Virus and Spyware Removal Guides, uninstall instructions

Mmpa Ransomware

Mmpa ransomware removal instructions

What is Mmpa?

Mmpa belongs to the ransomware family which is called Djvu. It encrypts victim's files, renames them by appending its extension and drops a ransom note in all folders that have encrypted files in them. Mmpa appends the ".mmpa" extension to the filenames, for example, it renames a file named "1.jpg" to "1.jpg.mmpa", "2.jpg" to "2.jpg.mmpa", and so on. Instructions on how to contact its developers, price of a decryption tools and some other details are provided in "_readme.txt" text files (ransom notes).

PDFt Search Browser Hijacker

PDFt Search browser hijacker removal instructions

What is PDFt Search?

PDFt Search is a piece of rogue software, classified as a browser hijacker. Following successful installation, it makes modifications to browser settings in order to promote - a fake search engine. Additionally, PDFt Search add the "Managed by your organization" feature to Google Chrome browsers. Most browser hijackers spy on users' browsing activity and PDFt Search is not an exception to this. Due to the questionable techniques used to distribute PDFt Search, it is also considered to be a PUA (Potentially Unwanted Application).

See_read_me Ransomware

See_read_me ransomware removal instructions

What is See_read_me?

See_read_me is the name of a new variant of the Adhubllka ransomware, this variant is discovered by xiaopao. It encrypts files, modifies their filenames and creates a ransom note. See_read_me renames files by appending the ".see_read_me" extension to their filenames, it means that it renames a file named "1.jpg" to "1.jpg.see_read_me", "2.jpg" to "2.jpg.see_read_me", etc. Instructions on how to contact its developers can be found in the "Read_Me.txt" text file which See_read_me drops in all folders that contain encrypted files. Ads

Cpmlink[.]net redirect removal instructions

What is cpmlink[.]net?

Cpmlink[.]net is an untrustworthy website, offering URL (website address) shortening services. This site uses rogue advertising networks. Hence, visitors to cpmlink[.]net can be presented with unreliable and questionable advertisements, as well as redirected to other dubious and even malicious sites. Both such adverts and untrustworthy websites pose a significant threat to device and user safety. Therefore, it is strongly advised against visiting and/or using cpmlink[.]net.

BTC Giveaway Scam

Removal guide for apps that promote BTC giveaway scam

What is BTC giveaway scam?

There are scams on the Internet where people are offered to send certain amount of Bitcoin to the provided wallet or via QR code and promised to get back twice as much cryptocurrency they sent. Although, people who trust such scams receive nothing in return and simply lose the amount of cryptocurrency they sent. This giveaway scam is no different. It is promoted via YouTube and on a certain website. It is very likely that it is promoted via adware too.

404 Keylogger

404 Keylogger virus removal guide

What is 404 Keylogger?

404 Keylogger is software designed to record key strokes, recover account passwords and otherwise monitor users' activity. 404 Keylogger is promoted as a legitimate tool for various businesses and for companies to track client/customer activity (with consent) and an "educational" tool to aid learning about keyloggers. Note that this type of software is very popular amongst cyber criminals. Certain promoted features such as anti-detection and anti-analysis capabilities are suspicious and suggest that 404 Keylogger is also intended for malicious use.

RAGNAROK (.thor) Ransomware

RAGNAROK (.thor) ransomware removal instructions

What is RAGNAROK (.thor)?

RAGNAROK (.thor) is the new variant of the Ragnarok ransomware. Systems infected with this malware experience data encryption and receive ransom demands for the decryption. During the encryption process, all of the affected files are appended with a random character string and the ".thor" extension. For example, a file originally named "1.jpg" would appear as something similar to "1.jpg.E6FBF.thor" - following encryption. After this process is complete, ransom notes - "!!Read_me_How_To_Recover_My_Files.html" - are dropped into compromised folders.

Default Search Browser Hijacker

Default Search browser hijacker removal instructions

What is Default Search?

Default Search is designed to hijack web browsers by modifying some of their settings (by changing them to In other words, it is designed to promote a fake search engine. If installed on Google Chrome, Default Search adds the "Managed by your organization" feature as well. Additionally, this browser hijacker is designed to collect certain data. I it is common that users download and install apps like Default Search unknowingly, therefore, they are called potentially unwanted applications (PUAs).

Memorama Hack Scam

Removal instructions for apps that promote Memorama hack scam

What is Memorama hack scam?

Memorama is the name of a game which is designed for people who are willing to improve their memorization skills. It has an in-game currency called Cristales, a certain amount of this currency can be purchased using the Memorama's in-app purchasing feature. Although, there are various websites offering to generate Cristales for free. This particular website supposedly functions as the Memorama Online Generator. It is a deceptive website designed by scammers who attempt to trick visitors into providing various personal information.

MarketService Adware (Mac)

How to remove MarketService adware from Mac?

What is MarketService?

MarketService is an adware-type application with browser hijacker traits. Following successful installation, it delivers intrusive advertisement campaigns, makes modifications to browser settings and promotes fake search engines. MarketService promotes on Safari browsers and - on Google Chrome browsers. Additionally, most adware-types and browser hijackers have data tracking abilities, which are used to spy on users' browsing activity. Due to the dubious techniques used to distribute MarketService, it is also considered to be a PUA (Potentially Unwanted Application). One of the questionable methods used for this app is proliferation via fake Adobe Flash Player updates. Furthermore, it is noteworthy that illegitimate software updaters/installers spread not only PUAs but trojans, ransomware and other malware as well.


Page 9 of 1113

<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>
Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal