Virus and Spyware Removal Guides, uninstall instructions

Yyto Ransomware

What is Yyto?

Yyto is a ransomware-type virus discovered by security researcher, xXToffeeXx. Following successful infiltration, Yyto encrypts stored data and appends names of compromised files with the "read_to_txt_file.yyto" extension (for example, "sample.jpg" is renamed to "sample.jpg.read_to_txt_file.yyto").

Once files are encrypted, Yyto creates a text file ("help_to_decrypt.txt"), placing it in each folder containing encrypted files.

Newer variants of this ransomware use ".id[victim's ID]@readme.txt.mo7n", ".adapaterson@mail.com.mkmk", ".codyprince92@mail.com.ovgm", ".albertkerr94@mail.com.m5m5" and ".colecyrus@mail.com.b007" extensions for encrypted files.

   
Dharma Ransomware

What is Dharma ransomware?

Dharma is a ransomware-type program, a type of malware designed to encrypt data and make ransom demands for the decryption. It is based on Crysis and uses asymmetric cryptography for encryption. Throughout the years, Dharma has evolved into a ransomware family that includes a multitude of versions. Since 2020 Dharma's developers have begun offering it as RaaS (Ransomware-as-a-Service), thereby making it accessible to countless threat actors.

Typically, ransomware-type programs rename encrypted files, and Dharma is not an exception. Originally, this ransomware appended files with a ".dharma" extension (e.g., "1.jpg" modified into "1.jpg.dharma", etc.). However, how the filenames are altered depends on the program's variant.

The renaming patterns include appending original titles with: a unique ID, the cyber criminals' contact information (typically, email), and an extension, or just the contact info and extension, or only an extension. For example, a file named "1.jpg" could appear as "1.jpg.id-9ECFA84E.[king2022@msgden.com].gnik", "1.jpg.[Beamsell@qq.com].bip", "1.jpg.KICK", or a myriad of other variations (list of examples).

Once the encryption is complete, Dharma creates ransom notes (filename list), and some variants also change the desktop wallpapers. The messages and wallpapers differ depending on the ransomware's version. However, since Dharma's update in 2017, it consistently creates the same pop-up window and text file titled "How to restore data.txt".

   
Advanced Top Adware

What is Advanced Top?

Advanced Top is a rogue application that infiltrates systems without users' permission (the "bundling" method). Following infiltration, Advanced Top delivers intrusive advertisements and might record various user-system information. For these reasons, this app is categorized as a potentially unwanted program (PUP) and adware.

   
Barclays Secured Message Email Virus

What is Barclays Secured Message Email Virus?

Similar to Danske BankElectronic IntuitADP Invoice, and many others, "Barclays Secured Message Email Virus" is a spam email campaign used to distribute the TrickBot trojan.

The email contains text stating that the user has received a secured message and encourages them to open an attached MS Office document. Be aware, however, that this attachment is malicious - it downloads and installs a TrickBot trojan.

   
NativeDesktopMediaService Adware

What is NativeDesktopMediaService?

Developed by Jetmedia, NativeDesktopMediaService is a rogue application that infiltrates systems without users’ permission. This potentially unwanted application (PUA) is designed gather various information from users. Furthermore, it continually connects to remote websites to send recorded data and receive additional commands to execute.

   
Clksite.com POP-UP Redirect

What is clksite.com?

clksite.com is a deceptive website designed to redirect users to a variety of other rogue sites. It is virtually identical to dentially.info, cobalten.com, bestadbid.com, and many others. Most visitors visit clksite.com inadvertently - they are redirected by various potentially unwanted programs (PUPs) or intrusive advertisements delivered by other rogue sites.

Research shows that potentially unwanted programs typically infiltrate systems without permission. As well as causing redirects, PUPs deliver intrusive advertisements and record user-system information relating to web browsing habits.

   
LanRan Ransomware

What is LanRan?

LanRan is a ransomware-type virus based on an open-source ransomware project called Hidden Tear. It is designed to infiltrate the system and encrypt most stored files (thereby making them unusable) using the AES encryption algorithm.

In addition, LanRan adds the ".LanRan2.0.5" appendix to the name of each compromised file (e.g., "sample.jpg" is renamed to "sample.jpg.LanRan2.0.5"). After LanRan finishes encrypting data, it changes the desktop wallpaper and creates a text file ("@___README___@.txt"), placing a copy in every existing folder.

   
FEDERAL BUREAU OF INVESTIGATION - Your PC is Blocked Virus

What is "FEDERAL BUREAU OF INVESTIGATION - Your PC Is Blocked"?

First discovered by MalwareHunterTeam, "FEDERAL BUREAU OF INVESTIGATION - Your PC Is Blocked" is a scam message displayed by a screen-locking virus.

 The message essentially states that the user has violated certain laws and must pay a "fine", otherwise arrest will follow. Be aware, however, this is a scam - cyber criminals generate revenue by abusing users' credulity.

   
FAssistant Adware

What is FAssistant?

Developers present FAssistant as a great tool to restrict access to various files/folders by adding password protection. Judging on appearance alone, FAssistant may seem legitimate and useful, however, this software is categorized as a potentially unwanted program (PUP) and adware.

There are three main reasons for these negative associations: 1) stealth installation without consent; 2) display of intrusive advertisements, and; 3) tracking of Internet browsing activity.

   
Electronic Intuit Email Virus

What is Electronic Intuit Email Virus?

"Electronic Intuit Email Virus" is an email spam campaign used to distribute the Zeus Panda (and in some cases, TrickBot) trojan. 

Cyber criminals send thousands of deceptive emails stating that recipients must pay a type of bill/invoice. These emails are also delivered with an attached MS Office document, which is presented as the bills/invoices. Be aware, however, that these attachments are malicious - once opened, they stealthily inject the system with the Zeus Panda or TrickBot trojan.

   

Page 1633 of 2162

<< Start < Prev 1631 1632 1633 1634 1635 1636 1637 1638 1639 1640 Next > End >>
About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal