Virus and Spyware Removal Guides, uninstall instructions

Boost PC Pro 2018 Unwanted Application

What is Boost PC Pro 2018?

Developers present Boost PC Pro 2018 as a great tool to enhance system performance by optimization and removing various threats/issues. Judging on appearance alone, Boost PC Pro 2018 may seem legitimate and useful, however, this tool infiltrates systems without consent and gives no real value for regular users.

For these reasons, Boost PC Pro 2018 is categorized as a potentially unwanted program (PUP). It is identical to another deceptive app called Dr. Clean Pro 2018.

   
Aurora Ransomware

What is Aurora?

Recently discovered by MalwareHunterTeam, Aurora is a ransomware-type virus that stealthily infiltrates systems and encrypts most stored files. To achieve this, Aurora uses RSA-2048 - an asymmetric encryption algorithm. During the process, this malware appends filenames with the ".Aurora" extension (e.g., "sample.jpg" is renamed to "sample.jpg.Aurora").

Encrypted data immediately becomes unusable. After successfully encrypting data, Aurora creates a text file ("HOW_TO_DECRYPT_YOUR_FILES.txt" or "!-GET_MY_FILES-!.txt") and places a copy in every existing folder.

Fortunately, Aurora ransomware is decryptable. The decryption tools for this malware have been developed by Michael Gillespie (more information) and by Emsisoft (more information).

   
King Ouroboros Ransomware

What is King Ouroboros?

First discovered by Michael Gillespie, King Ouroboros is a ransomware-type virus based on an open-source ransomware project called CryptoWire. Immediately after infiltration, King Ouroboros encrypts stored data using the AES-256 encryption algorithm. Furthermore, it renames compromised data using the "[original_name].king_ouroboros.[original_format]" pattern.

For example, "sample.jpg" is renamed to "sample.king_ouroboros.jpg". Once data is encrypted, using it immediately becomes impossible.

After successfully encrypting data, King Ouroboros opens a pop-up window containing a ransom-demand message. Updated variants of this ransomware use "[Mail=unlockme123@protonmail.com].Lazarus", ".odveta" and ".KRONOS" extensions for encrypted files.

   
Recme Ransomware

What is Recme?

First discovered by malware security researcher, Michael Gillespie, Recme is a new variant of a ransomware-type virus called Scarab. Once infiltrated, this ransomware encrypts most files and renames them using the "[hexadecimal_number].recme" pattern.

For instance, "sample.jpg" might be renamed to a filename such as "146B2A308AFCE4D2A7192DF3A41FCB840.recme". Once encrypted, data immediately becomes unusable and indistinguishable. Following successful encryption, Recme generates a text file ("HOW_TO_RECOVER_ENCRYPTED_FILES.TXT") and places a copy in every existing folder.

   
QIP.ru Redirect

What is qip.ru?

qip.ru is a fake web search engine that supposedly enhances the browsing experience by generating improved results, providing the latest news and other useful features. Judging on appearance alone, qip.ru may seem legitimate, however, developers promote this site using a rogue browser called QiP Surf, which is based on Chromium.

In most cases, QIP Surf infiltrates systems without permission. Deceptive QIP Surf installation set-ups are also designed to set it as the default web browser and modify other browser settings. In addition, qip.ru and QIP Surf continually monitor browsing activity by gathering various user-system information.

   
BtcKING Ransomware

What is BtcKING?

Discovered by Michael Gillespie, BtcKING is a ransomware-type virus designed to stealthily infiltrate systems and encrypt most stored files (making them completely unusable). During encryption, BtcKING appends filenames with the "ID [victim's_ID].BtcKING" extension.

For example, "sample.jpg" might be renamed to a filename such as "sample.jpg ID X9yTde8gPGru.BtcKING". Once files are successfully encrypted, BtcKING generates a text file ("How To Decode Files.txt") and places a copy in each existing folder.

   
Omerta Ransomware

What is Omerta?

Omerta is a ransomware-type virus discovered by malware security researcher, Michael Gillespie. As with most ransomware, Omerta infiltrates the system and encrypts most stored data.

During encryption, Omerta renames files using ".[vankacrypter@protonmail.com].omerta" and "[random_characters].[XAVAX@PM.ME].omerta" pattern.

For example, at time of research, a file called "1.jpg" was renamed to "-f-^F![,_REWOSdfeEOm#r;!DSAEiJcdRskJ@Dm{&DuA#FD@eW%;dEdFf`ED-GqD{}+!(FDW1D+-FsdbfKN-F&d={KSD&[QWEKNSd.kfEnS#skp#;OPsER^'.[XAVAX@PM.ME] (2).omerta".

Encrypted data immediately becomes unusable and indistinguishable. After successful encryption, Omerta generates a text file ("READ THIS IF YOU WANT TO GET ALL YOUR FILES BACK.TXT") and places a copy in each existing folder.

Updated variants of this ransomware use .[patern32@protonmail.com].omerta, .[Y0urGod@protonmail.com].omerta, .[ygod123@pm.me].omerta and .[monez@protonmail.com].omerta extensions for encrypted files.

   
Porn Site Virus Scam

What kind of scam is "Porn Site Virus"?

"Porn Site Virus" is a scam message designed to scare and trick users into paying a ransom. Cyber criminals typically deliver this message via spam emails, however, some users continually encounter this message as a pop-up. This indicates the presence of adware-type apps.

Research shows that adware often infiltrates systems without consent. As well as displaying "Porn Site Virus" pop-ups, these programs are also likely to deliver intrusive advertisements and gather sensitive information.

   
Smart PC Mechanic Unwanted Application

What is Smart PC Mechanic?

Developers present Smart PC Mechanic as a great tool to improve system performance. On initial inspection, Smart PC Mechanic may seem legitimate and useful, however, it is likely to infiltrate systems without consent and is practically useless for regular users. For these reasons, Smart PC Mechanic is categorized as a potentially unwanted program (PUP).

   
Websafesearch.com Redirect

What is private.websafesearch.com?

private.websafesearch.com is a fake search engine identical to search.iezbrowsing.com and search.theappzworld.com Developers state that this site enhances the browsing experience by generating improved results. Furthermore, it looks very similar to Google, Bing, Yahoo, and other legitimate search engines.

Therefore, many users believe that private.websafesearch.com is also legitimate. In fact, developers promote this site using a browser-hijacking app called Safe Browsing, which typically infiltrates systems without consent. Furthermore, private.websafesearch.com and Safe Browsing are designed to record information relating to web browsing activity.

   

Page 1590 of 2106

<< Start < Prev 1581 1582 1583 1584 1585 1586 1587 1588 1589 1590 Next > End >>
About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal