Virus and Spyware Removal Guides, uninstall instructions

OperativeField Adware (Mac)

How to remove OperativeField from Mac?

What is OperativeField?

OperativeField is designed to serve advertisements, promote Safe Finder via, collect sensitive information and change some browser's settings (promote a fake search engine). It operates as adware and a browser hijacker. More often than not users download and install apps of this type unknowingly, unintentionally. Therefore, such apps are categorized as potentially unwanted applications (PUAs).

OnlinePrivacyManager Toolbar redirect removal instructions

What is

Developed by the Mindspark Interactive Network, OnlinePrivacyManager is a piece of rogue software endorsed as a tool to increase users' browsing privacy. This application is classified as a browser hijacker. It operates by making modifications to browser settings in order to promote - a fake search engine. Additionally, OnlinePrivacyManager spies on users' browsing activity. Due to the dubious techniques used to distribute OnlinePrivacyManager, it is deemed to be a PUA (Potentially Unwanted Application).

Wacker Email Virus

"Wacker Email Virus" removal guide

What is "Wacker Email Virus"?

Typically, malspam campaigns are disguised as email letters from legitimate, official companies, organizations and are sent with a purpose to trick recipients into installing one or another malicious program. This malspam campaign is disguised as a letter from Wacker Chemie AG, cyber criminals behind it attempt to trick recipients into installing a Remote Access Trojan (RAT) named NetWire. Wacker Chemie AG is a legitimate company which has nothing to do with this spam campaign.

PDFConvertersSearch Browser Hijacker

PDFConvertersSearch browser hijacker removal instructions

What is PDFConvertersSearch?

PDFConvertersSearch is a browser hijacker which is designed to promote the address (a fake search engine). Typically, apps of this type hijack browsers by changing some of their settings. It is common that they are designed to gather browsing-related and/or other information as well. Apps of this type are categorized as potentially unwanted applications (PUAs), it is because most users download and install them unintentionally, inadvertently.

Covid-19 Health And Safety Plan Email Virus

"Covid-19 Health and Safety Plan" email virus removal guide

What is the "Covid-19 Health and Safety Plan" email?

"Covid-19 Health and Safety Plan" is yet another Coronavirus/COVID-19 themed spam campaign. The term "spam campaign" is used to define a large scale operation, during which thousands of deceptive/scam emails are sent. The "Covid-19 Health and Safety Plan" letters claim to contain an invoice for a "Health and Safety Plan Package". However, the attached file is designed to initiate the Agent Tesla RAT (Remote Access Trojan). Malware of this type enables remote access and control over the infected device.

VinDizelPux Ransomware

VinDizelPux ransomware removal instructions

What is VinDizelPux?

VinDizelPux belongs to the MedusaLocker ransomware family, it was discovered by Ravi. This ransomware makes files inaccessible for victims by encrypting them. Also, it renames every encrypted file by appending the ".VinDizelPux" extension. For example, it renames "1.jpg" to "1.jpg.VinDizelPux", "2.jpg" to "2.jpg.VinDizelPux", and so on. Instructions on how to contact cyber criminals and pay a ransom are can be found in "Recovery_Instructions.html" file, VinDizelPux drops this file in all folders that contain encrypted data.

Gyga Ransomware

Gyga ransomware removal instructions

What is Gyga ransomware?

Gyga is a piece of malicious software, belonging to the Dharma ransomware family. This malware is designed to encrypt data and demand payment for the decryption. During the encryption process, the files are retitled following this pattern: original filename, unique ID assigned to the victim, cyber criminals' email address and the ".gyga" extension. For example, a file like "1.jpg" would appear as something similar to "[].gyga" - following encryption. After this process is complete, a pop-up window is displayed and "FILES ENCRYPTED.txt" is created - which contain ransom notes.

.RABBIT Ransomware

.RABBIT ransomware removal instructions

What is .RABBIT?

.RABBIT is written in Python programming language, it was discovered by dnwls0719. It is designed to encrypt files with AES-256 algorithm, change their filenames by appending the ".RABBIT" extension and create the "อ่านวิธีแก้ไฟล์โดนล๊อค.txt" text file, a ransom note which is written in Thai language and can be found in folders that contain encrypted files. Example of how .RABBIT modifies filenames: it renames "1.jpg" to "1.jpg.RABBIT", "2.jpg" to "2.jpg.RABBIT", etc.

EvilQuest Ransomware (Mac)

How to remove EvilQuest from Mac?

What is EvilQuest ransomware?

The person who discovered EvilQuest is Dinesh_Devadoss. Like many other malicious programs of this type, EvilQuest encrypts victim's files and creates a ransom note. In most cases malware of this type modifies the names of encrypted files by appending a certain extension, although, this ransomware leaves them unchanged. It drops the "READ_ME_NOW.txt" in every folder that contains encrypted data and displays another ransom note in a pop-up window. Additionally, this malware is capable of detecting if certain files are stored on a computer, operate as a keylogger and receive some commands from Command & Control server.

.java Ransomware

.java ransomware removal instructions

What is the .java ransomware?

.java is the name of a malicious program, belonging to the Dharma ransomware family. Systems infected with this malware, experience data encryption and receive ransom demands for the decryption. During the encryption process, files are renamed according to this pattern: original filename, unique ID, cyber criminals' email address and ".java" extension (not to be confused with the legitimate ".java" extension of JAVA files). To elaborate on how a file could appear following encryption, then - a file like "1.jpg" would appear as something similar to "[].java", and so on for all of the affected files. Once this process is complete, a ransom note is presented in a pop-up window and "FILES ENCRYPTED.txt".


Page 5 of 1024

<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>
Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal