" is used by cyber criminals who make threats and ransom demands. These messages generally state that they have stolen your personal data and recorded a compromising video or photograph of you.

They make threats stating that if you do not wish this material to be sent to all of your contacts, you must pay a ransom. This is a typical scam and there is no need for concern.

What is happy.luckyparkclub[.]com?

happy.luckyparkclub[.]com is a deceptive website that, if opened, invites visitors to participate in lotteries and to win prizes. To gain a chance to win a prize, a survey must first be completed.

Typically, people do not visit websites such as happy.luckyparkclub[.]com intentionally - they are redirected to them through clicked untrustworthy ads or potentially unwanted applications (PUAs) installed on browsers and/or computers. Generally, people download and install these apps unintentionally.

When installed, PUAs feed users with ads, cause redirects to dubious web pages such as happy.luckyparkclub[.]com, and gather information. We advise against completing any surveys promoted through happy.luckyparkclub[.]com or other similar websites, since they might be used to obtain private details, which could be misused to generate revenue.