Virus and Spyware Removal Guides, uninstall instructions

What is CGP ransomware?

CGP is the name of a malicious program designed to encrypt data and demand payment for the decryption. In other words, this malware renders affected files inaccessible/unusable, and victims are asked to pay - to recover access/use to their data.

During the encryption process, compromised files are appended with the ".CGP" extension. For example, a file originally named "1.jpg" would appear as "1jpg.CGP", and so on. Following the completion of this process, ransom notes are created/displayed in a pop-up "RESTORE_FILES_INFO.hta" and "RESTORE_FILES_INFO.txt" text file.

What kind of malware is XLoader?

XLoader is a piece of malicious software targeting Windows and Mac operating systems (not to be confused with Android OS targeting XLoader malware, discovered in 2019). This program is based on FormBook malware's code and shares many features with it. The primary functionality of XLoader is stealing information.

What is "Care Logistics email virus"?

"Care Logistics email virus" refers to a malware-proliferating spam campaign. This term defines a mass-scale operation during which thousands of deceptive emails are sent. The letters distributed through this campaign - are presented as payment-related messages from Care Logistics - a legitimate company.

It must be emphasized that these scam emails are in no way associated with this company, nor is any of the information provided by them - true. This spam campaign aims to infect recipients' devices with the Snake keylogger data-stealing malware.

What is Grej ransomware?

Grej is a malicious program belonging to the Dharma ransomware family. Systems infected with this malware have their data encrypted and receive ransom demands for the decryption. In other words, the files are rendered inaccessible, and victims are asked to pay - to recover access to their data.

During the encryption process, affected files are retitled following this pattern: original filename, unique ID assigned to the victim, cyber criminals' email address, and ".grej" extension. For example, a file like "1.jpg" would appear as something similar to "1.jpg.id-1E857D00.[grejkugulik@onionmail.org].grej" - after encryption. Once this process is completed, ransom notes are created in a pop-up window and "info.txt" text file.

What is Myday ransomware?

Belonging to the Dharma ransomware family, Myday is a malicious program designed to encrypt data and demand payment for the decryption. In other words, this malware locks files and asks victims to pay - to restore access to their data.

During the encryption process, files are retitled according to this pattern: original filename, unique ID assigned to the victim, cyber criminals' email address, and ".myday" extension. For example, a file named "1.jpg" would appear as something similar to "1.jpg.id-1E857D00.[everyday@dr.com].myday". Afterwards, ransom notes are created in a pop-up window and "FILES ENCRYPTED.txt" text file.

What is Army ransomware?

Army is a piece of malicious software belonging to the Xorist ransomware group. This malware operates by encrypting data and demanding payment for the decryption. In other words, the affected files are rendered inaccessible, and victims are asked to pay - to restore their data.

During the encryption process, the compromised files are appended with the ".army" extension. For example, a file originally named something like "1.jpg" would appear as "1.jpg.army", "2.jpg" as "2.jpg.army", and so on. Once this process is complete, a ransom note - "HOW TO DECRYPT FILES.txt" - is dropped onto the desktop.

What is watchvideoplayer[.]com?

Watchvideoplayer[.]com is a rogue site designed to load dubious content and/or redirect visitors to other webpages (likely unreliable or malicious ones). The Internet is rife with such websites; thehugejournal.com, darliament.space, and push-news.org - are but some examples.

Users typically enter rogue sites inadvertently. Most get redirected to them by suspicious pages, intrusive ads, or installed PUAs (Potentially Unwanted Applications). This software can cause redirects, run intrusive advertisement campaigns, and gather browsing-related data.

What is thehugejournal[.]com?

Thehugejournal[.]com is an untrustworthy webpage, which shares similarities with catests.space, boustahe.com, echanged.space, and many others. This site operates by presenting visitors with questionable content and/or redirecting them to various pages (likely unreliable or malicious ones).

Websites of this kind are seldom accessed intentionally. Most users get redirected to them by dubious sites, intrusive ads, or installed PUAs (Potentially Unwanted Applications). This software can be installed onto systems without express user consent and/or knowledge.

What is the catests[.]space website?

Catests[.]space is a rogue webpage sharing common traits with matrix-news.net, darliament.space, push-news.org, news-mosuka.cc, and countless others. This site is designed to load dubious content and/or redirect visitors to different websites (likely unreliable or malicious ones).

Users rarely access such pages intentionally; most get redirected to them by rogue sites, intrusive adverts, or installed PUAs (Potentially Unwanted Applications). These apps can infiltrate systems without user permission. PUAs operate by causing redirects, running intrusive advertisement campaigns, and collecting browsing-related data.

What is Imshifau ransomware?

Imshifau is a piece of malicious software classified as ransomware. Systems infected with this malware have their data encrypted (files rendered inaccessible/unusable), and victims are asked to pay a ransom for the decryption (access/use recovery).

The affected files are renamed with a random character string and the "Imshifau" extension during the encryption process. For example, a file initially titled "1.jpg" would appear as something similar to "Aya9hgIcKvAkVk.Imshifau". After this process is complete, a ransom note - "INFO OF DECRYPT.TXT" - is dropped onto the desktop.