Virus and Spyware Removal Guides, uninstall instructions

Aleta Ransomware

What is Aleta?

Aleta is an updated version of a ransomware-type virus called BTCWare. Once infiltrated, Aleta encrypts data and appends the "[developers'_email].aleta" extension to the name of each encrypted file (for example, "sample.jpg" might be renamed to a filename such as "sample.jpg.[chines34@protonmail.ch].aleta").

To see the full list of email addresses used within these extensions, click here. Following successful encryption, Aleta creates an HTA file ("!#_READ_ME_#!.hta") and places it in each folder containing encrypted files.

   
Tabquery.com Redirect

What is tabquery.com?

According to the developers, tabquery.com significantly enhances the browsing experience by generating improved search results. Judging on appearance alone, tabquery.com barely differs from Bing, Yahoo, Google, and other legitimate search engines.

Therefore, many users believe that this site is also legitimate. In fact, tabquery.com monitors Internet browsing activity by gathering various user-system information. In addition, it is promoted using rogue downloaders/installers that modify browser options without consent.

   
RobinHood Ransomware

What is RobinHood?

RobinHood is a ransomware-type virus discovered by malware security researcher S!Ri. Once infiltrated, this malware encrypts stored data and appends names of compromised files with the ".Robinhood" extension. For instance, "sample.jpg" is renamed to "sample.jpg.RobinHood".

Following successful encryption, RobinHood changes the desktop wallpaper and creates an executable file ("ROBINHOOD -TIMER.exe") and a text file ("READ_IT.txt"), placing them on the desktop.

   
Search.lakador.com Redirect (Mac)

What is search.lakadoor.com?

search.lakadoor.com is presented as a "top-notch" Internet search engine that significantly enhances the browsing experience by generating improved results. Initially, search.lakadoor.com may seem legitimate and useful, however, this site records various user-system information relating to browsing activity.

In addition, developers promote search.lakadoor.com via rogue download/installation set-ups that hijack web browsers and modify various options without permission.

   
eBayWall Ransomware

What is eBayWall?

Discovered by malware security researcher, Jakub Kroustek, eBayWall is a ransomware-type virus that stealthily infiltrates systems and encrypts stored data.

In doing so, eBayWall appends filenames with the ".ebay" extension (for example, "sample.jpg" is renamed to "sample.jpg.ebay"). eBayWall then creates an HTML file ("ebay-msg.html"), placing it on the desktop.

   
Search.progressgar.com Redirect (Mac)

What is search.progressgar.com?

Identical to search.mykotlerino.com, search.societycake.com, search.festovshade.com, and many others, search.progressgar.com is a fake Internet search engine that falsely claims to enhance the browsing experience by generating improved results.

Initially, this website may seem legitimate and useful, since its appearance is very similar to Google, Bing, Yahoo, and other legitimate search engines.

In fact, search.progressgar.com is promoted via rogue download/installation set-ups designed to modify browser options without permission. In addition, this site continually tracks Internet browsing activity by gathering various user-system information.

   
Blocking Ransomware

What is Blocking?

Blocking is a variant of a ransomware-type virus called BTCWare. Once infiltrated, Blocking encrypts various data and appends filenames with the "[developers'_email].blocking" extension. For instance "sample.jpg" is renamed to "sample.jpg.[avalona.toga@aol.com].blocking".

To see the full list of examples, click here. Following successful encryption, Blocking creates an HTA file ("!#_READ_ME_#!.hta"), placing it in each folder containing encrypted files.

   
Search.pogypon.com Redirect (Mac)

What is search.pogypon.com?

According to the developers, search.pogypon.com is a "top-notch" Internet search engine that significantly enhances the browsing experience by generating improved results. On initial inspection, search.pogypon.com may seem similar to Google, Bing, Yahoo, and other legitimate search engines.

Therefore, many users believe that search.pogypon.com is also legitimate and useful. In fact, this site continually records information relating to web browsing activity. Furthermore, developers promote search.pogypon.com via rogue download/installation set-ups.

   
Symbiom Ransomware

What is Symbiom?

Symbiom is a ransomware-type virus discovered by malware security researcher, Karsten Hahn. Symbiom is based on an open-source ransomware project called Hidden Tear. Once infiltrated, Symbiom encrypts various files using the AES encryption algorithm.

In addition, it appends filenames with the ".symbiom_locked" extension. For instance, "sample.jpg" is renamed to "sample.jpg.symbiom_locked". Following successful encryption, Symbiom creates a text file ("README_Symbiom.txt"), placing it on the desktop wallpaper.

   
CryptoMix Ransomware [Updated]

What is CryptoMix?

CryptoMix is a dubious ransomware-type virus that encrypts various data stored on the infected computer. During encryption, this ransomware appends the name of each encrypted file with .DLL, .FILE, .SHARK, .arena, .EMPTY, .wallet, .noob, .ck, .zayka, .ERROR, .OGONIA, .CNC, .PIRATE, .ZERO, .DG, .code, .rscl, .rmd or .lesli extension.

Furthermore, CryptoMix creates two files (HELP_YOUR_FILES.TXT and HELP_YOUR_FILES.HTML) and places them in each folder containing the encrypted files. The updated variant of this ransomware stores the ransom demand message in _INTERESTING_INFORMACION_FOR_DECRYPT.TXT, _HELP_INSTRUCTION.TXT or #_RESTORING_FILES_#.TXT files.

Both files contain a message informing users of the encryption. The newest variant of this ransomware presents its ransom demand message in the INSTRUCTION RESTORE FILE.txt file - encrypted files are renamed using the following pattern: sample.jpg.email[supls@post.com]_id[victim’s ID].rdmk.

   

Page 1653 of 2074

<< Start < Prev 1651 1652 1653 1654 1655 1656 1657 1658 1659 1660 Next > End >>
About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal