Virus and Spyware Removal Guides, uninstall instructions

Authenticate Account Email Scam

What is "Authenticate Account" scam email?

Our team analyzed this email letter and learned that it was sent to obtain personal information from the recipient. It is disguised as a letter from an email service provider. It contains a website link designed to open a phishing page. This email must be ignored.

   
Venolock Ransomware

What kind of malware is Venolock?

Venolock is one of the ransomware variants from the ZEPPELIN ransomware family. We discovered Venolock while inspecting malware samples submitted to VirusTotal. Our team learned that this ransomware encrypts and renames files. It appends ".vn2" and the victim's ID to filenames.

For example, Venolock renames a file named "1.jpg" to "1.jpg.vn2.1CE-517-EDF", "2.png" to "2.png.vn2.1CE-517-EDF", and so forth. Also, it drops the "ALL YOUR FILES ARE ENCRYPTED.txt" file on the desktop. That file contains a ransom note.

   
Powd Ransomware

What kind of malware is Powd?

Powd is ransomware (belonging to the Djvu family) that encrypts victims' files to make them inaccessible. Also, this malware modifies filenames by appending the ".powd" extension to filenames and creates a ransom note ("_readme.txt") to provide contact and payment information.

An example of how Powd renames files: it changes "1.jpg" to "1.jpg.powd", "2.png" to "2.png.powd", "3.exe" to "3.exe.powd", and so forth.

Our team discovered Powd while analyzing malware samples submitted to VirusTotal. We also found that it is common for information stealers (like Vidar and RedLine) to be distributed alongside Djvu ransomware.

   
Asxerk.click Ads

What kind of page is asxerk[.]click?

While inspecting questionable websites, we discovered the asxerk[.]click rogue webpage. It runs scams, promotes browser notification spam, and redirects visitors to other (likely unreliable/malicious) sites. Users typically access such pages through redirects caused by websites that use rogue advertising networks.

   
LockFiles (MedusaLocker) Ransomware

What is LockFiles (MedusaLocker) ransomware?

While investigating new submissions to VirusTotal, our researchers discovered the LockFiles ransomware. This malicious program belongs to the MedusaLocker ransomware family.

After we executed a sample of LockFiles (MedusaLocker) ransomware on our testing system, it encrypted files and appended their filenames with a ".LockFiles" extension. To elaborate, a file named "1.jpg" appeared as "1.jpg.LockFiles", "2.png" as "2.png.LockFiles", etc.

Once this process was finished, a ransom note titled "how_to_back_files.html" was created on the desktop. The text presented in this file reveals that this ransomware targets companies rather than home users, and it uses double extortion tactics.

   
AROS Ransomware

What is AROS ransomware?

While looking through new malware submissions to VirusTotal, our researchers discovered the AROS ransomware-type program. Once we executed a sample of it on our test machine, this ransomware began encrypting files.

The filenames of the affected files were appended with a unique ID assigned to the victim, the cyber criminals' email address, and a ".ARS" extension. For example, a file originally titled "1.jpg" appeared as "1.jpg.[5d3e178db8].[luckyguys@tutanota.com].ARS". Afterwards, AROS created a ransom note - "How_to_decrypt_files.txt" - on the desktop.

   
Ivonch.click Ads

What kind of page is ivonch[.]click?

We examined ivonch[.]click and found that this page promotes the "McAfee - Your PC is infected with 5 viruses!" scam. Also, it asks for permission to deliver notifications. Ivonch[.]click is a deceptive page that should be ignored and never allowed to show notifications.

   
Catchlucksurvey.top Ads

What kind of page is catchlucksurvey[.]top?

Catchlucksurvey[.]top is a rogue website that was discovered by our researchers during a routine inspection of dubious pages. It promotes deceptive material, pushes spam browser notifications, and redirects visitors to different (likely untrustworthy/harmful) sites.

Users typically enter webpages akin to catchlucksurvey[.]top through redirects caused by sites using rogue advertising networks.

   
LegendDeploy Adware (Mac)

What is LegendDeploy?

Our researchers discovered the LegendDeploy rogue application while inspecting new submissions to VirusTotal. Following installation on our test machine, this app operated as adware. It is noteworthy that LegendDeploy is part of the AdLoad malware family.

   
Dark Reader For Chrome Adware

What kind of application is Dark Reader for Chrome?

Dark Reader for Chrome is a browser extension promoted as a tool enabling users to use a dark theme for all websites. While testing this app, our team found that it displays annoying/intrusive advertisements. Apps that show ads are classified as adware. It is uncommon for adware to be downloaded and installed on purpose.

   

Page 425 of 2107

<< Start < Prev 421 422 423 424 425 426 427 428 429 430 Next > End >>
About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal