Virus and Spyware Removal Guides, uninstall instructions

What is Drume?

Drume is a computer infection, a malicious program classified as ransomware. The developers (cyber criminals) use Drume to encrypt data to prevent victims from accessing their files unless a specific ransom is paid. Drume is a variant of Djvu ransomware.

Like most programs of this type, it renames encrypted files by adding a new (additional) extension, in this case ".drume". Therefore, "sample.jpg" becomes "sample.jpg.drume". It also creates the "_open_.txt" file that contains instructions about how to contact cyber criminals and other details.

What is ploynest.com?

ploynest.com is a rogue website similar to pushnotificationapp.com, nsrooting.com, pushfuns.com, and many others. This site delivers dubious content and redirects users to other potentially malicious sites.

Many visitors arrive at ploynest.com inadvertently - they are redirected by intrusive advertisements (delivered by other rogue sites) or potentially unwanted applications (PUAs), which typically infiltrate computers without users’ permission. PUAs also deliver intrusive advertisements and gather information.

What is BigBobRoss?

Discovered by Michael Gillespie, BigBobRoss is malicious software categorized as ransomware. As with most programs of this type, it blocks access to victims' data unless ransoms are paid. This is a new variant of Obfuscated ransomware (the previous version was decrypted by Avast, and so cyber criminals released BigBobRoss).

There are two variants of BigBobRoss, both of which add different extensions to encrypted files. The ransomware adds the ".encryptedALL" or ".djvu" extension (both of which contain a unique victim ID). For example, BigBobRoss renames a file called "1.jpg" to "[id=0928F682]1.jpg.encryptedALL" or "[id=D2837123]1.jpg.djvu".

Some BigBobRoss ransomware's variants use different extensions (e.g., ".obfuscated", ".cheetah", and other). It also creates the "Read Me.txt" text file (containing a ransom message) and places it in all folders that contain encrypted files. Updated variants of this ransomware use ".cheetah" extension for encrypted files.

What is getmeuncos.com?

getmeuncos.com is a rogue website designed to display dubious content and redirect users to other malicious sites. It is virtually identical to pushnotificationapp.com, nsrooting.com, digitalsmirror.com, and many others. 

Visitors usually arrive at getmeuncos.com inadvertently - they are redirected by potentially unwanted applications (PUAs) or intrusive advertisements displayed on other rogue sites. PUAs are known to infiltrate computers without permission. As well as causing redirects, they deliver intrusive advertisements and gather information.

What is rappenedinted.info?

Notably similar to pushnotificationapp.com, digitalsmirror.com, pushzonex.com, and many others, rappenedinted.info is a rogue website designed to lead visitors to other dubious sites or display malicious content.

Most people arrive at rappenedinted.info unintentionally - they are redirected to it by installed potentially unwanted applications (PUAs). These apps are often downloaded and installed inadvertently. Once installed, PUAs redirect users to dubious pages, feed them with advertisements, and gather information.

What is Chech?

Cyber criminals use Chech to encrypt data stored on computers and blackmail people by making ransom demands. This malicious program is categorized as ransomware and belongs to the Djvu ransomware family.

Discovered by Michael Gillespie, Chech generates a ransom message ("_readme.txt" file) and places it in each folder that contains encrypted files. Additionally, it renames each encrypted file by adding the ".chech" extension. For example, "1.jpg" becomes "1.jpg.chech".

What is Bk666?

Discovered by Jakub Kroustek, Bk666 is yet another ransomware-type virus that belongs to the Dharma ransomware family. After successful infiltration, Bk666 encrypts most stored data, thereby making it unusable. Furthermore, Bk666 renames each file by adding the ".bk666" extension plus the victim's unique ID and developer's email address.

For example, "sample.jpg" is renamed to a filename such as "sample.jpg.id-1E857D00.[berserk666@tutanota.com].bk666". Once data is encrypted, Bk666 places a text file ("FILES ENCRYPTED.txt") on the desktop and opens a pop-up window.

What is pushnotificationapp.com?

pushnotificationapp.com is a rogue website that many people visit inadvertently. It is virtually identical to other websites of this type such as digitalsmirror.com, pushzonex.com, browsers.top, and pushtouchme.info. The site forces visitors to visit other untrustworthy websites or displays dubious content.

Generally, users are forced to visit pushnotificationapp.com by potentially unwanted apps (PUAs) that they have installed on their browsers or operating systems. When installed, PUAs also feed users with various ads and collect browsing-related data.

What is Luceq?

This malicious program belongs to the Djvu ransomware family and was discovered by Michael Gillespie. Luceq is a ransomware type program that is designed to encrypt data and make files unusable unless a ransom is paid to the cyber criminals who developed it.

Like most computer infections of this type, Luceq renames each encrypted file by adding a new/additional extension. In this case, it adds ".luceq". For example, "1.jpg" becomes "1.jpg.luceq". Luceq generates a ransom message within a text file called "_readme.txt". This can be found in all folders that contain encrypted files.

What is "Gmail Virus"?

There are many spam email campaigns that are used by scammers who attempt to trick people into providing sensitive details and personal information (logins, passwords of various accounts, credit card details, and so on).

Typically, the emails are presented as legitimate and official - cyber criminals (scammers) pose as representatives of well-known companies/services. In this case, Google Gmail.