Virus and Spyware Removal Guides, uninstall instructions

What is Acute?

First discovered by GrujaRS, Acute is a new variant of high-risk ransomware called Phobos. The purpose of this ransomware is to encrypt data so that developers can make ransom demands. Acute is designed to rename each compromised file by appending the victim's unique ID, developer's email address, and ".acute" extension.

For example, "sample.jpg" might be renamed to a filename such as "sample.jpg.id[1E857D00-1096].[lockhelp@qq.com].acute". Following successful encryption, Acute generates two files ("info.txt" and "info.hta"), placing them on the desktop.

What is "Yourmonday"?

Yourmonday is a set of deceptive websites (including competition1480.yourmonday67[.]live and play0273.yourmonday23[.]live) that promote potentially unwanted applications (PUAs).

These sites deliver fake error messages stating that the system is infected/damaged and encourage visitors to download system cleaners. At time of research, Yourmonday was used to promote Smart Mac Booster.

Note that users typically visit websites such as Yourmonday inadvertently, since they are redirected by unwanted applications already present on the system, or intrusive advertisements. PUAs usually infiltrate computers without users' consent, cause redirects, deliver intrusive advertisements, and record various information.

What is Dodoc?

Dodoc is a ransomware-type infection designed to encrypt most stored files, thereby rendering them unusable. This malware belongs to the Djvu ransomware family and was first discovered by Michael Gillespie.

During encryption, Dodoc renames each file by adding the ".dodoc" extension (e.g., "sample.jpg" is renamed to "sample.jpg.dodoc"). Additionally, Dodoc generates a text file ("_readme.txt"), storing copies in all existing folders.

What is "Lo. Li. Pharma International Email Virus"?

"Lo. Li. Pharma International Email Virus" is yet another spam email campaign used to spread malware.

Cyber criminals send hundreds of thousands of emails containing deceptive messages that encourage recipients to open malicious attachments. At time of research, the distributed attachment was a Zip archive designed to inject computers with the Adwind trojan and terminate the processes of any existing anti-malware suites.

What is Hades666?

Discovered by GrujaRS, Hades666 is yet another variant of a high-risk ransomware called Maoloa. This malware is designed to encrypt most stored data so that developers can make ransom demands by offering paid recovery of files. During encryption, Hades666 renames each file by adding the ".Hades666" extension (e.g., "1.jpg" is renamed to "1.jpg.Hades666", etc.).

Once encryption is complete, Hades666 generates the "HOW TO BACK YOUR FILES.txt" text file and stores it on the desktop.

What is Rabbit4444?

Discovered by Raby, Rabbit4444 is an updated variant of high-risk ransomware called Maoloa. The purpose of this ransomware is to encrypt data so that developers can make ransom demands by offering paid recovery of files.

During encryption, this infection renames each file by appending the ".Rabbit4444" extension (e.g., "1.jpg" is renamed to "1.jpg.Rabbit4444"). Additionally, Rabbit4444 generates a text file called "HOW TO BACK YOUR FILES.txt" and stores it on the desktop.

What is Todar?

Discovered by malware researcher, Michael Gillespie, Todar is yet another ransomware-type infection that belongs to the Djvu malware family. This ransomware is designed to stealthily infiltrate computers and encrypt most stored files, thus rendering them unusable.

In doing so, Todar appends each filename with the ".todar" extension (e.g., "sample.jpg" is renamed to "sample.jpg.todar"). Once encryption is complete, Todar generates a text file named "_readme.txt" and stores copies in most existing folders.

What is Heran?

First discovered by malware researcher, Michael Gillespie, Heran is one of many ransomware-type infections from the Djvu family.

The purpose of Heran is to encrypt most stored files and keep them in that state unless a ransom is paid. During encryption, Heran appends each filename with the ".heran" extension (hence its name). For example, "1.jpg" is renamed to "1.jpg.heran". Additionally, Heran generates a text file ("_readme.txt") and stores copies in most existing folders.

What is Lapoi?

First discovered by Michael Gillespie and belonging to the Djvu ransomware family, Lapoi is yet another ransomware-type infection that stealthily infiltrates computers and encrypts stored data.

In doing so, Lapoi appends each filename with the ".lapoi" extension (e.g., "sample.jpg" becomes "sample.jpg.lapoi"). Additionally, Lapoi generates a text file called "_readme.txt", which contains a ransom-demand message.

What is Searchroute?

Searchroute (an abbreviation for searchroute-1560352588.us-west-2.elb.amazonaws[.]com) is a website used by cyber criminals to promote the bing.com search engine in malicious ways. If you continually encounter redirects to Searchroute, your system is probably infected with adware-type applications.

These potentially unwanted applications (PUAs) can also deliver intrusive advertisements and record information relating to browsing activity.