Virus and Spyware Removal Guides, uninstall instructions

Yourmonday POP-UP Scam (Mac)

What is "Yourmonday"?

Yourmonday is a set of deceptive websites (including competition1480.yourmonday67[.]live and play0273.yourmonday23[.]live) that promote potentially unwanted applications (PUAs).

These sites deliver fake error messages stating that the system is infected/damaged and encourage visitors to download system cleaners. At time of research, Yourmonday was used to promote Smart Mac Booster.

Note that users typically visit websites such as Yourmonday inadvertently, since they are redirected by unwanted applications already present on the system, or intrusive advertisements. PUAs usually infiltrate computers without users' consent, cause redirects, deliver intrusive advertisements, and record various information.

   
Dodoc Ransomware

What is Dodoc?

Dodoc is a ransomware-type infection designed to encrypt most stored files, thereby rendering them unusable. This malware belongs to the Djvu ransomware family and was first discovered by Michael Gillespie.

During encryption, Dodoc renames each file by adding the ".dodoc" extension (e.g., "sample.jpg" is renamed to "sample.jpg.dodoc"). Additionally, Dodoc generates a text file ("_readme.txt"), storing copies in all existing folders.

   
Lo. Li. Pharma International Email Virus

What is "Lo. Li. Pharma International Email Virus"?

"Lo. Li. Pharma International Email Virus" is yet another spam email campaign used to spread malware.

Cyber criminals send hundreds of thousands of emails containing deceptive messages that encourage recipients to open malicious attachments. At time of research, the distributed attachment was a Zip archive designed to inject computers with the Adwind trojan and terminate the processes of any existing anti-malware suites.

   
Hades666 Ransomware

What is Hades666?

Discovered by GrujaRS, Hades666 is yet another variant of a high-risk ransomware called Maoloa. This malware is designed to encrypt most stored data so that developers can make ransom demands by offering paid recovery of files. During encryption, Hades666 renames each file by adding the ".Hades666" extension (e.g., "1.jpg" is renamed to "1.jpg.Hades666", etc.).

Once encryption is complete, Hades666 generates the "HOW TO BACK YOUR FILES.txt" text file and stores it on the desktop.

   
Rabbit4444 Ransomware

What is Rabbit4444?

Discovered by Raby, Rabbit4444 is an updated variant of high-risk ransomware called Maoloa. The purpose of this ransomware is to encrypt data so that developers can make ransom demands by offering paid recovery of files.

During encryption, this infection renames each file by appending the ".Rabbit4444" extension (e.g., "1.jpg" is renamed to "1.jpg.Rabbit4444"). Additionally, Rabbit4444 generates a text file called "HOW TO BACK YOUR FILES.txt" and stores it on the desktop.

   
Todar Ransomware

What is Todar?

Discovered by malware researcher, Michael Gillespie, Todar is yet another ransomware-type infection that belongs to the Djvu malware family. This ransomware is designed to stealthily infiltrate computers and encrypt most stored files, thus rendering them unusable.

In doing so, Todar appends each filename with the ".todar" extension (e.g., "sample.jpg" is renamed to "sample.jpg.todar"). Once encryption is complete, Todar generates a text file named "_readme.txt" and stores copies in most existing folders.

   
Heran Ransomware

What is Heran?

First discovered by malware researcher, Michael Gillespie, Heran is one of many ransomware-type infections from the Djvu family.

The purpose of Heran is to encrypt most stored files and keep them in that state unless a ransom is paid. During encryption, Heran appends each filename with the ".heran" extension (hence its name). For example, "1.jpg" is renamed to "1.jpg.heran". Additionally, Heran generates a text file ("_readme.txt") and stores copies in most existing folders.

   
Lapoi Ransomware

What is Lapoi?

First discovered by Michael Gillespie and belonging to the Djvu ransomware family, Lapoi is yet another ransomware-type infection that stealthily infiltrates computers and encrypts stored data.

In doing so, Lapoi appends each filename with the ".lapoi" extension (e.g., "sample.jpg" becomes "sample.jpg.lapoi"). Additionally, Lapoi generates a text file called "_readme.txt", which contains a ransom-demand message.

   
Searchroute Redirect (Mac)

What is Searchroute?

Searchroute (an abbreviation for searchroute-1560352588.us-west-2.elb.amazonaws[.]com) is a website used by cyber criminals to promote the bing.com search engine in malicious ways. If you continually encounter redirects to Searchroute, your system is probably infected with adware-type applications.

These potentially unwanted applications (PUAs) can also deliver intrusive advertisements and record information relating to browsing activity.

   
Lurk Ransomware

What is Lurk?

Lurk is yet another ransomware-type infection discovered by malware researcher, Petrovic. After successful infiltration, Lurk encrypts most stored files and renames them using the following pattern: "[random_string].original_extension.lurk". For example, "1.jpg" file might be renamed to a filename such as "9iS14.jpg.lurk".

Encrypted data immediately becomes unusable. After successful encryption, Lurk generates a text file called "how to recover.txt" and stores it on the desktop.

   

Page 1361 of 2105

<< Start < Prev 1361 1362 1363 1364 1365 1366 1367 1368 1369 1370 Next > End >>
About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal