Virus and Spyware Removal Guides, uninstall instructions

What is Fhgdrzxis?

Typically, ransomware encrypts files so that victims could not use or access them unless they pay a ransom. Also, malware of this type modifies filenames (in most cases) and creates or displays its ransom note.

Fhgdrzxis belongs to the Snatch ransomware family. It modifies filenames by appending ".fhgdrzxis" as the extension. For instance, it renames a file named "1.jpg" to "1.jpg.fhgdrzxis", "2.jpg" to "2.jpg.fhgdrzxis", and so on.

This ransomware creates its ransom note (the "HOW TO RESTORE YOUR FILES.TXT" file) in all folders that contain files encrypted by it.

What is Yajoza ransomware?

Belonging to the VoidCrypt ransomware family, Yajoza is a malicious program designed to encrypt data and demand payment for the decryption. In other words, this ransomware renders victims' files inaccessible and demands a ransom to be paid - for data access/use recovery.

During the encryption process, files are renamed following this pattern: original filename, cyber criminals' email address, unique ID assigned to the victim, and the ".yajoza" extension.

For example, a file initially titled "1.jpg" would appear as something similar to "1.jpg.[golpayagob@gmail.com][MJ-SL2318095674].yajoza" - following encryption. After this process is complete, ransom notes - "Decrypt-me.txt" - are dropped into compromised folders.

What is the ne01[.]biz website?

Ne01[.]biz, ne02[.]biz, ne03[.]biz, ne04[.]biz, and many other variants - are the URLs of rogue sites. These pages operate by presenting visitors with questionable content and/or redirecting them to untrustworthy/malicious websites.

Users typically access such sites inadvertently; most get redirected to them by intrusive advertisements or installed PUAs (Potentially Unwanted Applications). These apps can be installed onto systems without user permission.

PUAs are designed to cause redirects, deliver intrusive advertisement campaigns, and gather browsing-related data. It is worth noting that the Internet is rife with rogue websites; lib2.biz, kakstitotako.com, special-update.online - are but a few examples.

What is the lib2[.]biz site?

Lib2[.]biz (and lib1[.]biz, lib3[.]biz, lib4[.]biz, etc.) is a rogue website. It is designed to present visitors with dubious content and/or redirect them to untrustworthy and possibly malicious pages.

Users seldom access rogue sites intentionally; most get redirected to them by intrusive advertisements or PUAs (Potentially Unwanted Applications) already installed onto their devices. This software can infiltrate systems without user consent.

PUAs operate by causing redirects, delivering intrusive advert campaigns, and collecting browsing-related information. The Internet is full of websites like lib2[.]biz; kakstitotako.com, makeklick.biz, ltheyearr.online - are just some examples.

What is jagmocutiong[.]com?

Jagmocutiong[.]com is a deceptive site designed to run scams. At the time of research, the page promoted a scheme primarily targeting iPhone users, yet it might be entered via different Apple devices as well.

This scheme claims that users' private information has been accessed and is being exfiltrated by third-parties. It must be emphasized that no website can detect threats or issues present on visitors' devices; hence, any that make such statements - are scams.

Jagmocutiong[.]com and other webpages of this kind aim to trick users into downloading/installing and/or purchasing their endorsed products. Typically, these schemes promote various PUAs - Potentially Unwanted Applications (e.g., fake anti-viruses, adware, browser hijackers, etc.).

It is noteworthy that some scams that use this model proliferate trojans, ransomware, and other malware.

What is ProManagerRecord?

ProManagerRecord is a rogue application classified as adware. Additionally, it has browser hijacker traits. Hence, following successful installation, this piece of software delivers intrusive advertisement campaigns and promotes fake search engines - by making alterations to browser settings.

Most adware and browser hijackers collect browsing-related information, and ProManagerRecord likely has such data tracking abilities as well.

Due to the questionable methods used to proliferate ProManagerRecord, it is categorized as a PUA (Potentially Unwanted Application). This app has been noted being spread via fake Adobe Flash Player updates.

What is kakstitotako[.]com?

Kakstitotako[.]com is a rogue website sharing similarities with herelations.fun, express-news.me, checkrobotics.com, and many others. This page is designed to present visitors with questionable content and/or redirect them to untrustworthy/malicious sites.

Users rarely enter such webpages intentionally; most get redirected to them by intrusive adverts or installed PUAs (Potentially Unwanted Applications). These apps can stealthily infiltrate systems and subsequently cause redirects, deliver intrusive advertisement campaigns, and collect private data.

What is LegionLocker 3.0?

LegionLocker 3.0 is a new variant of the LegionLocker ransomware. Systems infected with this malware experience data encryption (it renders stored files inaccessible, and victims are asked to pay for the decryption.

As LegionLocker 3.0 encrypts, affected files are appended with the ".LGNLCKD" extension. For example, a file initially named something like "1.jpg" would appear as "1.jpg.LGNLCKD" - following encryption.

After this process is finished, ransom notes titled "LegionReadMe.txt" are dropped into compromised folders.

What is DigitalPDFConverterSearch?

DigitalPDFConverterSearch is a browser hijacker promoting the digitalpdfconvertersearch.com fake search engine. This software promotes its web searchers by making modifications to browser settings.

Additionally, it is highly likely that DigitalPDFConverterSearch has data tracking abilities designed to extract browsing-related and other sensitive information. Due to the questionable techniques used to distribute browser hijackers, they are also considered to be PUAs (Potentially Unwanted Applications).

What is Pcqq?

Ransomware is a type of malware monetized by getting paid for a decryption software or key. It encrypts files and keeps them inaccessible until victims decrypt them with a tool purchased from the attackers.

Pcqq ransomware belongs to the ransomware family called Djvu. It encrypts files and appends the ".pcqq" extension to their filenames.

For example, it renames a file named "1.jpg" to "1.jpg.pcqq", "2.jpg" to "2.jpg.pcqq", and so on. Like most ransomware variants, Pcqq generates a ransom note - it creates the "_readme.txt" file.