Virus and Spyware Removal Guides, uninstall instructions

What is bRcrypT?

This high-risk computer infection was discovered by Michael Gillespie. bRcrypT is one of many ransomware-type programs used to encrypt data and make ransom demands. This particular ransomware creates a ransom message within a text file called "FILES ENCRYPTED.txt" (found in each folder containing encrypted files).

Like most programs of this type, bRcrypT renames all encrypted files by adding the ".bRcrypT" extension. For example, "1.jpg" becomes "1.jpg.bRcrypT".

What is ciantel.com?

Similar to initdex.com, defendsearch.com, and many others, ciantel.com is a fake search engine that, according to the developers, enhances the browsing experience by generating improved results and providing quick access to various popular websites.

On initial inspection, ciantel.com may seem legitimate and useful, however, developers promote this site using rogue download/installation set-ups designed to modify browser options without consent. In addition, ciantel.com continually records information relating to browsing activity.

What is "Electronic materials involving underage children"?

"Electronic materials involving underage children" is presented as an email from the Central Intelligence Agency (CIA) regarding an international paedophile case. The main purpose of this email is to trick recipients into believing that they are one of the suspects and that some of their personal information is also at risk.

To avoid problems, recipients of this email are urged to pay a specific amount in a cryptocurrency. This is a common scam used to make threats and extort money from innocent people. Do not trust this or other similar emails.

What is H-WORM?

H-WORM is a remote access tool (RAT) developed using VBScript. Research shows that this trojan was developed by a criminal who goes by the name of 'Houdini'. H-WORM is mainly distributed using spam email campaigns and has a USB distribution function implemented, however, at time of research, this function was not working correctly.

What is Azero?

First discovered by malware security researcher, Jakub Kroustek, Azero is yet another ransomware infection that belongs to the Dharma malware family. As with other variants of Dharma, Azero encrypts stored files and appends filenames with the ".azero" extension plus the cyber criminal's email address and victim's unique ID.

For instance, "sample.jpg" might be renamed to a filename such as "sample.jpg.id-1E857D00.[cryptor55@cock.li].azero". This malware is also designed to open a pop-up window and store a text file ("FILES ENCRYPTED.txt") on the desktop.

What kind of malware is ETH?

First discovered by malware security researcher, Jakub Kroustek, ETH is a new variant of a high-risk ransomware infection called Dharma. After successful infiltration, ETH encrypts most stored files and appends filenames with the ".ETH" extension plus the developer's email address and victim's ID.

For example, "sample.jpg" might be renamed to "sample.jpg.id-1E857D00.[helpfilerestore@india.com].ETH". Once data is encrypted, ETH generates a text file ("FILES ENCRYPTED.txt"), which is placed on the desktop, and opens a pop-up window. Updated variants of this ransomware use ".[datasafe@cock.li].ETH" extension for encrypted files.

What is Ursnif?

Ursnif (also known as Gozi, IFSB or Dreambot) is high-risk trojan-type virus designed to record various sensitive information. This virus typically infiltrates systems without permission, since developers proliferate it using spam email campaigns (e.g., "TicketSales Email Virus", "Swisscom Email Virus", etc.) and fake Adobe Flash Player updaters promoted via deceptive websites. These sites are notorious for the promotion of various adware-type applications.

What is Jimm?

Cyber criminals use Jimm ransomware to prevent victims from accessing their files by encrypting all data stored on the system. To decrypt their files, people are urged to pay a ransom (buy a decryption tool). This high-risk computer infection was discovered by Michael Gillespie and is a new variant of Snatch ransomware.

All files encrypted by Jimm are renamed by adding the ".jimm" extension. For example, "1.jpg" becomes "1.jpg.jimm". Victims should be able to find a ransom message within a text file called "Restore_JIMM_Files.txt" in each folder containing encrypted files.

What is "Osascript wants to control Safari"?

"Osascript wants to control Safari" is a fake operating system pop-up message used to trick MacOS users to allow "osascript" to control the Safari web browser. There are many adware-type apps that cause these pop-ups. Note that many users encounter this scam and it should not be trusted.

What is Golden Axe?

Golden Axe is a computer infection that was discovered by mol69 and categorized as ransomware. Cyber criminals use this infection to blackmail people: Golden Axe encrypts data stored on a computer, rendering it inaccessible unless a ransom is paid.

It creates "# instructions-X6DEV #.jpg" (a ransom message in the format of an image file), "# instructions-X6DEV #.txt" (a ransom demand text file), and "# instructions-X6DEV #.vbs" (an audio file).

These files are placed in folders that contain encrypted data. Golden Axe renames every encrypted file by adding a random extension. In our example, the ".X6DEV" extension (a random string as used in the above files). For example, "1.jpg" becomes "1.jpg.X6DEV".