Virus and Spyware Removal Guides, uninstall instructions

What is 4k?

4k is the name of a ransomware-type program designed to blackmail victims by encrypting their data and forcing them to pay a ransom. It was discovered by Jakub Kroustek and is a part of a ransomware family called Dharma. 4k changes each filename by adding the ".4k" extension plus the victim's ID and the email address of the cyber criminals who developed it.

For example, "1.jpg" might be renamed to a filename such as "1.jpg.id-1E857D00.[rocosmon@cock.li].4k". It also generates two ransom notes: one in a pop-up window and the other in the "RETURN FILES.txt" file.

What is pro-news[.]net?

pro-news[.]net is a rogue website designed to redirect users to other dubious sites and deliver dubious content. It shares similarities with many other rogue sites such as deloplen.com, pushmenews.com, and orboreshitert.info.

Research shows that users generally visit pro-news[.]net inadvertently - they are redirected by potentially unwanted applications (PUAs) and intrusive advertisements delivered by other rogue sites. PUAs are known to infiltrate computers without users' consent. In addition to causing redirects, they gather various information and deliver intrusive ads.

What is lalittandkedsi[.]info?

Similar to gotwidores.info, deloplen.com, checkpost.space, and many others, lalittandkedsi[.]info is a rogue website designed to cause unwanted redirects and deliver dubious content. Users generally visit lalittandkedsi[.]info inadvertently - they are redirected by potentially unwanted applications (PUAs) or intrusive advertisements delivered by other rogue sites.

Research shows that PUAs usually infiltrate computers without permission and, as well as causing redirects, generate intrusive advertisements and gather sensitive data.

What is Dharma-Cry?

Discovered by Jakub Kroustek, Dharma-Cry is a variant of Dharma ransomware. Like most programs of this type, it is used to encrypt data and force victims to purchase a decryption tool - in effect, to pay a ransom to Dharma-Cry's developers. Dharma-Cry adds the ".cry" extension to the name of each encrypted file plus a unique victim ID and email address.

For example, "1.jpg" might be renamed to a filename such as "1.jpg.id-1E857D00.[decryptoperator@qq.com].cry". Instructions about how to purchase a decryption tool are provided in the pop-up window. It also creates another ransom message within the "RETURN FILES.txt" file.

What is "Al Hafez Trading Company Email Virus"?

THe "Al Hafez Trading Company Email Virus" scam is used by cyber criminals to spread the NanoCore remote access trojan (RAT).

They send emails that contain a malicious Microsoft Office document and hope that people will open it. If opened, the document causes download and installation of the RAT. Having this software installed might cause serious problems and, therefore, we strongly recommend that you ignore emails relating to this scam.

What is Helper?

Helper is yet another ransomware-type infection discovered by Jakub Kroustek. As with most ransomware infections, Helper stealthily infiltrates computers and encrypts stored files, thereby rendering them unusable. During encryption, Helper renames each file by appending a random string as the extension.

For example, Helper might rename "sample.jpg" to a filename such as "sample.jpg.OOOKJYHCTVDF". After successful encryption, Helper generates a text file ("YOUR FILES ARE ENCRYPTED.TXT") and stores it on the desktop. This file contains a ransom-demand message.

What is Dotmap?

Dotmap is malicious software categorized as ransomware. It encrypts data and forces victims to pay a ransom (purchase a decryption tool/key). Dotmap belongs to Djvu ransomware family and was discovered by Michael Gillespie. This ransomware changes the names of encrypted files by adding the ".dotmap" extension.

For example, "1.jpg" becomes "1.jpg.dotmap". Instructions on how to decrypt data can be found in the form of a ransom message within a "_readme.txt" file, which is stored in folders that contain encrypted files.

What is Mamba?

Discovered by GrujaRS, Mamba is an updated variant of high-risk ransomware called Phobos. After successful infiltration, Mamba encrypts stored files and appends filenames with the ".mamba" extension plus the victim's unique ID and developer's email address.

For instance, "sample.jpg" might be renamed to a filename such as "sample.jpg.id[1E857D00-1130].[fileb@protonmail.com].mamba". Encrypted files instantly become unusable. Mamba also stores the "info.txt" text file on the desktop and displays a pop-up window ("info.hta" HTML application).

What is PC Regcleaners?

PC Regcleaners (other known variants are named Regcleanerz and Regcleaners) is promoted as a system/computer optimization program that supposedly cleans computers and enables them to start faster.

According to the developers, it includes tools such as a registry cleaner, memory booster, and junk cleaner. In fact, after installation, it runs as a Trojan.Clicker, a tool used to engage in 'click fraud'.

What is Registry Cleaner?

As the name suggests, Registry Cleaner supposedly cleans and fixes the system registry. According to its developers, this program is also capable of boosting memory and cleaning junk files. Registry Cleaner may seem to be a legitimate program, however, it is malicious and a Trojan.Clicker used to perform 'click fraud'.