Virus and Spyware Removal Guides, uninstall instructions

_Write_To_Emails_ Ransomware

What is _Write_To_Emails_?

_Write_To_Emails_ is another ransomware-type computer infection that is designed to block access to data stored on computers. This ransomware encrypts all files, thus allowing developers to blackmail victims by making ransom demands (encouraging them to purchase decryption tools).

This is a new variant of Matrix ransomware and was discovered by MalwareHunterTeam. _Write_To_Emails_ changes all encrypted filenames by adding a string that contains the ransomware name and a number of email addresses. For example, "1.jpg" becomes "1_Write_To_Emails_[Jingju87@naver.com][Loder903@gmail.com].jpg", and so on.

It also creates over 50 .rtf files (MS Office documents) - these are ransom message that contain identical text and are called "Read_Me_T0_Rest0re_Files1.rtf", "Read_Me_T0_Rest0re_Files2.rtf", and so on. The only difference between these names is the number of the the ransom message. Furthermore, _Write_To_Emails_ also changes the desktop wallpaper.

   
Cryptotes Ransomware

What is Cryptotes?

Discovered by Michael Gillespie, Cryptotes is a malicious, ransomware-type program and a new variant of RotorRansomware. Cyber criminals use computer infections of this type to encrypt data stored on victims' computers and to extract money from affected people by making ransom demands.

Cryptotes is designed to add a new extension (".cryptotes") to each encrypted file, which also includes an email address. For example, "1.jpg" becomes "1.jpg.!ymayka-email@yahoo.com.cryptotes". It also creates a "readme.txt" file.

   
Search.beautiful-calendar.com Redirect (Mac)

What is search.beautiful-calendar.com?

Not all search engines are as legitimate and useful as developers state in their promotions. Many are fake and with dubious purposes. Note that search.beautiful-calendar.com is a fake search engine promoted using rogue downloaders and installers. Most downloaders/installers modify browser settings.

You are advised not to use search.beautiful-calendar.com, since it records data. Other examples of these rogue search engines include search.getmybestyear.com, search.byomlapp.com, and search.kimosachi.com.

   
You May Not Know Me Email Scam

What is "You may not know me"?

The "You may not know me" scam is proliferated using the 'spoofing' method: scammers falsify email addresses to make it seem as if recipients of emails are also senders.

Cyber criminals send this email to many people hoping that some will fall for the scam and pay a ransom to prevent distribution of a compromising video. In fact, the video does not exist. This is a common scam used to extort money from users. These emails should not be trusted and the best option is simply to ignore them.

   
Bodelen.com POP-UP Redirect

What is bodelen.com?

bodelen.com is one of many rogue websites similar to mobnootiffy.com, lameterthenhep.info, pecul1ar.com, etc. Its purpose is to display dubious content or redirect visitors to other untrustworthy sites. People usually visit this website unintentionally, since potentially unwanted apps (PUAs) are responsible for these unwanted redirects.

PUAs are often installed inadvertently and go on to cause redirects to websites such as bodelen.com, feed users with intrusive ads, and collect user-system information.

   
Maoloa Ransomware

What is Maoloa?

Discovered by S!Ri, Maoloa is a malicious program categorized as ransomware. Once it has infiltrated the system, Maoloa encrypts all files stored on the computer and generates a ransom-demand message called "HOW BACK YOUR FILES.txt". It also renames all encrypted files by adding a new/additional ".maoloa" extension.

For example, "1.jpg" becomes "1.jpg.maoloa". Updated variants of this ransomware add ".shelbyboom" extension to encrypted files.

   
You've Made The 5-billionth Search POP-UP Scam

What is "You've Made The 5-billionth Search"?

"You've Made The 5-billionth Search" is a scam, which is a part of another scam called "You Have Won A Google Gift" and is distributed through a deceptive website.

People commonly visit websites of this type unintentionally - they are redirected to them by potentially unwanted applications (PUAs) installed on their computers or web browsers. In summary, these applications cause unwanted redirects to untrustworthy websites. Furthermore, they usually collect data and feed users with intrusive advertisements.

   
CookieMiner Malware (Mac)

What is "CookieMiner"?

CookieMiner is high-risk malware that targets the Mac operating system. Following successful infiltration, CookieMiner records personal data.

Its main purpose is to steal credentials of various accounts (mostly those relating to cryptocurrencies). This malware also opens a 'backdoor' called EmPyre and injects a cryptomining tool into the system. Thus, the presence of CookieMiner leads to a significant reduction in system performance. You can view the entire list of CookieMiner features below.

   
Verizon Email Virus

What is "Verizon Email Virus"?

"Verizon Email Virus" is a scam distributed using a spam (email) campaign. Cyber criminals use the scam to infect computers with Emotet (a malicious program). 

The main purpose of "Verizon Email Virus" is to trick people into clicking a presented website link associated with a malicious document, which then leads to download and installation of the Emotet malicious program. We strongly advise you to ignore this email. Do not open (click) the presented website link.

   
.blower Ransomware

What is .blower?

There are plenty of ransomware-type infections and .blower is one these malicious programs. As with most rogue software of this type, it is used to encrypt data and blackmail people who have computers infected by it (by demanding ransom payments). They encourage victims to purchase a decryption tool.

Note that this malicious program belongs to the Djvu ransomware family and was discovered by dis. It adds the ".blower" extension to each encrypted file. For example, "1.jpg" becomes "1.jpg.blower". Note that .blower also creates a "_readme.txt" file (a ransom message).

   

Page 1458 of 2106

<< Start < Prev 1451 1452 1453 1454 1455 1456 1457 1458 1459 1460 Next > End >>
About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal