Virus and Spyware Removal Guides, uninstall instructions

What is Cratful?

Discovered by Michael Gillespie, Cratful is high-risk ransomware that stealthily infiltrates computers and encrypts most stored data using the RSA-1024 encryption algorithm.

During encryption, Cratful appends the name of each encrypted file with the ".cratful" extension (hence its name). For example, "sample.jpg" is renamed to "sample.jpg.cratful". In addition, Cratful generates a text file named "FilesInfo.txt" and stores a copy in each existing folder.

What is Banload?

Banload (also known as TrojanDownloader:Win32/Banload) is a family of malware-distribution trojans. If installed, trojans from this family inject systems with other computer infections, most of which are categorized as banking trojans that collect user-system information (anti-virus suites typically detect these injected infections as "Win32/Banker").

The presence of Banload (and its payload) on your system can lead to serious privacy issues and significant financial loss.

What is Resourcetools?

Resourcetools is presented as an app that allows users to easily browse the web, however, its real purpose is to redirect them through a dubious URL before showing results generated by Google. Therefore, this app can force people to use other search engines (such as Bing and Yahoo).

Additionally, apps such as Resourcetools are categorized as a potentially unwanted applications (PUAs) - adware that feeds users with unwanted, intrusive advertisements. Typically, these PUAs also record data. We recommend that you uninstall Resourcetools and avoid PUAs in future.

What is RMS Rat?

RMS Rat is a high-risk virus that stealthily infiltrates the system and grants cyber criminals remote access to victims' computers. At time of research, RMS Rat was distributed using fake Adobe Flash Player and Adobe Acrobat Reader updaters/installers promoted via deceptive websites. This distribution campaign was first discovered by Maelstrom Security.

What is Pitou?

Pitou is a trojan, a malicious program that sends spam emails from the infected computer. This is useful for cyber criminals, since people who receive messages from people in their contact list often believe that the emails are harmless. Note, however, that this trojan can send emails that proliferate other malicious programs.

What is Lotep?

Belonging to the Djvu ransomware family, Lotep is a high-risk ransomware infection discovered by Michael Gillespie. After successful infiltration, Lotep encrypts most stored data and appends filenames with the ".lotep" extension. For example, "sample.jpg" is renamed to "sample.jpg.lotep".

Files are encrypted so that Lotep's developers can blackmail victims by offering paid recovery. Once data is encrypted, Lotep generates a text file ("_readme.txt") and stores a copy in every existing folder. This text file contains a ransom-demand message identical to those delivered by other infections from the Djvu family.

What is iPhone Has Been Locked?

"iPhone Has Been Locked" is a fake error message displayed by various malicious sites. It is very similar to to Your Mac Is Infected With 3 Viruses, Please Call Apple Support, and many others.

Research shows that users typically visit deceptive sites inadvertently - they are redirect by intrusive advertisements (delivered by other rogue sites) or potentially unwanted programs (PUPs), which infiltrate systems without permission. Most PUPs are also designed to record user-system information and deliver intrusive advertisements.

What is Inlog Optimizer?

The Inlog Optimizer program supposedly cleans Windows Operating Systems and improves performance. It includes features that allow users to disable Microsoft Compatibility Telemetry, receive updates, adjust startup items, remove programs and unnecessary files, and so on.

In fact, this program is classified as a potentially unwanted application (PUA). Developers bundle PUAs into set-ups of other software. Therefore, people often download and install them inadvertently.

What is cbs0z?

Discovered by Petrovic, Cbs0z belongs to the Snatch ransomware family (its previous variant is called Hceem). Cbs0z is designed to encrypt files (rendering them unusable) and keep them in that state unless a ransom is paid. The ransom message can be found in the "RESTORE_CBS0Z_DATA.txt" text file.

Like most programs of this type, cbs0z renames encrypted files. In this case, it appends the ".cbs0z" extension. For example, "1.jpg" becomes "1.jpg.cbs0z".

What is BWplayer?

BWplayer is promoted as a tool that supposedly delivers 'useful' features and functions. In fact, it is classified as a potentially unwanted application (PUA) and an adware-type program. Apps of this type usually display advertisements and sometimes also record user-system information.