Virus and Spyware Removal Guides, uninstall instructions

What is UNNAMED ransomware?

Discovered by GrujaRS, UNNAMED is an updated variant of high-risk ransomware called Kraken Cryptor. The purpose of UNNAMED is to encrypt most stored files, whilst appending filenames with the victim's unique ID, developer's email address, and ".UNNAMED" extension.

For example, "sample.jpg" might be renamed to a filename such as "sample.jpg.[ID-512064768][doctorSune@protonmail.com].UNNAMED". Encrypted data immediately becomes unusable - this allows cyber criminals to make ransom demands by offering paid recovery of files.

Additionally, UNNAMED generates a text file called "UNNAMED-DECRYPT.txt" and stores it on the desktop.

What is Wulfric?

First discovered by Michael Gillespie, Wulfric is a high-risk ransomware infection designed to compromise (encrypt data) so that developers are able to blackmail victims by offering paid recovery of their files.

During encryption, Wulfric renames each file to a three-digit hexadecimal number and appends each filename with the ".aef" extension (e.g., "1.jpg" might be renamed to a filename such as "b23.aef"). Encrypted files become unusable and indistinguishable.

After successful encryption, Wulfric changes the desktop wallpaper and stores a copy of the "hacked.txt" file in most existing folders.

What is RevengeRAT?

RevengeRAT (also known as Revetrat) is high-risk computer infection categorized as a remote access trojan (RAT). The purpose of this malware is to provide cyber criminals with remote access to the infected machine and allow them to manipulate it.

Research shows that cyber criminals proliferate this infection using spam email campaigns (malicious MS Office attachments). Having a trojan-type infection such as RevengeRAT installed on your computer can cause many issues.

What is Bopador?

Discovered by Michael Gillespie, Bopador is high-risk ransomware from the Djvu malware family. The purpose of this infection is to encrypt stored data and make ransom demands.

During encryption, Bopador appends each filename with the ".bopador" extension (for example, "1.jpg" becomes "1.jpg.bepador"). Once encrypted, data immediately becomes unusable. Bopador then creates a text file called "_readme.txt" and stores copies in most existing folders.

What is Novasof?

Discovered by Michael Gillespie and belonging to the Djvu ransomware family, Novasof is a high-risk infection designed to compromise (encrypt) data and keep it that state unless a ransom is paid.

Novasof renames each encrypted file by adding the ".novasof" extension (e.g.., "sample.jpg" is renamed to "sample.jpg.novasof"). After successfully compromising data, Novasof generates a text file ("_readme.txt") and stores a copy in every existing folder.

What is Megac0rtx?

First discovered by MalwareHunterTeam, Megac0rtx is an updated variant of high-risk ransomware called MegaCortex. After successful infiltration, Megac0rtx compromises (encrypts) most stored data and appends each filename with the ".megac0rtx" extension (hence its name).

For example, "1.jpg" is renamed to "1.jpg.megac0rtx". Additionally, Megac0rtx deletes shadow volume copies and overwrites all deleted files, thereby making recovery impossible. Encrypted files also become unusable. After successful encryption, Megac0rtx stores the "!!!_READ-ME_!!!.txt" file on the desktop. The file contains a ransom-demand message.

What is Persephone666?

Persephone666 is yet another ransomware-type infection that belongs to the Maoloa family. After infiltrating the system, Persephone666 encrypts most stored files, rendering them unusable.

Additionally, Persephone666 renames each file by adding the ".Persephone666" appendix (e.g., "sample.jpg" becomes "sample.jpg.Persephone666"). Following successful encryption, Persephone666 generates a text file ("HOW TO BACK YOUR FILES.txt") and stores a copy in every existing folder.

What is Acute?

First discovered by GrujaRS, Acute is a new variant of high-risk ransomware called Phobos. The purpose of this ransomware is to encrypt data so that developers can make ransom demands. Acute is designed to rename each compromised file by appending the victim's unique ID, developer's email address, and ".acute" extension.

For example, "sample.jpg" might be renamed to a filename such as "sample.jpg.id[1E857D00-1096].[lockhelp@qq.com].acute". Following successful encryption, Acute generates two files ("info.txt" and "info.hta"), placing them on the desktop.

What is "Yourmonday"?

Yourmonday is a set of deceptive websites (including competition1480.yourmonday67[.]live and play0273.yourmonday23[.]live) that promote potentially unwanted applications (PUAs).

These sites deliver fake error messages stating that the system is infected/damaged and encourage visitors to download system cleaners. At time of research, Yourmonday was used to promote Smart Mac Booster.

Note that users typically visit websites such as Yourmonday inadvertently, since they are redirected by unwanted applications already present on the system, or intrusive advertisements. PUAs usually infiltrate computers without users' consent, cause redirects, deliver intrusive advertisements, and record various information.

What is Dodoc?

Dodoc is a ransomware-type infection designed to encrypt most stored files, thereby rendering them unusable. This malware belongs to the Djvu ransomware family and was first discovered by Michael Gillespie.

During encryption, Dodoc renames each file by adding the ".dodoc" extension (e.g., "sample.jpg" is renamed to "sample.jpg.dodoc"). Additionally, Dodoc generates a text file ("_readme.txt"), storing copies in all existing folders.