Virus and Spyware Removal Guides, uninstall instructions

What is Lurk?

Lurk is yet another ransomware-type infection discovered by malware researcher, Petrovic. After successful infiltration, Lurk encrypts most stored files and renames them using the following pattern: "[random_string].original_extension.lurk". For example, "1.jpg" file might be renamed to a filename such as "9iS14.jpg.lurk".

Encrypted data immediately becomes unusable. After successful encryption, Lurk generates a text file called "how to recover.txt" and stores it on the desktop.

What is "The PT Sans Font Wasn't Found"?

Similar to "Chrome Update Center" and many others, "The PT Sans Font Wasn't Found" is a fake error message displayed by various malicious websites. Users typically visit these websites inadvertently - they are redirected by potentially unwanted applications (PUAs) already present on the system or intrusive advertisements delivered by other rogue sites.

PUAs usually infiltrate computers without users' consent and are designed to deliver intrusive advertisements and record sensitive data. Note: "The PT Sans Font Wasn't Found" scam is used to spread the TrickBot trojan.

What is ScreenCapture?

Identical to Spaces.app and Spotlight.app, ScreenCapture (also known as ScreenCapture.app) is an adware-type application designed to promote the searchbaron.com fake search engine, which is designed to redirect users to bing.com by using the Amazon AWS service.

This application typically infiltrates computers without users' consent. Note that adware-type applications often deliver intrusive ads and gather information relating to users' browsing activity.

What is Darus?

First discovered by Michael Gillespie and belonging to the Djvu ransomware family, Darus is a high-risk ransomware infection that stealthily infiltrates computers to encrypt data. In doing so, Darus renames each compromised file by appending the ".darus" extension.

For example, "sample.jpg" is renamed to "sample.jpg.darus". Encrypted data immediately becomes unusable, and after successfully encrypting files, Darus stores a copy of the "_readme.txt" file in most existing folders.

What is Tocue?

Discovered by Michael Gillespie and belonging to the Djvu ransomware family, Tocue is a high-risk infection that stealthily infiltrates computers and encrypts most stored data, thereby rendering it unusable.

Tocue also renames each compromised file by adding the ".tocue" extension (e.g., "sample.jpg" becomes "sample.jpg.tocue"). This malware is also designed to generate a text file named "_readme.txt" and places copies in most existing folders.

What is Vusad?

First discovered by Michael Gillespie, Vusad is yet another ransomware from the Djvu family. The purpose of this ransomware is to encrypt data and keep it in that state unless a ransom is paid. During encryption, Vusad appends each filename with the ".vusad" extension (e.g., "sample.jpg" is renamed to "sample.jpg.vusad").

Additionally, Vusad generates a text file named "_readme.txt" and stores a copy in most existing folders.

What is Gusau?

Gusau is high-risk ransomware that belongs to a family of viruses called Djvu. Following successful infiltration, Gusau encrypts most stored data rendering it unusable. Additionally, Gusau appends names of all encrypted files with the ".gusau" extension (hence the ransomware name).

For example, "sample.jpg" is renamed to "sample.jpg.gusau". Additionally Gusau generates a text file named "_readme.txt" and stores it on the desktop. As with most ransomware from the Djvu family, Gusau was first discovered by malware security researcher, Michael Gillespie.

What is Wacatac?

Wacatac (also known as Trojan:Win32/Wacatac) is a trojan-type infection that stealthily infiltrates computers and performs a number of malicious actions. Cyber criminals typically proliferate this malware using spam email campaigns and fake software 'cracks'.

What is Guesswho?

Discovered by GrujaRS, Guesswho is a high-risk ransomware infection (potentially, a new variant of Rapid ransomware), which stealthily infiltrates computers and encrypts most stored data. In doing so, Guesswho renames each encrypted file to a random string and appends the ".guesswho" extension.

For example, "1.jpg" might be renamed to a filename such as "3STT6YHZTC.guesswho". Encrypted files immediately become unusable and indistinguishable.

Additionally, Guesswho creates a text file ("How Recovery Files.txt") and a shortcut ("grupposupp@protonmail.ch"), which automatically opens the email application and creates a new message with the Guesswho developer's email address as the recipient.

What is Madek?

Madek is a high-risk ransomware infection discovered by Michael Gillespie and belonging to Djvu, a family of ransomware-type infections.

Immediately after infiltration, Madek compromises stored data by encryption, thereby rendering it unusable. In addition, Madek renames each file by adding the ".madek" appendix (e.g., "sample.jpg" is renamed to "sample.jpg.madex"). Once encryption is complete, Madek generates a text file ("_readme.txt") and stores a copy in all existing folders.