Virus and Spyware Removal Guides, uninstall instructions

What is Sysfrog?

Discovered by Michael Gillespie, Sysfrog is a malicious program categorized as ransomware. Programs of this type are designed to encrypt files: they lock files and keep them that state until developers are paid. I.e., ransomware victims are encouraged to buy decryption tools from these cyber criminals.

Sysfrog adds the ".sysfrog" extension to each file (it also prepends "[sysfrog@protonmail.com]"). For example, ".jpg." becomes "[sysfrog@protonmail.com]1.jpg.sysfrog". It also creates a ransom message within the "how_to_decrypt.txt" file, which can be found in folders that contain encrypted files.

What is "apple.com-monitor[.]live"?

The apple.com-monitor[.]live website is used by scammers to promote the Cleanup My Mac potentially unwanted application (PUA). This website displays a fake virus alert notification stating that users' computers are infected and encourages them to download and install the PUA, which supposedly removes the detected viruses.

This website is commonly opened by a PUA that is already installed on the computer or browser. Therefore, most people do not visit this page intentionally. Furthermore, PUAs usually collect user-system information and display intrusive ads.

What is GottaCry?

GottaCry is the name of a ransomware-type program that was discovered by MalwareHunterTeam. Rather than encrypting data, GottaCry deletes all files that are placed on the victim's Desktop. It also enables a pop-up window with instructions detailing how to return the lost files.

What is "Hosting and domain will be blocked"?

"Hosting and domain are blocked" is one of many email scams and should not be trusted. In this case, a scammer (or scammers) threaten to damage the reputation of the website owner by having the hosting account and domain blocked permanently.

This email is similar to other scams of this type, (such as sextortion scams). They are used to trick people into believing that they will suffer consequences unless they meet the sender's demands. We strongly recommend that you ignore these scam emails.

What is JURASIK?

Discovered by MalwareHunterTeam, JURASIK is a new variant of high-risk ransomware called JSWorm. As with most ransomware infections, JURASIK stealthily infiltrates computers and encrypts most stored files. During encryption, JURASIK appends filenames with the victim's unique ID, developer's email address, and the ".JURASIK" extension.

For example, "1.jpg" might be renamed to a filename such as "1.jpg.[ID-512064768][doctorSune@protonmail.com].JURASIK". JURASIK encrypts files so that cyber criminals (developers) can generate revenue by blackmailing victims (offering paid decryption of files).

After successful encryption, JURASIK stores the "JURASIK-DECRYPT.txt" text file on the desktop. This file contains a ransom-demand message.

What is Skymap?

Belonging to the Djvu ransomware family, Skymap is a high-risk infection discovered by Michael Gillespie. After successful infiltration, Skymap encrypts most stored data, thereby making it unusable. Additionally, Skymap appends filenames with the ".skymap" extension (e.g., "sample.jpg" is renamed to "sample.jpg.skymap").

Once data is encrypted, Skymap generates a text file ("_readme.txt") and stores a copy in every existing folder.

What is sendspace[.]com?

sendspace[.]com is a file hosting website that allows users to send, receive, track and share large files. It is effectively an online file-sharing platform, which allows people to store and download files. This is a legitimate website, however, it uses deceptive ad networks.

Visitors are redirected to dubious websites that contain deceptive advertisements. The sendspace[.]com website itself also contains various ads.

What is "MacEntizer"?

According to MacEntizer's developers, this tool finds and fixes various errors, allows users to manage cache and various logs, uninstall unwanted apps, remove unused languages, and so on. Also known as Mac Entizer, it supposedly allows Mac computers to run faster, more smoothly, and without errors.

In fact, developers promote it using untrustworthy websites and download/installation set-ups of other software. Most people install MacEntizer on their computers unintentionally and, for this reason, it is categorized as potentially unwanted application (PUA).

What is tontorcaltedron[.]info?

Rogue websites like tontorcaltedron[.]info are designed to redirect visitors to untrustworthy, dubious websites. Some examples of other pages of this type are rabsirolcalat[.]info, gatonsenropha[.]info, and knowwoow[.]com. 

Generally, people do not visit tontorcaltedron[.]info intentionally - it is opened by potentially unwanted applications (PUAs) that have been installed on their browsers. Most people download and install these apps inadvertently. In addition to unwanted redirects, PUAs deliver intrusive ads and record data relating to web browsing habits.

What is PCActivator?

Developers promote PCActivator (or PC Activator) as a program that enhances computer performance by fixing errors, faulty registry entries, issues relating to system crashes, and so on.

In fact, PCActivator is categorized as a potentially unwanted application (PUA), since developers distribute it using a deceptive marketing method called "bundling" (it is included in the set-ups of other software). Typically, people do not download and install apps of this type intentionally.