Virus and Spyware Removal Guides, uninstall instructions

What is OnyxLocker?

OnyxLocker was discovered by Alex Svirid and, like most ransomware-type programs, is designed to encrypt victims' files and keep them inaccessible unless a ransom is paid. In fact, this particular ransomware does not encrypt all files. Nevertheless, it impossible to decrypt files without a specific tool held only by OnyxLocker's developers.

OnyxLocker creates ten ransom messages, such as "Прочти меня! 0 .txt", "Прочти меня! 1 .txt", and so on. All are identical and in Russian. Furthermore, it renames all encrypted files by adding the ".onx" extension to filenames. For example, "1.jpg" becomes "1.jpg.onx".

What is Directions Maps Finder?

Directions Maps Finder is a browser hijacker endorsed for quick access to map and route related content. It is supposedly capable of providing various maps, local traffic data, driving directions and similar, however, it operates by modifying browser settings to promote a fake search engine (search.directionsmapsfindertab.com).

Furthermore, this rogue application has data tracking abilities. Since most users install Directions Maps Finder inadvertently, it is classified as a Potentially Unwanted Application (PUA).

What is ForBrowser?

ForBrowser is one of many adware-type applications that serve intrusive advertisements. Typically, people download and install apps of this type unintentionally. They are therefore called potentially unwanted applications (PUAs). Additionally, adware is often designed to gather information about users' browsing activities.

ForBrowser supposedly enhances the browsing experience, for example, to deliver accurate search results. Typically, adware developers advertise these apps as useful, legitimate, and so on, however, they are generally useless and simply cause problems.

What is Xoza?

Belonging to the Djvu ransomware family, Xoza ransomware is malicious software created by cyber criminals. It encrypts files and is used to blackmail victims. People with computers infected by Xoza cannot access or use their files unless they decrypt them with a tool that can be purchased only from the designers of this program.

Xoza renames all files by adding the ".xoza" extension. For example, "sample.jpg" becomes "sample.jpg.xoza". Instructions about how to decrypt files/purchase decryption software and key are provided in the "_readme.txt" file (ransom message).

What is fres-news[.]com?

Sharing many similarities with maroolatrack.com, procontent.me, folmetor.com, and offer.agency, fres-news[.]com is a rogue website that feeds users with dubious content and redirects them to other untrustworthy/malicious sites. Most users enter this website inadvertently and are redirected to it by intrusive ads or potentially unwanted applications (PUAs).

These rogue apps do not need explicit user consent to infiltrate devices. PUAs generate redirects, deliver intrusive ad campaigns, and some can track data.

What is "Hacker Who Has Access To Your Operating System"?

"Hacker Who Has Access To Your Operating System" is yet another spam email campaign that falls within the 'sextortion' category. Cyber criminals send hundreds of thousands of deceptive emails stating that they have hijacked the victim's computer and recorded a 'humiliating video'. In fact, this is merely a scam and such emails should be ignored.

What is ProntoApp?

ProntoApp is a rogue adware-type application that performs various malicious actions on infected machines. On initial inspection, ProntoApp may not seem to be suspicious or harmful, however, it usually infiltrates computers without users' consent.

Furthermore, it can cause redirects, deliver intrusive advertisements, modify browser options, reduce overall system performance, and cause a number of other problems.

What is "I Know * Is One Of Your Pass"?

Scammers send the "I Know * Is One Of Your Pass" email to thousands of people as part of a scam campaign. The scam is used to trick recipients of these bogus emails into believing that cyber criminals have recorded a compromising video of them and that they will proliferate it if their demands are not met.

There are many similar scams of this type, none of which should be trusted. All claims are bogus and the best option is to simply ignore the email.

What kind of malware is Money?

Money ransomware is a part of the Dharma family and was discovered by Jakub Kroustek. Malware of this type is usually designed to block access to data by encryption. To regain access to their files, victims must use decryption tools and/or keys that can be purchased from the cyber criminals who designed the ransomware-type program.

Money changes filenames of encrypted files by adding an ID number, email address, and the ".money" extension. For example, "1.jpg" might be renamed to "1.jpg.id-1E857D00.[cmdroot@airmail.cc].money". Instructions about how to pay the ransom and contact cyber criminals are presented in a pop-up window and text file called "FILES ENCRYPTED.txt".

Updated variants of this ransomware use ".[admin@fentex.net].money", ".[admincrypt@protonmail.com].money", ".[todesh@gmx.de].MONEY" and ".[admin@stex777.com].money" extensions for encrypted files.

What is "Your device was infected with my private malware"?

"Your device was infected with my private malware" is the name of a spam campaign, a scam that criminals use to trick people into paying a ransom. They threaten to share a non-existent video with other parties unless they receive a specific sum within 72 hours.

Never trust these emails. If you receive "Your device was infected with my private malware" or other similar emails, you should ignore them.