Virus and Spyware Removal Guides, uninstall instructions

What is Lazarus?

Discovered by Alex Svirid, Lazarus ransomware is derived from King Ouroboros, another ransomware-type program. Ransomware encrypts data (blocking access to it). Cyber criminals create these programs to extort money from victims by demanding ransom payments in return for a decryption tool and/or key.

Lazarus changes the names of encrypted files by adding a string that contains an email address, the victim's ID, and the ".Lazarus" extension. For example, "1.jpg" might become "1.jpg.[ID=LNDxrzJ2Aw][Mail=Mr.TeslaBrain@gmail.com].Lazarus".

Updated variants use ".Lazarus+" extension. It also creates a text file named "Read-Me-Now.txt" and displays a pop-up window.

What is Adage?

First discovered by malware researcher, Raby, Adage is yet another variant of high-risk ransomware called Phobos. This malware is designed to stealthily infiltrate computers and encrypt most stored files, thereby rendering them unusable. Additionally, Adage renames each file by appending the victim's unique ID, developer's email address, and ".adage" extension.

For example, "sample.jpg" might be renamed to a filename such as "sample.jpg.id[1E857D00-2250].[wewillhelpyou@qq.com].adage". Once encryption is complete, Adage generates and automatically runs an HTML application ("info.hta"), and also creates a text file ("info.txt"). Both files are stored on the victim's desktop.

What is TheMediaConverter Promos?

TheMediaConverter Promos is a rogue application that supposedly allows conversion of various documents and video/audio files. This functionality may seem legitimate and useful, however, TheMediaConverter Promos is categorized as a potentially unwanted application (PUA) and adware.

The main reasons for these negative associations are stealth installation without users' consent, delivery of intrusive advertisements, and potential tracking of browsing activity.

What is "Get rid of Junk Files"?

"Get rid of Junk Files" is a phrase used within a scam website. Like most web pages of this type, it advertises a potentially unwanted application (PUA). In this case, scammers use it to promote a PUA named Cleanup My Mac. Do not trust this or other scam sites.

The same applies to applications that are advertised through them. If your browser opens scam websites such as "Get rid of Junk Files" often, it is likely that there is a PUA installed on the browser or operating system.

What is FastFileConvert?

FastFileConvert is a browser hijacker, promoted as a free file converter, capable of converting thousands of file types. It is accompanied by a fake search engine - fastfileconvert.com. It is considered a PUA (potentially unwanted application), as it is often installed inadvertently.

FastFileConvert changes browser settings, leaving users no choice but to use its fake search engine. This PUA also has data-tracking abilities (mostly gathering intel on users' browsing activities).

What is Retefe?

Retefe is a high-risk trojan designed to target victims' bank accounts. Developers proliferate Retefe using spam email campaigns and an exploit kit called EternalBlue (you can read more about it in this article).

In the case of spam email campaigns, users receive a malicious attachment (document) that contains a small image and a message encouraging to enlarge it. Double clicking the image executes an embedded JavaScript file, which is where the infection begins.

What is "Your system is seriously damaged, found (4) viruses!"?

"Your system is seriously damaged, found (4) viruses!" is a scam created to promote/advertise a potentially unwanted application (PUA) called Cleanup My Mac. 

In fact, it might also be used to advertise other apps. These web pages are used to trick people into installing PUAs using deceptive methods. In any case, websites of this type and applications that are distributed through them cannot be trusted.

What is nerinlelighda[.]pro?

Nerinlelighda[.]pro is a rogue site. It operates by causing redirects to other compromised, possibly malicious websites and presents users with highly suspect content (including click-bait). There are thousands of rogue sites (watchonline.click, viralupdatestoday.com, exclusivenotifications.com, to name a few) and many of them share similar traits.

It should be mentioned that few visitors access nerinlelighda[.]pro willingly. Most users get redirected to it by intrusive advertisements or have it force-opened by PUAs (potentially unwanted applications).

These rogue applications do not need explicit user consent to be installed onto their devices; once there - they cause undesirable redirects, run invasive ad campaigns and track data.

What is Carote?

Discovered by Michael Gillespie and part of the Djvu ransomware family, Carote is a malicious program designed to encrypt files and prevent access to them. Once a computer is infected with Carote, the program renames all encrypted files by adding the ".carote" extension.

For example, "1.jpg" becomes "1.jpg.carote". It also creates a ransom message within a text file named "_readme.txt". This file can be found in folders that contain encrypted files.

What is leadcolas[.]com?

Leadcolas[.]com is a rogue site, designed to redirect visitors to untrustworthy and malicious websites, as well as force-feed them highly dubious content. It shares many similarities with rembrandium.com, ernorvious.com, getmedia.me and innumerous others. It should be noted that few ever access leadcolas[.]com willingly, most of its visitors are redirected to it.

These redirects are caused by either intrusive ads or PUAs (potentially unwanted applications) already present in their device. These apps do not need explicit user permission to be installed onto their systems; once there they cause undesirable redirects, run invasive advertisement campaigns and track data.