Virus and Spyware Removal Guides, uninstall instructions

Llqq Ransomware

What kind of malware is Llqq?

Our malware researchers have discovered another ransomware belonging to the Djvu family called Llqq while examining malware samples submitted to the VirusTotal site. Llqq is designed to encrypt files and append its extension (".llqq" to filenames). It also creates a text file ("_readme.txt") containing a ransom note.

An example of how files encrypted by Llqq are renamed: "1.jpg" is renamed to "1.jpg.llqq", "2.png" to "2.png.llqq", "3.exe" to "3.exe.llqq", and so forth.

   
Serviceworker.click Ads

What kind of page is serviceworker[.]click?

While researching untrustworthy sites, we found the serviceworker[.]click rogue webpage. It promotes scams, pushes browser notification spam, and redirects visitors to different (likely dubious/malicious) websites.

Most users enter such pages through redirects caused by sites using rogue advertising networks, spam notifications, intrusive ads, or installed adware.

   
Code Core Ransomware

What is Code Core ransomware?

While looking through new submissions to VirusTotal, our researchers discovered the Code Core ransomware. Malicious programs within this category are designed to encrypt data and demand ransoms for the decryption.

Once a sample of Code Core was executed on our test machine, it encrypted files and appended their filenames with an extension consisting of four random characters. For example, a file titled "1.jpg" appeared as "1.jpg.3tp9", "2.png" as "2.png.69mg", and so on for all of the affected files.

After the encryption was finished, this ransomware created a text file named "code core.txt", which contained the ransom note. Additionally, Code Core changed the desktop wallpaper.

   
Chc Energy Email Virus

What kind of email is "Chc Energy"?

After inspecting this "Chc Energy" email, we determined that it is spam designed to proliferate malware (malspam). This letter is presented as a notification regarding a blocked registration with CHC ENERGY.

It must be emphasized that these fake emails are in no way associated with this or any other legitimate company. The goal of this spam mail is to infect recipients' devices with the Grandoreiro banking trojan.

   
Skip Over Ads Adware

What is Skip Over Ads?

Skip Over Ads is the name of a rogue browser extension that our researchers discovered while inspecting dubious download sites. This piece of software promises to block and/or auto-skip advertisements on YouTube. Instead, as our analysis revealed, Skip Over Ads operates like adware - software that displays ads.

   
Bahamut Spyware (Android)

What kind of malware is Bahamut?

Bahamut is the name of Android malware with spyware functionality. Threat actors use Bahamut to steal sensitive information. The newest malware version targets various messaging apps and personally identifiable information.

   
Killer Ransomware

What is Killer ransomware?

Killer is the name of a ransomware-type program that our researchers discovered while inspecting new malware submissions to VirusTotal. On our test machine, this program encrypted files and modified their titles.

The filenames were prepended with the cyber criminals' email address and a unique ID assigned to the victim, and they were also appended with the ".kill" extension. For example, a file named "1.jpg" appeared as "[crypter@firemail.de][9ECFA84E]1.jpg.kill".

Once the encryption was completed, Killer ransomware created a ransom note titled "#FILES-ENCRYPTED.txt". Additionally, this ransomware displayed a message before the log-in screen, informing victims of the attack and instructing them to read the ransom note.

   
Ransom Cartel Ransomware

What kind of malware is Ransom Cartel?

Ransom Cartel is ransomware that blocks access to files by encrypting them and appends five random characters to filenames. It also creates a text file (named "[extension]-readme.txt") containing a ransom note. Ransom Cartel is similar to another ransomware called Sodinokibi.

An example of how Ransom Cartel renames files: it changes "1.jpg" to "1.jpg.nzvmn", "2.png" to "2.png.nzvmn", "3.exe" to "3.exe.nzvmn", and so forth.

   
Systemopc.xyz Ads

What kind of page is systemopc[.]xyz?

Systemopc[.]xyz is an untrustworthy page running the "McAfee - Your PC is infected with 5 viruses!" scam. Our team has discovered this site while inspecting other websites that use rogue advertising networks. The purpose of systemopc[.]xyz is to fraudulently promote legitimate software and receive permission to show notifications.

   
EmpireFocus Adware (Mac)

What is EmpireFocus?

EmpireFocus is a piece of rogue software that our research team found while inspecting new submissions to VirusTotal. After analyzing this app, we determined that it operates as adware and belongs to the AdLoad malware family.

   

Page 518 of 2106

<< Start < Prev 511 512 513 514 515 516 517 518 519 520 Next > End >>
About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal