Step-by-Step Malware Removal Instructions

Discovered by CollabVM, NMoreira (Boot) is a ransomware-type program that operates by encrypting data and demanding ransom payments for decryption tools/software. During the encryption process, all affected files are appended with the ".NMoreira" extension. For example, a file named something lik

"IOS VPN profile" is a scam run on deceptive websites. This scheme claims that users' internet connections may not be secure and advises them to download/install a promoted VPN application. Software endorsed using such dubious tactics is typically nonfunctional, untrusted or even malicious. Som

originalsecureus[.]com is a deceptive website, running several scams. These schemes claim that the user's device is (or might be) infected - this is to promote untrusted or possibly malicious software. The endorsed applications are supposedly capable of removing the nonexistent threats. Note th

Bukyak is a part of the Aurora ransomware family. Like most programs of this type, it encrypts files, renames them and provides victims with instructions about how to contact the developers (plus other information). Bukyak renames files by appending the ".bukyak" extension to filenames. For examp

WANNACASH NCOV is a new variant of WannaCash ransomware discovered by Alex Svirid. WANNACASH NCOV encrypts files, changes their filenames, changes the desktop wallpaper, and creates a text file named "Как расшифровать файлы.txt". It renames encrypted files by using the "Файл зашифрован. Пиши. Поч

AresLookup is an adware-type application that also possess browser hijacker characteristics. It delivers various intrusive advertisements, modifies browsers and promotes fake search engines. Due to its dubious proliferation methods, AresLookup is also categorized as a Potentially Unwanted Applic

Discovered by Huntress Labs, Calix is malicious software that belongs to the Phobos ransomware family. Calix is designed to encrypt victims' files and create the "info.txt" and "info.hta" files. The first is a ransom message within a text file, whilst the .hta file displays a message in a pop-up w

Based on Hidden Tear, Rogue ransomware was discovered by GrujaRS. This software encrypts files (rendering them inaccessible), renames them and creates and/or displays ransom messages. Rogue renames encrypted files by appending the ".rogue" extension to filenames. For example, it renames "1.jpg" t

Discovered by Petrovic, Jest is malicious software designed to encrypt data and demand payment for decryption. It is a new variant of FunFact ransomware. When Jest encrypts, all affected files are appended with the ".jest" extension. For example, a file like "1.jpg" would appear as "1.jpg.jest" fo

mybestsecureus[.]com is the address of a dubious website, which advertises a potentially unwanted application (PUA) called VPN - Fast & Secure VPN Proxy. Typically, web pages such as mybestsecureus[.]com suggest that the visitors' devices may be at risk, infected with viruses, etc., and enc