Virus and Spyware Removal Guides, uninstall instructions

What is LockBit 2.0 ransomware?

LockBit 2.0 is an updated variant of the LockBit ransomware. This malicious program is designed to encrypt data and demand ransoms for the decryption. In other words, this ransomware renders files unusable and asks victims to pay - to restore access/use of their data.

During the encryption process, affected files are appended with the ".lockbit" extension. For example, a file like "1.jpg" would appear as "1.jpg.lockbit", and so on. After this process is complete, ransom notes are created/displayed on the desktop wallpaper, pop-up window ("LockBit_Ransomware.hta"), and "Restore-My-Files.txt" text file.

What is the 761d[.]site website?

Sharing common traits with premium-shops-around.me, positiveweb.org, verifyrobots.online, life-change-about.me, and thousands of others, 761d[.]site is a rogue webpage. It loads questionable content and/or redirects visitors to various (likely unreliable or malicious) websites.

Users typically enter rogue sites via redirects caused by untrustworthy webpages, intrusive adverts, or PUAs (Potentially Unwanted Applications) infiltrated into their systems.

What is Wind Blocker?

Wind Blocker is a rogue browser extension endorsed as an adblocker. It is supposedly capable of eliminating various advertisements on the Web. Instead, Wind Blocker operates as adware, i.e., it displays ads. Furthermore, due to the questionable methods used to distribute software products within this classification, they are also considered to be PUAs (Potentially Unwanted Applications).

What type of threat is MyKings?

MyKings is the name of a botnet leveraging EternalBlue vulnerability in the Windows operating system. It is known that this botnet spreads Trojans, cryptocurrency miners, and possibly other malware. Once the system is infected, MyKings attempts to spread to other devices using the vulnerability mentioned before.

What is Mhkwl ransomware?

Mhkwl is a piece of malicious software classified as ransomware. It operates by encrypting data (rendering files unusable) and demanding payment for the decryption.

Encrypted files are appended with a random character string and a ".mhkwl" extension. For example, a file initially titled "1.jpg" would appear as something similar to "1.jpg.MGYVknZZsa7hqdl43-xdVkSFmdjfkdbL7swJ71pRZb7_1nJ97Sb9nos0.mhkwl". After this process is complete, a ransom note - "etrU_HOW_TO_DECRYPT.txt" - is dropped onto the desktop.

What is the premium-shops-around[.]me site?

Premium-shops-around[.]me is a rogue website similar to get-positive.net, positiveweb.org, apel.top, captcha-smart.top, and countless others. It is designed to load dubious content and/or redirect visitors to different (likely untrustworthy or malicious) webpages.

Most users enter rogue sites via redirects caused by suspect pages, intrusive advertisements, or installed PUAs (Potentially Unwanted Applications).

What is Host Europe email scam?

The purpose of most phishing emails is to trick recipients into providing personal information (usually through a provided website). These emails often are disguised as letters from legitimate companies or other entities. Scammers behind this email posing as Host Europe - a German company that serves as a web hosting provider.

What is Maxtrilha?

Maxtrilha is the name of a banking trojan. This piece of malicious software is designed to target victims' banking accounts and their log-in credentials. Maxtrilha has been especially active in Latin America and certain countries in Europe (notably Portugal). This malware has been observed being spread through phishing spam campaigns.

What is !secure ransomware?

!secure is a piece of malicious software categorized as ransomware. It encrypts data (renders files inaccessible) and demands payment for the decryption (access recovery).

Affected files are prepended with the cyber criminals' email address and a unique ID assigned to the victims, they are also appended with a ".!secure" extension. Therefore, a file initially titled "1.jpg" would appear as something similar to "{notsosecure@firemail.cc}.ID=34GI7BEH.1.jpg.!secure". Afterwards, two ransom notes - "!README!.hta" and "!README!.txt" - are created.

What is Void68 ransomware?

Void68 blocks access to files (it encrypts them) and modifies their filenames. It appends the ".void" extension to the filename of every encrypted file. For example, it renames "1.jpg" to "1.jpg.void", "2.jpg" to "2.jpg.void". Void68 also changes the desktop wallpaper to an image containing a ransom note and creates the "nyiss meg.txt" file.