Virus and Spyware Removal Guides, uninstall instructions

What is Gujd ransomware?

Gujd is part of the Djvu ransomware family. It encrypts files and appends the ".gujd" extension to their filenames. For example, Gujd renames a file named "1.jpg" to "1.jpg.gujd", "2.jpg" to "2.jpg.gujd", and so on. To provide instructions on how to contact the attackers (and other details), Gujd creates a ransom note (the "_readme.txt" file).

What is "CONGRATULATIONS, YOU ARE THE VISITOR NO. 1.000.000"?

"CONGRATULATIONS, YOU ARE THE VISITOR NO. 1.000.000" is a scam promoted on various deceptive websites. This scheme congratulates the users for being the millionth visitor to access the site. And as part of their weekly promotion, the user has been selected to win a prize.

The goal of this scam is to trick users into providing personal and sensitive information. Furthermore, it must be emphasized that even if users follow the instructions provided by the scheme - they will not receive any prizes or rewards.

Untrustworthy websites are rarely accessed intentionally. Most users enter them via mistyped URLs, redirects caused by untrustworthy sites, intrusive advertisements, or PUAs (Potentially Unwanted Applications) installed onto their systems.

What is "Anti-spam policy violation Email Scam"?

"Anti-spam policy violation Email Scam" is the name of a spam campaign - a large-scale operation during which thousands of deceptive emails are sent. These letters aim to promote a phishing website, which targets recipients' email accounts.

The scam emails make fake claims that the recipients' email accounts have been detected being in use for spam distribution. The letters try to trick recipients to log into their email accounts through a phishing site that is designed to record information (i.e., passwords) entered into it.

What is UpgradeFilter?

UpgradeFilter is a rogue application, categorized as adware. Additionally, this app has browser hijacker qualities. It operates by running intrusive advertisement campaigns and making modifications to browser settings - to cause redirects to fake search engines.

Hence, with the UpgradeFilter application installed, users encounter undesirable/harmful adverts and are constantly redirected to illegitimate web searcher addresses. Furthermore, most adware and browser hijackers spy on users' browsing activity.

Since most users download/install UpgradeFilter inadvertently, it is classified as a PUA (Potentially Unwanted Application). This app has been distributed via fake Flash Player updates. It is noteworthy that fraudulent updaters can spread PUAs and malware (e.g., trojans, ransomware, etc.).

What is myactualblog[.]com?

Myactualblog[.]com is an untrustworthy page designed to trick visitors into agreeing to receive notifications (display deceptive content) and open other dubious pages. Its functionality depends on the geolocation of its visitors. It is worth mentioning that users do not visit pages like myactualblog[.]com intentionally.

What is TopPDFSearch?

TopPDFSearch is a browser hijacker promoting the toppdfsearch.com fake search engine. This rogue browser extension operates by making modifications to browser settings. Hence, through these alterations - this piece of software causes redirects to toppdfsearch.com.

Additionally, TopPDFSearch has data tracking abilities, which are used to spy on users' browsing habits. Due to the questionable methods employed to distribute browser hijackers, they are also classified as PUAs (Potentially Unwanted Applications).

What is Fix PC?

Fix PC is advertised as a program that fixes Windows Registry and other problems to improve computer performance. There are many apps like Fix PC on the Internet, and most of them are promoted using questionable ways. For this reason, they are called potentially unwanted applications (PUAs).

What is LOWPRICE ransomware?

LOWPRICE is a malicious program belonging to the Phobos ransomware family. It operates by encrypting data and demanding payment for the decryption. In other words, this ransomware renders files unusable and demands a ransom to be paid for access recovery to the data.

During the encryption process, affected files are retitled according to this pattern: original filename, unique ID assigned to the victim, cyber criminals' ICQ messenger/VoIP (Voice over Internet Protocol) username, and the ".LOWPRICE" extension.

For example, a file initially named "1.jpg" would appear as something similar to "1.jpg.id[C279F237-3221].[ICQ_SAFEPLACE].LOWPRICE" - following encryption.

After the encryption process is complete, ransom notes are created/displayed in a pop-up window ("info.hta") and "info.txt" text file. These files are dropped onto the desktop.

What is Anime Freak?

As written in Anime Freak's description, this app is supposed to help users to search for anime. However, it is an adware-type application designed to generate advertisements. It is known that this application is promoted through a deceptive website. Therefore, Anime Freak can be categorized as a potentially unwanted application (PUA).

What is Caley?

Caley ransomware encrypts files with a strong encryption algorithm so that victims are unable to access them without specific decryption software (and/or keys). Caley belongs to the Phobos ransomware family and was discovered by GrujaRS. This malware renames encrypted files by adding a personal ID, email address, and the ".Caley" extension to filenames.

For example, "1.jpg" might become "1.jpg.id[1E857D00-2425].[xxxnxxx@cock.li].Caley". Instructions about how to decrypt files are provided in a text file named "info.txt" and a pop-up window.