Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is no_more_ransom?

The no_more_ransom ransomware infection is a part of Rapid, a family of ransomware-type programs. Like most malicious programs of this type, no_more_ransom encrypts files stored on the computer. Therefore, victims lose access to files unless they pay a ransom.

This ransomware renames files by adding the ".no_more_ransom" extension to filenames. For example, "1.jpg" becomes "1.jpg.no_more_ransom". Additionally, no_more_ransom generates a ransom message within the "How Recovery Files.txt" file.

This file contains instructions about how to purchase a decryption tool. Cyber criminals named this ransomware using the No More Ransom project title (the main aim of this project is to help victims of ransomware recover their files without having to pay cyber criminals).

What is Proced?

Discovered by MalwareHunterTeam, Proced is malicious software classified as ransomware. It is designed to encrypt data and keep it locked until a ransom is paid (i.e., decryption tool/software is purchased). During the encryption process, all files are renamed by adding the ".proced" extension.

For example, "1.jpg" becomes "1.jpg.proced". Once this process is complete, Proced displays a pop-up window, which details the decryption instructions.

What is Angus?

Discovered by GrujaRS, Angus is categorized as ransomware and is part of the King Ouroboros ransomware family. Programs of this type are designed to prevent victims from accessing their files by encryption. To decrypt files, victims are encouraged to purchase decryption tools from ransomware developers (I.e., pay ransoms).

Angus renames encrypted files by adding an email address, victim's ID, and ".Angus" extension to filenames. For example, "1.jpg" might be renamed to "1.jpg.Email=[Legion.developers72@gmail.com] ID=[0H1Khr79qvNDB4M].Angus". Angus also creates a ransom message with the "HowToDecrypt.txt" text file and displays the same message in a pop-up window.

What is apple.com-guard-device[.]live?

apple.com-guard-device[.]live is a scam site, which is designed to endorse the Cleanup My Mac application using scare tactics. This website operates by alerting users of supposed threats it has detected. Note that any viruses apple.com-guard-device[.]live detects are false.

This web page should not be trusted and the products it advertises should not be downloaded or installed.

Typically, scam websites offer apps, which are fake and nonoperational. Few users access apple.com-guard-device[.]live intentionally - most are redirected to it by intrusive advertisements or potentially unwanted applications (PUAs) already present on their Mac operating systems.

What is OnlyApplication?

Developers advertise OnlyApplication as a useful tool which provides faster searches, accurate results, and an enhanced browsing experience.

In fact, this program is classified as a potentially unwanted application (PUA), an adware-type app that serves unwanted, intrusive advertisements. PUAs often collect various user-system information. Generally, people download and install adware (and other PUAs) unintentionally.

What is Kuub?

Kuub is malicious software categorized as ransomware. It belongs to the Djvu ransomware family and was discovered by Michael Gillespie. Kuub operates by encrypting victims' files and demanding ransom payments for decryption. I.e., affected users must purchase decryption tools/software and keys from the developers of this malicious program.

During encryption, all files are renamed with the ".kuub" extension. Therefore, "1.jpg" becomes "1.jpg.kuub". After the process is complete, a text file called "_readme.txt" is created and stored in each encrypted folder.

What is FTCODE?

FTCODE ransomware is designed to encrypt data and force victims to pay developers a ransom (purchase decryption software and a key). It renames encrypted files by adding the ".FTCODE" extension to filenames. For example, "1.jpg" becomes "1.jpg.FTCODE".

FTCODE also creates a file named "READ_ME_NOW.htm", which contains instructions about how to pay the ransom.

What kind of malware is Masad?

Masad Stealer is malicious software that, once installed, allows cyber criminals to steal various information/data. Its basic version is free, however, cyber criminals can purchase a 'full version' with more features for $85. Masad Stealer is available for download on hacking forums.

Having a computer infected with this malware can lead to serious problems. Therefore, if there is any reason to believe that Masad Stealer might be installed on your system, remove it immediately.

What is hp.myway.com?

MyChristianPortal is a potentially unwanted application (PUA) that is categorized as a browser hijacker. MyChristianPortal (and many other apps of this type) is developed by Mindspark Interactive Network. It changes browser settings to promote hp.myway.com, the address of a fake search engine.

Additionally, this app records details relating to users' browsing habits. People generally download and install browser hijackers inadvertently when they are tricked.

What is ExtraWindow?

ExtraWindow is an adware-type application that apparently enhances the browsing experience. It is allegedly capable of providing fast searches, accurate search results, etc.

ExtraWindow operates by displaying various intrusive advertisements. This app is also classified as a potentially unwanted application (PUA), since most users install it unintentionally. I.e. they are tricked to install. Note that adware often has data tracking abilities.