Virus and Spyware Removal Guides, uninstall instructions

Evil Locker ransomware removal instructions

What is Evil Locker?

Evil Locker is a ransomware-type virus discovered by malware security researcher, Jakub Kroustek. After stealthily infiltrating the system, Evil Locker encrypts most stored files and appends filenames with the ".[evil@cock.lu].EVIL" extension. For example, "sample.jpg" is renamed to "sample.jpg.[evil@cock.lu].EVIL". Once compromised, data immediately becomes unusable. Following successful encryption, Evil Locker generates a text file ("!_HOW_RECOVERY_FILES_!.txt") and places a copy in all existing folders.

Search.medianewpagesearch.com redirect removal instructions

What is search.medianewpagesearch.com?

Identical to futuremediatabsearch.com, powermediatabsearch.com, and many others, search.medianewpagesearch.com is a fake Internet search engine that, according to the developers, enhances the browsing experience by generating improved results and providing quick access to popular sites (Facebook, YouTube, Netflix, etc.) Initially, this site may appear legitimate and useful, however, developers promote search.medianewpagesearch.com using a browser-hijacking application called MediaNewPage. Furthermore, search.medianewpagesearch.com and MediaNewPage continually record information relating to web browsing activity.

Rotor ransomware removal instructions

What is Rotor?

Rotor or RotorCrypt (Trojan-Ransom.Win32.Rotor) is a ransomware-type virus that infiltrates systems and stealthily encrypts various files. During encryption, Rotor appends the names of encrypted files with:

• !___________ANCABLCITADEL@TUTAMAIL.COM__________.PGP
• !____________ENIGMAPRO@TUTAMAIL.COM_______.PGP
• !____________DESKRYPT@TUTAMAIL.COM________.rar
• !_____FIDEL4000@TUTAMAIL.COM______.biz
• !==solve a problem==stritinge@gmail.com===.SENRUS17
• !-=solve a problem=-=grandums@gmail.com=-.PRIVAT66
• !_____INKASATOR@TUTAMAIL.COM____.ANTIDOT
• !_____DILIGATMAIL7@tutanota.com_____.OTR
• !__recoverynow@india.com__.v8
• !____GLOK9200@GMAIL.COM____.tar
• !____cocoslim98@gmail.com____.tar
• !==SOLUTION OF THE PROBLEM==blacknord@tutanota.com==.Black_OFFserve
• !decrfile@tutanota.com.crypo
• ! ,--, Revert Access ,--, starbax@tutanota.com ,--,.BlockBax_v3.2
• !________INKOGNITO8000@TUTAMAIL.COM_________.SPG
• !@#$%______PANAMA1@TUTAMAIL.com_____%$#@.mail
• !@#$_____ISKANDER@TUTAMAIL.COM_____$#@!.RAR
• !@!@!@_contact mail___boroznsalyuda@gmail.com___!@!@.psd
• !@#$_____INKASATOR1@TUTAMAIL.COM_____$#@!.RAR
• !@$_____inkasator1@tutamail.com_____$@!.rar
• !@$#-unlock-email______zepro190@gmail.com______#$!...ES_HELPs
• !@#$%______PANAMA1@TUTAMAIL.com_____%$#@.mail

Unlike other ransomware, this virus does not open pop-up windows or create text files containing ransom-demand messages. Information regarding the infiltration is provided only after victims contact cyber criminals via email addresses provided (added as file extensions).

Hp.mysearch.com redirect removal instructions

What is hp.mysearch.com?

Developers state that the StreamFrenzy application allows users to listen worldwide radio stations directly from the browser. Initially, this functionality may seem legitimate and useful, however, this app often infiltrates systems without permission, modifies web browser options, and records various information. Due to this rogue behavior, StreamFrenzy is categorized as a potentially unwanted program (PUP) and a browser hijacker.

Powzip removal instructions

What is Powzip?

Powzip is a deceptive application that falsely claims to provide file compression and other similar functions. Initially, Powzip may seem legitimate and useful, however, it is categorized as a potentially unwanted program (PUP) and adware. There are three main reasons for these negative associations: 1) installation without users' consent; 2) display of intrusive advertisements, and; 3) information tracking.

Xorist ransomware removal instructions

What is Xorist?

Xorist (EnCiPhErEd) is a family of ransomware-type malware. After stealth system infiltration, ransomware from this family encrypts various files stored on the computer and adds one of the following extensions to each encrypted file: ...Files-Frozen-NEED-TO-MAKE-PAYMENT-FOR-DECRYPTOR-OR-ALL-YOUR-FILES-WILL-BE-PERMANENLTY-DELETE, .cryptedx, .CerBerSysLocked0009881, ....error77002017111, .Blocked2, .TaRoNiS, .Cerber_RansomWare@qq.com, .hello, .brb, .RusVon, .fast_decrypt_and_protect@tutanota.com, .xdata, .SaMsUnG, .zixer2, .antihacker2017, .error, .errorfiles, .@EnCrYpTeD2016@, .pa2384259, .encoderpass, .fileiscryptedhard, .6FKR8d, .EnCiPhErEd, .73i87A, .p5tkjw, .PoAr2w, .xwz or .ava. After encrypting the files, this ransomware creates a 'How to Decrypt Files.txt text file on the victim's desktop. The file contains a message stating that the files can only be restored by paying a ransom. The victim is then encouraged to contact cyber criminals by SMS and using a phone number provided. It is stated that victims have a limited number of attempts to send an SMS message with the specified text. This number diminishes each time the victim sends an SMS with text that does not conform to a pattern provided within the 'How to Decrypt Files.txt' file.

Cobalten.com redirect removal instructions

What is cobalten.com?

cobalten.com is a rogue site similar to onclickbright.com, pttsite.com, obeyter.com, and many others. It cause redirects to various other untrustworthy (potentially, malicious) websites. Many visitors arrive at cobalten.com inadvertently - they are redirected by potentially unwanted programs (PUPs) or advertisements delivered by other rogue sites. In most cases, PUPs infiltrate systems without permission and, as well as causing redirects, generate intrusive ads and gather sensitive information.

FedEx Package Email SPAM virus removal guide

What is FedEx Package Email SPAM?

Similar to Important Documents IRS, Payslip, HM Revenue & Customs Outstanding Amount, and many others, "FedEx Package Email SPAM" is a email spam campaign used to distribute a high-risk virus called Adwind. Email messages state that the user has missed a delivery from the FedEx company and must collect it personally. For detailed information, users are encouraged to open an attachment. Be aware, however, that the attached .jar file is malicious - once opened, it downloads and installs malware.

Your McAfee Subscription Has Expired removal instructions

What is Your McAfee Subscription Has Expired?

"Your McAfee Subscription Has Expired" is a deceptive pop-up message stating that the anti-virus suite subscription is no longer valid. It is delivered by various deceptive websites. Research shows that many users visit these sites inadvertently - they are redirected by intrusive ads (displayed by other rogue sites) or PUPs (potentially unwanted programs). In most cases, potentially unwanted programs infiltrate systems without permission. As well as causing redirects, they deliver intrusive advertisements and gather sensitive data.

24H ransomware removal instructions

What is 24H?

Discovered by Michael Gillespie, 24H is a ransomware-type virus designed to stealthily infiltrate the system and encrypt most stored files. During encryption, 24H appends filenames with the ".24H" extension (e.g., "sample.jpg" is renamed to "sample.jpg.24H"). Encrypted data immediately becomes unusable. 24H then generates a text file ("ReadME-24H.txt"), placing a copy in every existing folder.