Virus and Spyware Removal Guides, uninstall instructions

What is Stampado?

A ransomware service called Stampado is new malware available on the dark market. This virus is advertised and sold on the 'dark web' - anyone can purchase a lifetime license and proliferate the virus without little effort.

After infiltrating computers, Stampado encrypts various files and appends the name of each encrypted file with the .locked extension. Stampado then opens a ransom-demand window.

What is search.tagadin.com?

search.tagadin.com is presented as an Internet search engine that significantly enhances the Internet browsing experience by generating improved results.

Judging on appearance alone, search.tagadin.com may appear legitimate and useful, however, developers promote this website via rogue download/installation set-ups designed to modify browser settings without permission. Furthermore, this website continually records various information relating to users' Internet browsing activity.

What is May?

May is a ransomware-type virus discovered by MalwareHunterTeam. Once infiltrated, May encrypts various data using AES-256 and RSA-4096 encryption algorithms and appends filenames with the ".locked" extension (for example, "sample.jpg" is renamed to "sample.jpg.locked").

May then creates a text file ("Restore_your_files.txt") containing a ransom-demand message and places it in each folder containing encrypted files.

What is weather-genie.com?

According to the developers, weather-genie.com is a 'high-experience' Internet search engine that significantly enhances the browsing experience by generating improved results. Judging on appearance alone, weather-genie.com may appear legitimate and useful, however, this website is promoted via a rogue application called WeatherGenie.

By falsely claiming to provide local weather forecasts, WeatherGenie attempts to give the impression of legitimacy.

In fact, it is categorized as a potentially unwanted program (PUP) and a browser hijacker. There are three main reasons for these negative associations: 1) stealth installation without consent; 2) modification of web browser settings, and; 3) tracking of users' Internet browsing activity.

What kind of malware is ONYONLOCK?

ONYONLOCK is a new variant of a ransomware-type virus called BTCWare. This virus was discovered by security researcher, MalwareHunterTeam. Following successful infiltration, ONYONLOCK encrypts various data stored on victims' computers.

Furthermore, it appends the ".onyon" extension to the name of each encrypted file (for example, "sample.jpg" is renamed to "sample.jpg.onyon"). Once files are encrypted, ONYONLOCK creates a text file ("!#_DECRYPT_#!.inf"), placing it in each folder containing encrypted files.

What is CryptoViki?

CryptoViki is a ransomware-type virus discovered by malware security researcher, Marcelo Rivero. Once infiltrated, CryptoViki encrypts various data and appends the ".viki" extension to the names of all compromised files. For instance, "sample.jpg" is renamed to "sample.jpg.viki".

Following successful encryption, CryptoViki changes the desktop wallpaper and creates a text file ("readme.txt"), placing it in each folder containing encrypted files.

What is ShareWithUs?

ShareWithUs is a deceptive application that stealthily infiltrates systems during installation of other programs (the "bundling" method).

Following infiltration, this app generates various intrusive online advertisements and continually records information relating to users' Internet browsing activity. For these reasons, ShareWithUs is categorized as adware and a potentially unwanted program (PUP).

What is GruxEx?

GruxEx is a copy of an open-source ransomware project called Hidden Tear. Once infiltrated, GruxEx employs AES cryptography to encrypt various files. During encryption, this ransomware appends the ".grux" extension to the name of each encrypted file.

For instance, "sample.jpg" is renamed to "sample.jpg.grux". Following successful encryption, GruxEx opens a pop-up window containing a ransom-demand message.

What is DarkoderCrypt0r?

Discovered by security researcher, Lawrence Abrams, DarkoderCrypt0r is a copy of a ransomware-type virus called Wcry (WannaCry). Once infiltrated, DarkoderCrypt0r encrypts various data and appends the ".DARKCRY" extension to the name of each encrypted file (for example, "sample.jpg" is renamed to "sample.jpg.DARKCRY").

Following successful encryption, DarkoderCrypt0r opens a pop-up window with a ransom-demand message. Note that this ransomware is still under development and, thus, currently only encrypts files stored on the desktop.

What is Your Windows Computer Has Been Blocked?

"Your Windows Computer Has Been Blocked" is a fake error message displayed by a malicious website. Users are redirected to this site by potentially unwanted adware-type programs (PUPs). These apps often infiltrate systems without users' consent. In addition, they collect personally identifiable information and deliver intrusive online advertisements.