Virus and Spyware Removal Guides, uninstall instructions

Safestwaytosearch.com Redirect

What is search.safestwaytosearch.com?

search.safestwaytosearch.com is another fake search engine that supposedly enhances the browsing experience by generating improved results, and delivering the latest worldwide news and local weather forecasts. Judging on appearance alone, search.safestwaytosearch.com barely differs from Google, Bing, Yahoo, and other legitimate search engines.

In fact, developers promote search.safestwaytosearch.com using a browser-hijacking app called Safest Way To Search, which supposedly protects your privacy when browsing the Internet. Furthermore, search.safestwaytosearch.com and Safest Way To Search record information relating to users' Internet browsing activity.

   
XMRIG Virus

What is XMRIG Virus?

XMRIG is a completely legitimate open-source application that utilizes system CPUs to mine Monero cryptocurrency. Unfortunately, criminals generate revenue by infiltrating this app into systems without users' consent. This deceptive marketing method is called "bundling".

In most cases, "bundling" is used to infiltrate several potentially unwanted programs (PUAs) at once. So, there is a high probability that XMRIG Virus came with a number of adware-type applications that deliver intrusive ads and gather sensitive information.

   
Boost PC Pro 2018 Unwanted Application

What is Boost PC Pro 2018?

Developers present Boost PC Pro 2018 as a great tool to enhance system performance by optimization and removing various threats/issues. Judging on appearance alone, Boost PC Pro 2018 may seem legitimate and useful, however, this tool infiltrates systems without consent and gives no real value for regular users.

For these reasons, Boost PC Pro 2018 is categorized as a potentially unwanted program (PUP). It is identical to another deceptive app called Dr. Clean Pro 2018.

   
Aurora Ransomware

What is Aurora?

Recently discovered by MalwareHunterTeam, Aurora is a ransomware-type virus that stealthily infiltrates systems and encrypts most stored files. To achieve this, Aurora uses RSA-2048 - an asymmetric encryption algorithm. During the process, this malware appends filenames with the ".Aurora" extension (e.g., "sample.jpg" is renamed to "sample.jpg.Aurora").

Encrypted data immediately becomes unusable. After successfully encrypting data, Aurora creates a text file ("HOW_TO_DECRYPT_YOUR_FILES.txt" or "!-GET_MY_FILES-!.txt") and places a copy in every existing folder.

Fortunately, Aurora ransomware is decryptable. The decryption tools for this malware have been developed by Michael Gillespie (more information) and by Emsisoft (more information).

   
King Ouroboros Ransomware

What is King Ouroboros?

First discovered by Michael Gillespie, King Ouroboros is a ransomware-type virus based on an open-source ransomware project called CryptoWire. Immediately after infiltration, King Ouroboros encrypts stored data using the AES-256 encryption algorithm. Furthermore, it renames compromised data using the "[original_name].king_ouroboros.[original_format]" pattern.

For example, "sample.jpg" is renamed to "sample.king_ouroboros.jpg". Once data is encrypted, using it immediately becomes impossible.

After successfully encrypting data, King Ouroboros opens a pop-up window containing a ransom-demand message. Updated variants of this ransomware use "[Mail=unlockme123@protonmail.com].Lazarus", ".odveta" and ".KRONOS" extensions for encrypted files.

   
Recme Ransomware

What is Recme?

First discovered by malware security researcher, Michael Gillespie, Recme is a new variant of a ransomware-type virus called Scarab. Once infiltrated, this ransomware encrypts most files and renames them using the "[hexadecimal_number].recme" pattern.

For instance, "sample.jpg" might be renamed to a filename such as "146B2A308AFCE4D2A7192DF3A41FCB840.recme". Once encrypted, data immediately becomes unusable and indistinguishable. Following successful encryption, Recme generates a text file ("HOW_TO_RECOVER_ENCRYPTED_FILES.TXT") and places a copy in every existing folder.

   
QIP.ru Redirect

What is qip.ru?

qip.ru is a fake web search engine that supposedly enhances the browsing experience by generating improved results, providing the latest news and other useful features. Judging on appearance alone, qip.ru may seem legitimate, however, developers promote this site using a rogue browser called QiP Surf, which is based on Chromium.

In most cases, QIP Surf infiltrates systems without permission. Deceptive QIP Surf installation set-ups are also designed to set it as the default web browser and modify other browser settings. In addition, qip.ru and QIP Surf continually monitor browsing activity by gathering various user-system information.

   
BtcKING Ransomware

What is BtcKING?

Discovered by Michael Gillespie, BtcKING is a ransomware-type virus designed to stealthily infiltrate systems and encrypt most stored files (making them completely unusable). During encryption, BtcKING appends filenames with the "ID [victim's_ID].BtcKING" extension.

For example, "sample.jpg" might be renamed to a filename such as "sample.jpg ID X9yTde8gPGru.BtcKING". Once files are successfully encrypted, BtcKING generates a text file ("How To Decode Files.txt") and places a copy in each existing folder.

   
Omerta Ransomware

What is Omerta?

Omerta is a ransomware-type virus discovered by malware security researcher, Michael Gillespie. As with most ransomware, Omerta infiltrates the system and encrypts most stored data.

During encryption, Omerta renames files using ".[vankacrypter@protonmail.com].omerta" and "[random_characters].[XAVAX@PM.ME].omerta" pattern.

For example, at time of research, a file called "1.jpg" was renamed to "-f-^F![,_REWOSdfeEOm#r;!DSAEiJcdRskJ@Dm{&DuA#FD@eW%;dEdFf`ED-GqD{}+!(FDW1D+-FsdbfKN-F&d={KSD&[QWEKNSd.kfEnS#skp#;OPsER^'.[XAVAX@PM.ME] (2).omerta".

Encrypted data immediately becomes unusable and indistinguishable. After successful encryption, Omerta generates a text file ("READ THIS IF YOU WANT TO GET ALL YOUR FILES BACK.TXT") and places a copy in each existing folder.

Updated variants of this ransomware use .[patern32@protonmail.com].omerta, .[Y0urGod@protonmail.com].omerta, .[ygod123@pm.me].omerta and .[monez@protonmail.com].omerta extensions for encrypted files.

   
Porn Site Virus Scam

What kind of scam is "Porn Site Virus"?

"Porn Site Virus" is a scam message designed to scare and trick users into paying a ransom. Cyber criminals typically deliver this message via spam emails, however, some users continually encounter this message as a pop-up. This indicates the presence of adware-type apps.

Research shows that adware often infiltrates systems without consent. As well as displaying "Porn Site Virus" pop-ups, these programs are also likely to deliver intrusive advertisements and gather sensitive information.

   

Page 1665 of 2181

<< Start < Prev 1661 1662 1663 1664 1665 1666 1667 1668 1669 1670 Next > End >>
About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal