Virus and Spyware Removal Guides, uninstall instructions

What is JokeFromMars?

JokeFromMars is ransomware-type malware similar to CTB-Locker (potentially, a new variant). Following infiltration, JokeFromMars encrypts various files stored on the system.

Following successful encryption, JokeFromMars changes the desktop wallpaper, creates a text file ("ReadMeFilesDecrypt!!!.txt") placing it on the desktop, and displays a pop-up window. All contain a ransom-demand message.

What is 'Your personal files are encrypted by CTB-Locker'?

CTB-Locker ransomware virus infiltrates operating systems via infected email messages and fake downloads (for example, rogue video players or fake Flash updates).

After successful infiltration, this malicious program encrypts various files (*.doc, *.docx, *.xls, *.ppt, *.psd, *.pdf, *.eps, *.ai, *.cdr, *.jpg, etc.) stored on computers and demands a ransom payment of $300 (in Bitcoins) to decrypt them (encrypted documents receive the .ctbl files extension).

Cyber criminals responsible for releasing this rogue program ensure that it executes on all Windows operating system versions (Windows XP, Windows Vista, Windows 7, and Windows 8). CTB-Locker ransomware creates AllFilesAreLocked.bmp DecryptAllFiles.txt and [seven random letters].html files within each folder containing the encrypted files.

What is BestCleaner?

BestCleaner is a deceptive application that supposedly improves computer performance by cleaning various junk files. Initially, this functionality may seem legitimate and useful, however, BestCleaner often infiltrates systems without users' permission.

Furthermore, it is likely to gather information relating to Internet browsing activity. For these reasons, this app is categorized as a potentially unwanted program (PUP).

What is workno.ru?

Developers present workno.ru as a legitimate Internet search engine that enhances the Internet browsing experience by generating improved Internet search results.

These claims often trick users into believing that workno.ru is a legitimate and useful site, however, developers promote it via rogue software download and installation set-ups that hijack Internet browsers and modify various options. In addition, workno.ru gathers various information relating to users' Internet browsing activity.

What is searchvvay.com?

Searchvvay.com is a fake Internet search engine identical to walasearch.com, yessearches.com, yoursearching.com, and a number of other bogus sites.

On initial inspection, searchvvay.com may seem legitimate, however, developers promote this site using rogue installation set-ups designed to hijack web browsers and modify their settings. In addition, searchvvay.com continually collects various information about users' web browsing habits.

What is tech-connect.biz?

tech-connect.biz is a rogue site claiming to be a legitimate Internet search engine that enhances the Internet browsing experience by generating improved search results.

These claims often trick users into believing that tech-connect.biz is legitimate, however, this site continually gathers information relating to users' Internet browsing activity. Furthermore, developers promote this site using deceptive software download/installation tools that hijack web browsers and stealthily modify various options.

What is FenixLocker?

FenixLocker is another ransomware-type virus that encrypts files using AES cryptography. During encryption, FenixLocker appends the names of compromised files with the ".centrumfr@india.com" extension (e.g., "sample.jpg" is renamed to "sample.jpg.centrumfr@india.com").

Following successful encryption, FenixLocker creates a text file ("Help to decrypt.txt" or "Cryptolocker.txt"), which contains a ransom-demand message and is placed on the desktop. Updated variants of this ransomware use ".[help24decrypt@cock.li]" and ".help24decrypt@qq.com!!" extensions for encrypted files.

What is Save Serp Now?

Save Serp Now claims to be a legitimate application designed to help users keep track of their Internet search history. This functionality may seem legitimate and useful, however, Save Serp Now is considered to be a potentially unwanted program (PUP).

This application is distributed using a deceptive free software marketing method called 'bundling' - stealth installation of additional programs together with the chosen software without users' consent. Bundling is often employed by freeware download websites, and therefore, you should always express caution when downloading free software.

What is Razy?

Razy is ransomware-type virus that encrypts files using an asymmetric encryption algorithm. During encryption, Razy appends the ".razy" or ".razy1337" extension to the name of each encrypted file. Three files are then created and placed on the desktop.: "css.vbs"; "index.html", and; "razy.jpg".

What is home.prontovideoconverter.com?

Pronto Video Converter is a deceptive application identical to Pronto PDF Converter, Download Speed Tester, and Pronto File Converter. By claiming to provide video format conversion functionality, Pronto Video Converter often tricks users to install, however, this app is categorized as a browser hijacker and a potentially unwanted program (PUP).

Pronto Video Converter is distributed using a deceptive software marketing method called "bundling", stealthily modifies web browser settings, and continually monitors users' Internet browsing activity.