Virus and Spyware Removal Guides, uninstall instructions

What is CryptoLocker 5.1?

CryptoLocker 5.1 is newly-discovered ransomware claiming to be the CryptoLocker virus. It is based on Hidden Tear - an open-source ransomware project. Following system infiltration, CryptoLocker 5.1 encrypts files using RSA-2048 cryptography and appends a ".locked" extension to the name of each encrypted file.

For example, "sample.jpg" is renamed to "sample.jpg.locked". Most ransomware appends unique extensions, however, recently, the ".locked" extension is popular amongst these viruses. Following encryption, CryptoLocker 5.1 opens a pop-up window and creates a "LEGGI.txt" file, placing it on the desktop. Both contain ransom-demand messages.

What is FunSafeTab?

FunSafeTab is a browser hijacker, endorsed as a tool to increase user security when browsing. It operates by modifying web browser settings in order to promote search.funsafetabsearch.com - a fake search engine. Search.funsafetabsearch.com may appear legitimate and useful, however it is unable to provide search results.

Additionally, FunSafeTab tracks data, specifically information relating to Internet browsing activity. Due to its dubious proliferation methods, FunSafeTab is also considered to be a PUA (Potentially Unwanted Application).

What is APT ransomware?

APT Ransomware v2.0 is a ransomware-type virus designed to encrypt files using RSA-4096 cryptography. This ransomware is based on a Hidden Tear project (so-called 'educational ransomware' that was released as Open Source in August 2015). APT appends a ".dll" extension to the name of each encrypted file.

For example, "sample.jpg" would be renamed to "sample.jpg.dll". In fact, ".dll" files are used by MS Windows (read more).

Therefore, we assume that by adding this extension to regular files, APT's developers attempt to confuse victims. Once the encryption is finished, APT creates a "DECRYPT_YOUR_FILES.html" file and places it in each folder that contains encrypted files.

What is Enigma ransomware?

Enigma is a ransomware-type virus that encrypts files using AES-128 cryptography. During encryption, Enigma appends a ".1txt" extension to the name of each encrypted file (a previous version of Enigma appended the ".enigma" extension). For example, "sample.jpg" is renamed to "sample.jpg.1txt".

Once the files are encrypted, Enigma opens a pop-up window and creates a text file ("enigma_info.txt", previously "E_N_I_G_M_A.txt" and "enigma_encr.txt"). Both contain an identical ransom-demanding message.

Be aware that this ransomware is not related to or affiliated with any legitimate company whose name has the word "Enigma" in it.

What is login.hhtxnet.com?

login.hhtxnet.com is a rogue website claiming to be a legitimate Internet search engine. Developers promote this site via malicious javascript files that stealthily modify web browser settings without users' consent. Furthermore, login.hhtxnet.com continually gathers information relating to Internet browsing activity.

What is Comrade Circle?

Comrade Circle is newly-discovered ransomware similar to Fantom. Following infiltration, Comrade Circle encrypts files and renames them using a "[6-16 random symbols].comrade" pattern. For instance, "sample.jpg" might be renamed to "sdf9K21a=G.comrade".

Updated variants of this ransomware use .encrypted4 extension. Furthermore, Comrade Circle displays a fake Windows Update screen during the encryption process.

After encrypting files, Comrade Circle creates a "RESTORE-FILES![random_number].txt" file and places it in each folder containing encrypted files. The ransomware also changes the desktop wallpaper.

What is K0stia?

K0stia is a ransomware-type virus distributed via spam emails (with malicious .exe attachments claiming to be .pdf files). When these malicious files are opened, ransomware starts encrypting files using AES-256 cryptography. This virus appends a ".k0stia" extension to the name of each encrypted file.

For example, "sample.jpg" is renamed to "sample.jpg.k0stia". Following successful encryption, K0stia opens a full-screen window containing a ransom-demand message in Czechoslovakian.

What is Isanalyze.com Pop-ups?

Isanalyze.com is a deceptive website to which users are redirected after clicking intrusive pop-up advertisements. These ads are displayed by various adware-type applications that usually infiltrate the system during installation of regular software. As well as displaying advertisements, adware continually monitors users' Internet browsing activity by recording various user/system data.

What is Smartnewtab.com pop-ups?

Smartnewtab.com is a rogue site, which users are redirected to by various intrusive pop-up advertisements. These ads are displayed by adware-type applications that infiltrate the system during installation of regular software. As well as display of unwanted ads, adware also collects information relating to users' Internet browsing activity.

What is gotoinstall.ru?

Developers present gotoinstall.ru as an Internet search engine that enhances the Internet browsing experience by generating improved search results.

Some users believe that gotoinstall.ru is a legitimate and useful website, however, this site is promoted using rogue software download/installation tools that hijack web browsers and modify settings without consent. Furthermore, this rogue site continually gathers information relating to users' Internet browsing activity.