Virus and Spyware Removal Guides, uninstall instructions

Hades Locker Ransomware

What is Hades Locker?

Hades Locker is an updated version of WildFire Locker ransomware that infiltrates systems and encrypts a variety of data types using AES encryption. Hades Locker appends the names of encrypted files with the ".~HL[5_random_characters] (first 5 characters of encryption password)" extension.

In addition, this ransomware deletes file shadow volume copies. Following encryption, Hades Locker creates three files ("README_RECOVER_FILES_[victim_id].html", "README_RECOVER_FILES_[victim_id].png", "README_RECOVER_FILES_[victim_id].txt"), placing them in each folder containing encrypted files.

   
Research Soft Unwanted Application

What is Research Soft?

Research Soft is a deceptive program that claims to provide "best" online shopping offers based on collected information relating to Internet browsing activity.

These claims often trick users into believing that Research Soft is a legitimate and useful application, however, this app often infiltrates systems without users' permission. Furthermore, Research Soft distorts the truth relating to data collection. For these reasons, it is categorized as a potentially unwanted program (PUP).

   
GeoByPass Adware

What is GeoByPass?

GeoByPass is a rogue application that supposedly allows users to access various websites that are blocked in their countries. This functionality may appear legitimate and useful, however, GeoByPass is distributed using the "bundling" method and, thus, often infiltrates systems without users' consent.

Furthermore, this application generates intrusive online advertisements and continually gathers information relating to users' Internet browsing activity. For these reasons, GeoByPass is classed as a potentially unwanted program (PUP) and adware.

   
KillerLocker Ransomware

What is KillerLocker?

KillerLocker is a ransomware-type virus designed to encrypt files. During encryption, KillerLocker appends the ".rip" extension to the name of each compromised file. For instance, "sample.jpg" is renamed to "sample.jpg.rip". A window informing victims of the encryption is then displayed.

   
Nuke Ransomware [Updated]

What is Nuke?

Newly-discovered ransomware-type malware, Nuke (also known as Nuclear #55) is designed to encrypt most stored data using RSA cryptography. During encryption, Nuke renames files using random characters and appends a ".0x5bm" or .nuclear55 extension.

Example of encrypted filenames: "bafd0lln90azb8g22.0x5bm" and "WdEf+adbcmWaEedc.nuclear55". Once the data is encrypted, Nuke generates two ransom-demand files: "!!_RECOVERY_instructions_!!.html" and "!!_RECOVERY_instructions_!!.txt" and changes the desktop wallpaper.

   
Fs0ci3ty Ransomware

What is Fs0ci3ty?

Fs0ci3ty (Fsociety) is a ransomware-type virus distributed using spam emails. The malicious attachment claims to be a system driver update-related doc file, which contains gibberish text and encourages users to enable MS Word macros to decode this text.

Once the macros are enabled, however, file encryption begins. Fs0ci3ty encrypts files using AES-256 cryptography. During encryption, Fs0ci3ty appends the names of encrypted files with the ".realfs0ciety@sigaint.org.fs0ciety" extension. For example, "sample.jpg" would be renamed to "sample.jpg.realfs0ciety@sigaint.org.fs0ciety".

Other variants of this ransomware add .dll extension to compromised files. In this case "sample.jpg" would be renamed to "sample.jpg.dll". Following successful encryption, Fs0ci3ty places a ransom-demand HTML file ("Fs0ci3ty.html") on the desktop.

   
SecureCrypted Ransomware [Updated]

What is SecureCrypted?

SecureCrypted is a file-encrypting ransomware-type virus that stealthily infiltrates computers and encrypts stored files using an asymmetric encryption algorithm. During this process, SecureCrypted adds the ".disappeared", ".SecureCrypted”, “.bleepYourData" or “.F**YourData” extension to each encrypted file.

For example, sample.jpg becomes sample.jpg.SecureCrypted. Text files are then created and named after the encrypted files (for example, sample.jpg.Contact_Here_To_Recover_Your_Files.txt or sample.jpg.Where_my_files.txt).

   
Footybase.com Redirect

What is footybase.com?

footybase.com is a fake Internet search engine identical to climbon.top, searchqq.com, ttczmd.com, and many other rogue sites. 

By falsely claiming to generate improved search results, footybase.com attempts to give the impression of legitimacy. In fact, this site is promoted using rogue software downloaders/installers that hijack Internet browsers and modify various options without users' consent. Furthermore, footybase.com records various information relating to users' Internet browsing activity.

   
Statliru1.ru Redirect

What is statliru1.ru?

Identical to slivnewbest.ru, searchqq.com, searchgra.com, and dozens of other websites, statliru1.ru/i/rt2.html is a fake Internet search engine claiming to improve the Internet browsing experience by generating the most relevant search results.

These false claims often trick users into believing that statliru1.ru is legitimate and useful, however, the search engine is promoted using rogue software download/installation set-ups that hijack web browsers and stealthily modify various options. In addition, statliru1.ru continually monitors users' Internet browsing activity.

   
Donald Trump Ransomware

What is Donald Trump?

Newly-discovered ransomware - Donald Trump - encrypts files (using AES cryptography) and appends the ".ENCRYPTED" extension to the name of each encrypted file. For example, encrypted "sample.jpg" might be renamed to "sample.jpg.ENCRYPTED".

Following successful encryption, this ransomware opens a pop-up window informing victims of the encryption.

   

Page 2016 of 2342

<< Start < Prev 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 Next > End >>
About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal