Virus and Spyware Removal Guides, uninstall instructions

CoViper Malware

CoViper virus removal guide

What is the CoViper malware?

CoViper is yet another Coronavirus/COVID-19 themed malware, most likely proliferated as a file related to the pandemic. It operates by rewriting victims' system Master Boot Record (MBR). It does not delete the original but rather creates its backup and replaces it with a custom MBR. Typically, malicious software that alters MBRs does so to prevent the OS (Operating System) from being booted (i.e. started) and displays a screen-encompassing message, often containing a ransom note - this disables user access to their device. Such malicious programs are categorized as MBRLockers/screenlockers and/or ransomware. In case of CoViper, it does not present victims' with any demands. However, there is evidence to believe that this malware is still in development and may be updated for said purposes.

ShkolotaCrypt Ransomware

ShkolotaCrypt ransomware removal instructions

What is ShkolotaCrypt?

ShkolotaCrypt ransomware was discovered by GrujaRS. As a rule, malware of this type encrypts victim's files, modifies their filenames and creates (and/or displays) some ransom note, or notes. This ransomware renames encrypted files by appending the ".crypted" extension to their filenames, for example, it renames "1.jpg" file to "1.jpg.crypted", "2.jpg" file to "2.jpg.crypted", and so forth. ShkolotaCrypt creates a ransom note which is a text file named "README!!!".

InteractiveSpeed Adware (Mac)

How to remove InteractiveSpeed from Mac?

What is InteractiveSpeed?

InteractiveSpeed is designed to serve advertisements, collect various information (including sensitive data) and promote Safe Finder via This app is a potentially unwanted application (PUA) which is classified as adware. Typically, users download and install apps of this type unknowingly (accidentally).

ScanMyReg Unwanted Application

ScanMyReg removal instructions

What is ScanMyReg?

ScanMyReg is one of the many system optimization tools that supposed to fix various errors and improve computer performance in other ways. However, it is worthwhile to mention that its developers distribute it through setups of other programs by including it as additional offer. Typically, users download and install such programs unintentionally, therefore, they are classified as potentially unwanted applications (PUAs). It is not recommended to trust applications that are being distributed this way.

MSPLT Ransomware

MSPLT ransomware removal instructions

What is MSPLT?

Discovered by dnwls0719, MSPLT is the name of a malicious program, belonging to the Dharma ransomware family. Systems infected with this malware experience data encryption and receive ransom demands for the decryption tools/software. As this ransomware encrypts, all affected files are renamed following this pattern: original filename, unique ID assigned to the victims', cyber criminals' email address and the ".MSPLT" extension. For example, after encryption - a file like "1.jpg" would appear as something similar to "[].MSPLT", and so on. Once this process is complete, a ransom note titled "FILES ENCRYPTED.txt" is created and a pop-up window is displayed. Redirect redirect removal instructions

What is is an address which is being promoted by applications named Nismo AP and SApp+. These two applications are browser hijacker and is an address of a fake search engine. Like most browser hijackers, Nismo AP and SApp+ promote by changing browsers settings. It is common that apps of this type collect various information as too. Also, it is worth mentioning that users often download and install browser hijackers accidentally (unknowingly), therefore, they are also known as potentially unwanted applications (PUAs).

NMoreira (Boot) Ransomware

NMoreira (Boot) ransomware removal instructions

What is NMoreira (Boot)?

Discovered by CollabVM, NMoreira (Boot) is a ransomware-type program. It operates by encrypting data and demanding a ransom for the decryption tools/software. During the encryption process, all affected files are appended with the ".NMoreira" extension. For example, a file titled something like "1.jpg" would appear as "1.jpg.NMoreira" - following encryption. After the encryption process is complete, a ransom-demanding message is displayed when the system is rebooted and a ransom note "YOUR_DRIVE_HAS_BEEN_ENCRYPTED.TXT" - is created.

IOS VPN profile POP-UP Scam (Mac)

How to remove redirects to sites running "IOS VPN profile" scam from Mac?

What is "IOS VPN profile"?

"IOS VPN profile" is a scam run on deceptive websites. This scheme claims that users' Internet connect may not be secure and recommends them to download/install a promoted VPN application. Software endorsed using such dubious tactics is typically nonfunctional, untrustworthy or even malicious. Some of the rogue sites that display this fake error are delivered via Amazon CloudFront service. Users can also access these webpages through redirects caused by intrusive adverts or by PUAs (Potentially Unwanted Applications), already installed onto the system. POP-UP Scam (Mac)

How to remove redirects to originalsecureus[.]com from Mac?

What is originalsecureus[.]com?

Originalsecureus[.]com is a deceptive website, running several scams. These schemes claim that the user's device is or may be infected, in order to promote untrustworthy or possibly malicious software. The endorsed applications are supposedly capable of removing the nonexistent threats. Users should note that not site can actually detect threats/issues present on their systems, hence any that claim to do so are scams. It is expressly advised against trusting originalsecureus[.]com and others similar to it. Typically, such webpages are entered unintentionally; most access them via redirects caused by intrusive adverts or by PUAs (Potentially Unwanted Applications), already infiltrated into the system.

Bukyak Ransomware

Bukyak ransomware removal instructions

What is Bukyak?

Bukyak is a part of Aurora ransomware family. Like most programs of this type it encrypts files, renames them and provides victims with instructions on how to contact its developers (and other information). Bukyak renames files by appending the ".bukyak" extension to their filenames. For instance, it renames a file named "1.jpg" to "1.jpg.bukyak", "2.jpg" to "2.jpg.bukyak", etc. It drops three ransom notes ("@_FILES_WERE_ENCRYPTED_@.TXT", "@_HOW_TO_PAY_THE_RANSOM_@.TXT" and "@_HOW_TO_DECRYPT_FILES_@.TXT") in every folder that contains encrypted data. All three notes contain identical text. Additionally, when computer is restarted Bukyak displays a fake Windows sign in window designed to steal passwords.


Page 6 of 952

<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>
Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal