Step-by-Step Malware Removal Instructions

Block_file12 Ransomware
Ransomware

Block_file12 Ransomware

Block_file12 is ransomware designed to encrypt files and append an email address and the ".block_file12" extension to filenames. An example of how Block_file12 renames filenames: it changes "1.jpg" to "1.jpg!===contact_mail===itankan12@gmail.com===.block_file12", "2.png" to "2.png!===contact_mail=

Ekipa RAT
Trojan

Ekipa RAT

Ekipa is the name of a Remote Administration Trojan (RAT) sold on a hacker forum for $4500. Threat actors use RATs to perform remote malicious activities on infected computers. Ekipa RAT can gather system information, manage files, and perform other tasks. It should be removed from the infected co

Cats Fanpage Browser Hijacker
Browser Hijacker

Cats Fanpage Browser Hijacker

After testing the Cats fanpage browser extension, we found that it is a browser hijacker designed to promote search.cats-fan.com - a fake search engine. Cats fanpage hijacks a web browser by changing some of its settings. Usually, browser hijackers are promoted in deceptive ways. Cats fanp

CyberBlock Adware
Adware

CyberBlock Adware

While examining CyberBlock browser extension, we found that it displays annoying advertisements. Also, it can read various data. Apps that show advertisements are categorized as adware. Usually, users download and install (or add) advertising-supported apps like CyberBlock inadvertently. C

Theva Ransomware
Ransomware

Theva Ransomware

Theva is ransomware that encrypts data and appends the sql772@aol.com email address and its extension (".theva") to filenames. Also, Theva changes the desktop wallpaper and drops a ransom note (the "#_README_#.inf" file). Our team discovered Theva while analyzing malware samples submitted to Virus

Znsm Ransomware
Ransomware

Znsm Ransomware

Znsm is ransomware that employs encryption to prevent victims from accessing their files. It belongs to a ransomware family known as Djvu. Our team discovered Znsm while analyzing malware samples submitted to VirusTotal. Djvu ransomware is often distributed along with information stealers like Vid

DHL - Your Parcel Delivery Arrived Today Email Scam
Phishing/Scam

DHL - Your Parcel Delivery Arrived Today Email Scam

We have examined this email and concluded that it is written by scammers who pretend to be DHL - a legitimate logistics company. The purpose of this scam email is to trick recipients into providing sensitive information. Emails of this type are called phishing emails. This fake DHL letter should b

Rans_recovery Ransomware
Ransomware

Rans_recovery Ransomware

Rans_recovery is ransomware that encrypts files to prevent victims from accessing them. Also, Rans_recovery appends the ".rans_recovery" extension to filenames, drops the "Recovery.txt" file containing a ransom note, and changes the desktop wallpaper. We discovered Rans_recovery while inspecting s

DefaultFormat Adware (Mac)
Mac Virus

DefaultFormat Adware (Mac)

While testing the DefaultFormat application, we noticed that various unwanted advertisements were coming from it. Apps that show ads are called advertising-supported applications. Typically, users download and install apps such as DefaultFormat inadvertently. We discovered DefaultFormat while in

Dokookamida.com Ads
Notification Spam

Dokookamida.com Ads

We have analyzed dokookamida[.]com and found that it uses a clickbait technique (shows a deceptive message) to trick visitors into allowing it to show notifications. Our team has discovered dokookamida[.]com while inspecting pages that use shady advertising networks. Typically, users open pages li