Virus and Spyware Removal Guides, uninstall instructions

WANNACASH NCOV Ransomware

WANNACASH NCOV ransomware removal instructions

What is WANNACASH NCOV?

WANNACASH NCOV is a new variant of WannaCash ransomware, this variant was discovered by Alex Svirid. WANNACASH NCOV encrypts files, changes their filenames, changes desktop wallpaper, and creates a text file named "Как расшифровать файлы.txt". It renames encrypted files by using the "Файл зашифрован. Пиши. Почта clubnika@elude.in [number].WANNACASH NCOV v310320" pattern, the only variable in their names is the number after the email address.

   
AresLookup Adware (Mac)

How to remove AresLookup from Mac?

What is AresLookup?

AresLookup is an adware-type application that also posses browser hijacker traits. It delivers various intrusive advertisements, modifies browsers and promotes fake search engines. Due to its dubious proliferation methods, AresLookup is also categorized as a PUA (Potentially Unwanted Application). Most PUAs have data tracking abilities, which are employed to track users' browsing habits. This app has been proliferated using fake Adobe Flash Player updaters/installers; users should note that this is a common method for distributing not just PUAs but malware (e.g. ransomware, trojans, etc.) as well.

   
Calix Ransomware

Calix ransomware removal instructions

What is Calix?

Discovered by Huntress Labs, Calix is malicious software that belongs to the Phobos ransomware family. Calix is designed to encrypt victims' files and create the "info.txt" and "info.hta" files. The first is a ransom message within a text file, whilst the .hta file displays a message in a pop-up window when executed. Additionally, Calix renames all encrypted files by adding a string to the filenames. The string contains the victim's ID, email address, and the ".calix" extension. For example, "1.jpg" might become "1.jpg.id[1E857D00-2451].[painplain98@protonmail.com].calix". Updated variants of this ransomware use ".[costama@foxmail.com].calix" and ".[alexkop@cock.li].calix" extensions for encrypted files.

   
Rogue Ransomware

Rogue ransomware removal instructions

What is Rogue ransomware?

Based on Hidden Tear, Rogue ransomware was discovered by GrujaRS. As a rule, software of this type encrypts files (makes them inaccessible), renames them and creates and/or display a ransom note (or multiple notes). Rogue renames encrypted files by appending the ".rogue" extension to their filenames, for example, it renames "1.jpg" to "1.jpg.rogue", "2.jpg" to "2.jpg.rogue", and so on. Also, it changes victim's desktop wallpaper to a ransom note and creates another note, a text file named "READ_IT.txt".

   
Jest Ransomware

Jest ransomware removal instructions

What is Jest?

Discovered by Petrovic, Jest is a piece of malicious software, designed to encrypt data and demand payment for the decryption. It is a new variant of the FunFact ransomware. As Jest encrypts, all affected files are appended with the ".jest" extension. For example, a file like "1.jpg" would appear as "1.jpg.jest" - following encryption. After this process is complete, the desktop's wallpaper is changed, "note.ini" file is created (which has a desktop shortcut named "README - Decryption Note") and a pop-up window is displayed. The text presented in all three are ransom-demanding messages.

   
Mybestsecureus[.]com POP-UP Scam (Mac)

How to remove apps that open sites like mybestsecureus[.]com from Mac?

What is mybestsecureus[.]com?

Mybestsecureus[.]com is an address of a shady website advertising a potentially unwanted application (PUA) called VPN - Fast & Secure VPN Proxy. Typically, pages like mybestsecureus[.]com suggest that visitor's device is or may be at risk, infected with viruses, etc., and encourage to download, and install some application that supposed to fix or prevent problems. Either way, such pages should not be trusted (software should not be downloaded through or from them). It is common that sites like mybestsecureus[.]com get opened when users click unreliable ads, visit shady pages or have some PUA installed on a browser and/or operating system.

   
Makop Ransomware

Makop ransomware removal instructions

What is Makop?

Makop is a type of malware, categorized as ransomware. It operates by encrypting data of infected systems and demands payment for decryption tools/software. During the encryption process all affected files are retitled according to this pattern: original filename, unique ID, cyber criminals' email address and the ".makop extension. For example, a file named "1.jpg" would appear as something like "1.jpg.[EF7BE7BC].[makop@airmail.cc].makop", and so on. After this process is finished, a text file titled - "readme-warning.txt" is created on the desktop. Updated variants of this ransomware use ".[akzhq12@cock.li].makop", ".[data.compromised@protonmail.com].makop", ".[giantt1@protonmail.com].makop", ".[viginare@aol.com].makop", ".[verilerimialmakistiyorum@inbox.ru].makop", ".[moncler@cock.li].makop", ".[ww6666@protonmail.com].makop", ".[xaodecrypt@protonmail.com].makop", ".[cock89558@cock.li].makop", ".[prndssdnrp@mail.fr].makop", ".[MikeyMaus77@protomail.com].makop", ".[modeturbo@aol.com].makop", ".[buydecryptor@cock.li].makop" and ".[helpdesk_makp@protonmail.ch].makop" extensions for encrypted files.

   
WARNING! 36 infections found!!! POP-UP Scam

"WARNING! 36 infections found!!!" removal instructions

What is the "WARNING! 36 infections found!!!" scam?

"WARNING! 36 infections found!!!" is a technical support scam, promoted on various deceptive websites. The scheme states that the user's system has been infected with 36 viruses and urges them to call Microsoft tech support via the provided number. All these claims are false and are in no way connected to the actual Microsoft Corporation. Furthermore, no website can detect threats/issues present on a device; hence, any that make such claims - are scams. Usually deceptive/scam pages are accessed through redirects caused by intrusive ads or by PUAs (Potentially Unwanted Applications), already infiltrated into the system.

   
Fiaharam.net Ads

Fiaharam[.]net redirect removal instructions

What is fiaharam[.]net?

Fiaharam[.]net is functions like maroceffects[.]com, basenews7[.]com, topflownews[.]com and many other rogue pages. It either loads some shady content or opens other untrustworthy pages. Typically, pages like fiaharam[.]net get opened through other shady websites, deceptive advertisements and/or by installed potentially unwanted applications (PUAs). In other words, users do not open such sites intentionally. Research shows that fiaharam[.]net is being promoted by adf[.]ly, a URL shortening website. It does that by generating shortened links that lead users to fiaharam[.]net.

   
Ytoffline.net Ads

Ytoffline[.]net redirect removal instructions

What is ytoffline[.]net?

Ytoffline[.]net is presented as an offline YouTube video downloader. There are many pages if this type and most of them use rogue advertising networks, including ytoffline[.]net. Simply said, they contain shady advertisements and/or open various untrustworthy, potentially malicious pages. Another problem with a service that pages like ytoffline[.]net offer is that it is not legal to download videos from YouTube. Therefore, it is recommended not to visit, use this or any other similar page.

   

Page 7 of 952

<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>
Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal