Virus and Spyware Removal Guides, uninstall instructions
What is "Lo. Li. Pharma International Email Virus"?
"Lo. Li. Pharma International Email Virus" is yet another spam email campaign used to spread malware.
Cyber criminals send hundreds of thousands of emails containing deceptive messages that encourage recipients to open malicious attachments. At time of research, the distributed attachment was a Zip archive designed to inject computers with the Adwind trojan and terminate the processes of any existing anti-malware suites.
What is Hades666?
Discovered by GrujaRS, Hades666 is yet another variant of a high-risk ransomware called Maoloa. This malware is designed to encrypt most stored data so that developers can make ransom demands by offering paid recovery of files. During encryption, Hades666 renames each file by adding the ".Hades666" extension (e.g., "1.jpg" is renamed to "1.jpg.Hades666", etc.).
Once encryption is complete, Hades666 generates the "HOW TO BACK YOUR FILES.txt" text file and stores it on the desktop.
What is Rabbit4444?
Discovered by Raby, Rabbit4444 is an updated variant of high-risk ransomware called Maoloa. The purpose of this ransomware is to encrypt data so that developers can make ransom demands by offering paid recovery of files.
During encryption, this infection renames each file by appending the ".Rabbit4444" extension (e.g., "1.jpg" is renamed to "1.jpg.Rabbit4444"). Additionally, Rabbit4444 generates a text file called "HOW TO BACK YOUR FILES.txt" and stores it on the desktop.
What is Todar?
Discovered by malware researcher, Michael Gillespie, Todar is yet another ransomware-type infection that belongs to the Djvu malware family. This ransomware is designed to stealthily infiltrate computers and encrypt most stored files, thus rendering them unusable.
In doing so, Todar appends each filename with the ".todar" extension (e.g., "sample.jpg" is renamed to "sample.jpg.todar"). Once encryption is complete, Todar generates a text file named "_readme.txt" and stores copies in most existing folders.
What is Heran?
First discovered by malware researcher, Michael Gillespie, Heran is one of many ransomware-type infections from the Djvu family.
The purpose of Heran is to encrypt most stored files and keep them in that state unless a ransom is paid. During encryption, Heran appends each filename with the ".heran" extension (hence its name). For example, "1.jpg" is renamed to "1.jpg.heran". Additionally, Heran generates a text file ("_readme.txt") and stores copies in most existing folders.
What is Lapoi?
First discovered by Michael Gillespie and belonging to the Djvu ransomware family, Lapoi is yet another ransomware-type infection that stealthily infiltrates computers and encrypts stored data.
In doing so, Lapoi appends each filename with the ".lapoi" extension (e.g., "sample.jpg" becomes "sample.jpg.lapoi"). Additionally, Lapoi generates a text file called "_readme.txt", which contains a ransom-demand message.
What is Searchroute?
Searchroute (an abbreviation for searchroute-1560352588.us-west-2.elb.amazonaws[.]com) is a website used by cyber criminals to promote the bing.com search engine in malicious ways. If you continually encounter redirects to Searchroute, your system is probably infected with adware-type applications.
These potentially unwanted applications (PUAs) can also deliver intrusive advertisements and record information relating to browsing activity.
What is Lurk?
Lurk is yet another ransomware-type infection discovered by malware researcher, Petrovic. After successful infiltration, Lurk encrypts most stored files and renames them using the following pattern: "[random_string].original_extension.lurk". For example, "1.jpg" file might be renamed to a filename such as "9iS14.jpg.lurk".
Encrypted data immediately becomes unusable. After successful encryption, Lurk generates a text file called "how to recover.txt" and stores it on the desktop.
What is "The PT Sans Font Wasn't Found"?
Similar to "Chrome Update Center" and many others, "The PT Sans Font Wasn't Found" is a fake error message displayed by various malicious websites. Users typically visit these websites inadvertently - they are redirected by potentially unwanted applications (PUAs) already present on the system or intrusive advertisements delivered by other rogue sites.
PUAs usually infiltrate computers without users' consent and are designed to deliver intrusive advertisements and record sensitive data. Note: "The PT Sans Font Wasn't Found" scam is used to spread the TrickBot trojan.
What is ScreenCapture?
Identical to Spaces.app and Spotlight.app, ScreenCapture (also known as ScreenCapture.app) is an adware-type application designed to promote the searchbaron.com fake search engine, which is designed to redirect users to bing.com by using the Amazon AWS service.
This application typically infiltrates computers without users' consent. Note that adware-type applications often deliver intrusive ads and gather information relating to users' browsing activity.
More Articles...
Page 1390 of 2134
<< Start < Prev 1381 1382 1383 1384 1385 1386 1387 1388 1389 1390 Next > End >>