Step-by-Step Malware Removal Instructions

Backshow Ransomware
Ransomware

Backshow Ransomware

Backshow is the name of ransomware that our malware researchers discovered while inspecting samples submitted to the VirusTotal. It encrypts files and appends the victim's ID, mail-backshow@my.com email address, and a random three-character extension to filenames. Also, it drops a ransom note (the

Buybackdate Ransomware
Ransomware

Buybackdate Ransomware

Buybackdate is a ransomware that our researchers found while checking out new submissions to VirusTotal. This malicious program belongs to the ZEPPELIN ransomware family. After we executed a sample of Buybackdate on our test system, it encrypted files and appended their names with a ".bbd2.[victi

Lifetimedesktopdefence.online Ads
Notification Spam

Lifetimedesktopdefence.online Ads

lifetimedesktopdefence[.]online is one of the deceptive websites designed to trick visitors into purchasing antivirus software. We examined this site and learned that it runs the "Norton Security - Your PC might be infected with viruses!" scam. Our team discovered lifetimedesktopdefence[.]online w

Werth Messtechnik Email Virus
Phishing/Scam

Werth Messtechnik Email Virus

After investigating this email, we found that it is written by cybercriminals who seek to trick recipients into infecting their computers. This email is disguised as a letter from the Werth company regarding payment confirmation. Threat actors use this email to lure recipients into opening a malic

Prestige Ransomware
Ransomware

Prestige Ransomware

Prestige is ransomware - malware that prevents victims from accessing (opening) their files by encrypting them. Additionally, Prestige appends the ".enc" extension to filenames and drops the "README" file containing a ransom note. An example of how this ransomware modifies filenames: it renames "1

Milipili.click Ads
Notification Spam

Milipili.click Ads

Our researchers discovered the milipili[.]click rogue page while inspecting suspect websites. It promotes deceptive content, pushes spam browser notifications, and redirects visitors to different (likely untrustworthy/malicious) sites. Most users enter milipili[.]click and similar websites via red

ActiveLink Adware (Mac)
Mac Virus

ActiveLink Adware (Mac)

ActiveLink is a rogue application that our research team found while checking out new submissions to VirusTotal. Our inspection of this app revealed that it is advertising-supported software (adware). Additionally, it is noteworthy that ActiveLink is part of the AdLoad malware family. Ad

Time-delta.xyz Ads
Notification Spam

Time-delta.xyz Ads

We examined time-delta[.]xyz and learned that it displays deceptive content to trick visitors into allowing it to show notifications. Also, it redirects visitors to other untrustworthy pages. We discovered time-delta[.]xyz while inspecting pages that use rogue advertising networks. Typically, user

SchoolBoys Ransomware
Ransomware

SchoolBoys Ransomware

SchoolBoys is the name of a ransomware-type program that encrypts files and demands payment for the decryption. It is based on the leaked LockBit 3.0 builder - hence, SchoolBoys is virtually identical to this ransomware. The findings of BleepingComputer's researchers revealed that the cyber crimi