Virus and Spyware Removal Guides, uninstall instructions

What is PBD?

Discovered by Jakub Kroustek, PBD ransomware is part of the Dharma family of ransomware-type programs. Typically, ransomware encrypts data stored on computers so that victims cannot use their files unless they decrypt them with a decryption tool/key, which can be purchased from cyber criminals.

Victims of the ransomware are thus forced to pay a ransom. PBD creates a ransom message within the "FILES ENCRYPTED.txt" file and displays another in a pop-up window. It also renames all files by adding a personal ID, email address, and ".PBD" extension to filenames.

For example, "1.jpg" might be renamed to a filename such as "1.jpg.id-1E857D00.[paybuyday@aol.com].PBD".

What is PC Power Plus?

PC Power Plus is software advertised as a system cleaner, booster, and overall performance enhancer. It is supposedly capable of detecting and removing various unnecessary files, registry, privacy, shortcut, and safety issues.

This program has an official website from which a trial version can be downloaded and the full version purchased, however, PC Power Plus might also be promoted in other dubious ways. It can be inadvertently installed together with other software - this marketing method is called "bundling".

Due to these dubious distribution methods, PC Power Plus is classified as a Potentially Unwanted Application (PUA).

What is LookupShare?

LookupShare is advertised as an app that helps users to browse the web, however, it is categorized as a potentially unwanted application (PUA) and adware.

Typically, people download and install software such as LookupShare unintentionally. When installed, adware-type apps serve advertisements and gather information relating to users' browsing activities. We advise you to uninstall LookupShare and other apps of this type installed on the browser and/or operating system immediately.

What is witarheckrenning[.]pro?

Once opened, witarheckrenning[.]pro redirects people to other rogue websites or displays dubious content. In any case, avoid this website and do not trust it. There are many websites of this type online including, for example, mirox22[.]biz, push-tools-system[.]com, and gunnepaa[.]xyz.

Browsers generally open these web addresses due to potentially unwanted applications (PUAs) installed on them. People do not often visit websites such as witarheckrenning[.]pro, or download/install PUAs, intentionally. Furthermore, PUAs feed users with ads and record private information.

What is Live Radio Pro Tab?

Live Radio Pro Tab is one of many browser hijackers and promoted as a tool for easy access to online radios.

It operates by making unauthorized changes to browsers and promoting search.tliveradiopro.com (a fake search engine). Live Radio Pro Tab also has data tracking capabilities, which it employs to record users' browsing habits. For the above reasons, it is categorized as a Potentially Unwanted Application (PUA).

What is "Funnymonday"?

Funnymonday is a family of websites, which operate by endorsing untrustworthy applications. This variant promotes Smart Mac Booster, which is classified as a Potentially Unwanted Application (PUA). Using scare tactics, Funnymonday urges people into downloading/installing the dubious software it advertises.

Visitors are alerted about fake threats/issues the site has supposedly detected and offers Smart Mac Booster as an app capable of eliminating these problems.

Note that no website can detect such issues. You are strongly advised against downloading/installing any applications that Funnymonday promotes - they are often bogus and nonfunctional. Web pages such as Funnymonday are generally opened by PUAs already present on the system.

What is mirox22[.]biz?

mirox22[.]biz is the address of a rogue web page which, once opened, redirects visitors to other untrustworthy websites or displays dubious content. Many other websites have similar operation to mirox22[.]biz including, for example, piedppienews[.]com, newsapp[.]biz, and trementrecially[.]pro.

In most cases, browsers open these websites due to potentially unwanted apps (PUAs) that are installed on them. Few people download or install these apps intentionally. In addition to forcing browsers to open dubious web pages, PUAs gather browsing related (and other details) and display intrusive ads.

What is push-tools-system[.]com?

Similar to best2019-games-web1.com, piedppienews.com, trementrecially.pro, and many others, push-tools-system[.]com is a rogue website. It operates by delivering dubious content and generating redirects to other untrustworthy and malicious websites.

Few visitors access push-tools-system[.]com intentionally - most are redirected by clicking intrusive advertisements or Potentially Unwanted Applications (PUAs) already present on the system. Note that these apps do not need express permission to infiltrate devices. Once installed, PUAs cause redirects, run ad campaigns, and track data.

What is Wiki?

Discovered by Jakub Kroustek and belonging to the Crysis/Dharma malware family, Wiki is malicious software classified as ransomware. It is designed to encrypt data and keep it locked until a ransom is paid (i.e., decryption software/tool is purchased).

When this malicious program encrypts data, it renames files with a unique ID number (generated for each victim), the developer's email address, and the ".wiki" extension. For example, "1.jpg" might be renamed to a filename such as "1.jpg.id-1E857D00.[bitlocker@foxmail.com ].wiki".

After this process is complete, Wiki stores a file named "FILES ENCRYPTED.txt" on the desktop and displays a pop-up window.

What is Nols?

Belonging to the Djvu ransomware family, Nols is malicious software designed to encrypt data and demand ransom payments for decryption (i.e., purchase of a decryption tool and unique key).

During the encryption process, all files are renamed with the ".nols" extension. Therefore, "1.jpg" becomes "1.jpg.nols" and so on for all affected files. After this process is complete, Nols creates a text file ("_readme.txt"), which it stores in all folders.