Virus and Spyware Removal Guides, uninstall instructions

What is cbs0z?

Discovered by Petrovic, Cbs0z belongs to the Snatch ransomware family (its previous variant is called Hceem). Cbs0z is designed to encrypt files (rendering them unusable) and keep them in that state unless a ransom is paid. The ransom message can be found in the "RESTORE_CBS0Z_DATA.txt" text file.

Like most programs of this type, cbs0z renames encrypted files. In this case, it appends the ".cbs0z" extension. For example, "1.jpg" becomes "1.jpg.cbs0z".

What is BWplayer?

BWplayer is promoted as a tool that supposedly delivers 'useful' features and functions. In fact, it is classified as a potentially unwanted application (PUA) and an adware-type program. Apps of this type usually display advertisements and sometimes also record user-system information.

What is TROLL?

Discovered by Michael Gillespie, TROLL is one of many programs classified as ransomware - malicious software that denies access to files by encryption. Cyber criminals use TROLL to force people to pay ransoms. Furthermore, it renames all encrypted files by adding the ".TROLL" extension to each filename.

For example, "1.jpg" becomes "1.jpg.TROLL". Information about how to decrypt data is provided in the "HOW TO BACK YOUR FILES.txt" text file. This file is stored in all folders that contain locked (encrypted) files.

What is ZUpdater.exe?

The zupdate error pop-up window normally states that an error occurred while creating the ZUpdater.exe process and is due to malware such as a trojan, or a virus that has infected the computer.

According to this system pop-up window, however, the error occurred due to insufficient system resources necessary to complete the requested service. If a computer is infected with one of the these malicious programs, it should be removed immediately.

What is WALAN?

First discovered by malware researcher, Michael Gillespie, WALAN is a high-risk ransomware infection designed to encrypt data so that victims are unable to use it.

During encryption, WALAN renames each file by appending the ".WALAN" extension (for example, "sample.jpg" becomes "sample.jpg.WALAN"). Following successful encryption, WALAN creates a text file called "DECRYPT_INFO.txt" and stores a copy in every existing folder.

What is geofoxip.com?

geofoxip.com is a fake search engine that claims to enhance the browsing experience by generating improved results and providing quick access to various popular websites.

Users often believe that this site is legitimate and useful, however, developers promote geofoxip.com using rogue download/installation set-ups that modify browser settings without users’ permission. Furthermore, this site continually records information relating to browsing activity. Results generated by geofoxip.com might also lead to other dubious sites.

What is "Hydrotech Email Virus"?

Discovered by My Online Security, "Hydrotech Email Virus" is a scam that is presented as an official message (invoice) from HYDROTECH. The main purpose of this scam is to trick people into opening the included attachments, which are designed to download and install the Remcos RAT (remote access tool).

Cyber criminals use these tools to generate revenue by stealing personal details, downloading and installing malicious programs, and so on. We strongly recommend that you leave files attached to "Hydrotech Email Virus" message and other similar spam campaigns (scams) unopened.

What is Truke?

Belonging to the Djvu ransomware family, Truke is yet another ransomware infection discovered by Michael Gillespie. Once infiltrated, Truke encrypts most stored data and appends filenames with the ".truke" extension (e.g., "sample.jpg" becomes "sample.jpg.truke"). Encrypted data immediately becomes unusable.

Following successful encryption, Truke generates a text file ("_readme.txt") and stores a copy in every existing folder.

What is Litra?

Litra ransomware was discovered by S!Ri and, like many other programs of this type, is designed by cyber criminals to blackmail people.

Litra encrypts files/data and displays a pop-up window that contains instructions about how to pay a ransom. Additionally, this ransomware renames all encrypted files by adding the ".litra" extension. For example, "1.jpg" becomes "1.jpg.litra".

What is LoudMiner?

LoudMiner is a cryptocurrency miner based on XMRig (another miner) and designed to mine Monero cryptocurrency. LoudMiner is cross-platform software, and thus can run on different operating systems such as MacOS, Linux, and Windows. It is distributed by bundling it with set-ups of pirated (cracked) copies of VST (Virtual Studio Technology) software.

Cyber criminals who proliferate LoudMiner attempt to trick people into installing this rogue software so they can misuse their computers (computer resources) to mine cryptocurrency. If LoudMiner miner is installed on your operating system, remove it immediately.