Virus and Spyware Removal Guides, uninstall instructions

What is MosaicLoader?

MosaicLoader is a loader/backdoor type malicious program. It is designed to open a "backdoor" for other malware. To put it another way, MosaicLoader can download/install additional malicious software. Furthermore, it can infect devices with any malware; hence, the threats posed by it are especially broad.

MosaicLoader has been noted infecting systems with the Glupteba trojan, XMRIG cryptominer, and AsyncRAT (Remote Access Trojan). It has also been observed being actively spread via paid advertisements luring victims who search for illegal software activation ("cracking") tools.

What is Desifrujmujpocitac2021 ransomware?

Desifrujmujpocitac2021 is a ransomware-type malicious program. This malware is designed to encrypt data and demand ransoms for the decryption. In other words, it renders files inaccessible, and asks victims to pay - to recover access to their data.

During the encryption process, affected files are appended with a random extension. For example, a file like "1.jpg" would appear as something similar to "1.jpg.i7g5", "2.jpg" as "2.jpg.x335", "3.jpg" as "3.jpg.7t04", and so forth. After this process is complete, a ransom note - "read_it.txt" - is dropped onto the desktop.

What is Moqs ransomware?

Moqs is a malicious program belonging to the Djvu ransomware family. It is designed to encrypt data and demand ransoms for the decryption. In other words, this ransomware renders files inaccessible, and victims are asked for payment - to recover access to their data.

During the encryption process, affected files are appended with the ".moqs" extension. For example, a file initially named something like "1.jpg" would appear as "1.jpg.moqs", "2.jpg" as "2.jpg.moqs", "3.jpg" as "3.jpg.moqs", and so forth. After this process is complete, a ransom note is created in a text file titled "_readme.txt".

What is Haron ransomware?

Similar to Avaddon and based on Thanos, Haron is a piece of malicious software classified as ransomware. It is designed to encrypt data (render files inaccessible/unusable) and demand payment for the decryption (access/use recovery). During the encryption process, affected files are retitled.

Since Haron is a targeted ransomware, it adds an extension to files according to the company name. The first victim was the CHADDAD Group; hence, the extension files are appended with is ".chaddad". For example, a file originally titled "1.jpg" would appear as "1.jpg.chaddad", "2.jpg" and "2.jpg.chaddad", and so on.

After this process is complete, identical ransom notes are created in "RESTORE_FILES_INFO.txt" and "RESTORE_FILES_INFO.hta" files, which are dropped onto the desktop.

What is Queclink ransomware?

Queclink is a ransomware-type program designed to encrypt data (render files inaccessible) and demand payment for the decryption (access recovery). During the encryption process, files are appended with the ".queclink" extension. For example, a file initially named something similar to "1.jpg" would appear as "1.jpg.queclink", and so forth.

After this process is complete, ransom notes are created in a pop-up ("RESTORE_FILES_INFO.hta") and "RESTORE_FILES_INFO.txt" text file. Queclink also creates a file titled according to infected machine's username (e.g., "TOMASMESKAUFFFE_1E857D00BFEBFBFF000A0655.txt"). All of these files are dropped onto the desktop.

What is the darliament[.]space site?

Sharing many similarities with echanged.space, matrix-news.net, hisurnhuh.com, and thousands of others, darliament[.]space is a rogue website. It operates by presenting visitors with dubious material and/or redirecting them to different sites (likely, unreliable or malicious ones).

Users typically access these websites unintentionally; most get redirected to them by rogue webpages, intrusive advertisements, or installed PUAs (Potentially Unwanted Applications). These apps can infiltrate systems without explicit permission.

What is the echanged[.]space site?

Echanged[.]space is a rogue website, sharing many similarities with matrix-news.net, push-news.org, news-mosuka.cc, and thousands of others. This page is designed to load questionable content and/or redirect visitors to different sites (likely, unreliable/malicious ones).

These websites are usually accessed unintentionally; most users get redirected to them by rogue pages, intrusive adverts, or installed PUAs (Potentially Unwanted Applications). This software can infiltrate devices without user permission; hence, users may be unaware of its presence.

What is "Wage Increase email scam"?

"Wage Increase email scam" is the name of a spam campaign - a mass-scale operation during which thousands of deceptive emails are sent. The scam emails sent through this campaign - notify recipients of a change within the payment structure and a supposed wage increase.

The aim of this spam mail is to promote a phishing website, which targets email account log-in credentials (i.e., email addresses and corresponding passwords). The promoted site uses Google APIs - a legitimate service for improving web and app functionalities.

What is DECcenter?

DECcenter ransomware is part of the VoidCrypt family. As a rule, cybercriminals behind malware of this type use it to encrypt victim's files and demand a ransom payment in return for data decryption. Like most ransomware variants, DECcenter creates a ransom note, the "Decrypt-info.txt" text file.

Also, this ransomware renames files by appending the decryptioncenter2016@gmail.com email address, random characters, and the ".DECcenter" file extension. For example, DECcenter renames "1.jpg" to "1.jpg.[Decryptioncenter2016@gmail.com][MJ-IM0518673942].DECcenter", "2.jpg" to "2.jpg.[Decryptioncenter2016@gmail.com][MJ-IM0518673942].DECcenter", etc.

What is matrix-news[.]net?

Similar to news-mosuka.cc, serch, boustahe.com, fewergkit.com, loloclicks.biz, and thousands of others, matrix-news[.]net is a rogue webpage. It is designed to load dubious material and/or redirect visitors to different sites (likely, unreliable or malicious ones).

Users typically access such websites unintentionally. Most get redirected to them by rogue pages, intrusive ads, or installed PUAs (Potentially Unwanted Applications). These apps can cause redirects, run intrusive advertisement campaigns, and collect browsing-related data.