Virus and Spyware Removal Guides, uninstall instructions

What is Zumanek?

Zumanek is high-risk malware categorized as a banking/Remote Access Trojan (RAT). This malware is distributed using social engineering. In this way, cyber criminals trick users into downloading and installing Zumanek without their consent. The presence of this infection might cause various privacy issues and significant financial loss.

What is Carcn?

Discovered by Jakub Kroustek, Carcn is a ransomware-type malicious program that belongs to the Dharma malware family. Developers spread this infection to prevent victims accessing their computer files unless a ransom is paid. Carcn is designed to encrypt data and make it unusable.

It also renames each encrypted file by adding the ".id-1E857D00.[carcinoma24@aol.com].carcn" extension, which contains the victim ID plus email address of the cyber criminals who developed Carcn.

For example, "1.jpg" might be renamed to a filename such as "1.jpg.id-1E857D00.[carcinoma24@aol.com].carcn". It also creates two ransom messages - one in a pop-up window and the other in the "FILES ENCRYPTED.txt" text file.

What is ketintontrat[.]info?

ketintontrat[.]info is one of many rogue websites on the internet. This site is similar to hundreds of other pages of this type such as maranhesduve[.]club, undrabbifor[.]info, and tontritrattof[.]info. When visited, it causes redirects to several untrustworthy websites or displays dubious content.

Most people do not visit ketintontrat[.]info intentionally - they are generally redirected to it by potentially unwanted apps (PUAs) that are installed on their browsers or computers. Furthermore, PUAs often gather information and display intrusive ads.

What is feed.ebooks-club.com?

feed.ebooks-club.com is another fake search engine. As with other sites of this type, it is presented as 'useful' - supposedly providing fast searches, accurate results, and so on.

These search engines are often promoted through potentially unwanted applications (PUAs), browser hijackers. In this case, the hijacker is an app called E-Books Club. This PUA collects data and changes browser settings.

What is George Carlin?

George Carlin is a ransomware-type virus that stealthily infiltrates the system and encrypts most stored data. This is a new variant of another ransomware infection called Razy, however, it has many differences.

It is rather unusual as compared to other infections of this type: George Carlin does not append any extension to encrypted files or deliver any ransom-demand message - it simply changes the desktop wallpaper.

What is Chthonic?

Chthonic is a Trojan-type program that is installed through emails sent from hijacked/stolen PayPal accounts. The program leads to a fake Google Chrome update file that is promoted on the hijacked website.

Visitors are informed that their Chrome browser is outdated and needs to be updated by clicking the "Update Chrome" button, which leads to download of a malicious file used to install the Chthonic banking trojan.

What is Conhost.exe?

Conhost.exe (Console Window Host) is the process of a program (cryptominer) that is designed to mine Monero cryptocurrency. Generally, cyber criminals trick people into downloading and installing this program to generate revenue.

In summary, the program uses computer resources to mine cryptocurrency when a user logs into the Windows Operating System. Note that the presence of this malware significantly diminishes computer performance.

What is "apple.com-scan[.]live"?

apple.com-scan[.]live is a scam website designed to trick people into downloading a potentially unwanted application (PUA) called Cleanup-My Mac. The site displays a fake virus alert stating that the Mac computer is infected with some viruses that should be removed immediately.

This website (or apps promoted though it) should not be trusted. Typically, apple.com-scan[.]live is visited when people are redirected to it by PUAs already installed on their systems. These apps usually feed users with advertisements and gather information relating to their browsing habits.

What is "Proof attached"?

"Proof attached" is the name of a spam email campaign that is categorized as a 'sextortion' scam. Generally, scams of this type are used to scare people (recipients) and trick them into believing that scammers have recorded a compromising video (or taken photos) and will proliferate the material unless recipients pay a specific sum.

In summary, this scam is used to extort money from people and we strongly recommend that you ignore the emails.

What is Btix?

Discovered by Jakub Kroustek, Btix is yet another variant of high-risk ransomware called Dharma. As with its predecessor, Btix encrypts stored data and appends the names of compromised files with the ".btix" extension plus the developer's email address and victim's unique ID (e.g., "sample.jpg" might be renamed to a filename such as "sample.jpg.id-1E857D00.[encrypt11@cock.li].btix").

In addition, Btix opens a pop-up window and places a text file ("FILES ENCRYPTED.txt") on the desktop.