Virus and Spyware Removal Guides, uninstall instructions

Arch Ransomware

What is Arch?

In most cases, ransomware blocks access to files by encryption, renames affected files, and creates/displays ransom messages.

Arch renames files by adding a string of randomly-generated characters and numbers, the bobwhite@msgsafe.io email address, and appending the ".arch" extension. For example, "1.jpg" is renamed to "1.jpg.[9B83AE23].[bobwhite@msgsafe.io].arch", "2.jpg" to "2.jpg.[9B83AE23].[bobwhite@msgsafe.io].arch", and so on.

Arch also creates text files named "readme-warning.txt" (ransom messages) in all folders containing affected data.

This ransomware variant belongs to the Makop ransomware family.

   
Any Search Pro Browser Hijacker

What is Any Search Pro?

Any Search Pro is a browser hijacker promoting the tailsearch.com fake search engine. Software within this classification typically promotes bogus search engines by making modifications to browser settings, however, this browser hijacker does not actually modify browsers (see below).

Additionally, Any Search Pro monitors users' browsing habits and collects private, sensitive/personal information extracted from it. Due to the dubious techniques used to proliferate browser hijackers, they are also classified as Potentially Unwanted Applications (PUAs).

   
Freshannouncement.com Ads

What is freshannouncement[.]com?

There are many websites similar to freshannouncement[.]com on the web. Some examples are itscythera[.]com, load00[.]biz, and captcha-sourcecenter[.]com.

Users do not often visit these sites intentionally - they are opened by clicking deceptive advertisements, when visiting other dubious pages, or by potentially unwanted applications (PUAs) that users have inadvertently installed onto their browsers or computers.

If a browser opens freshannouncement[.]com automatically, it is likely that a PUA is installed.

   
Your Android Is Infected With (8) Adware Viruses! POP-UP Scam

What is the "Your Android is infected with (8) adware viruses!" scam?

"Your Android is infected with (8) adware viruses!" is a scam run on various deceptive websites. This scam primarily targets Android users, but it can be accessed via devices with different operating systems. As the scheme's name implies, it claims that users' devices are infected with adware.

Note that no web page can detect threats/issues present on visitors' systems, and all that claim to do so are scams. These schemes aim to promote untrusted software (e.g., fake anti-viruses, adware, browser hijackers, etc.).

At the time of research, "Your Android is infected with (8) adware viruses!" promoted the legitimate McAfee anti-virus, however, it is likely to promote other bogus/dubious products as well.

Typically, users access these deceptive sites through mistyped URLs, or redirects caused by intrusive ads or installed Potentially Unwanted Applications (PUAs).

   
Password Is About To Expire Today Email Scam

What is the "Password is about to expire today" email scam?

Phishing is a popular method for cyber criminals to deliver malicious software by encouraging recipients to open rogue attachments or website links. It is also a common method for scammers to extract personal information (e.g., credit card details, login credentials).

Cyber criminals generally disguise their phishing emails as official, important messages from legitimate companies or other entities. Never respond to emails of this kind and do not open links or files/attachments within them.

   
EasySearchConverter Browser Hijacker

What is EasySearchConverter?

EasySearchConverter is rogue software categorized as a browser hijacker. It operates by making modifications to browser settings to promote fake search engines. Most browser hijackers monitor users' browsing activity, and EasySearchConverter is also likely to have these data tracking capabilities.

Due to the dubious distribution methods used to proliferate browser hijackers, they are also classified as Potentially Unwanted Applications (PUAs).

   
C0der_HACK Ransomware

What is C0der_HACK?

Belonging to the Xorist ransomware family, C0der_HACK is a malicious program. This malware encrypts the data stored on infected systems in order to demand payment for decryption. I.e., victims receive ransom demands to recover access to their files.

During the encryption process, affected files are appended with the ".C0der_HACK" extension. For example, a file originally named something like "1.jpg" would appear as "1.jpg.C0der_HACK", "2.jpg" as "2.jpg.C0der_HACK", and so on.

Following the completion of this process, identical ransom messages are created in a pop-up window and text files (with gibberish filenames), which are dropped into compromised folders.

   
Itscythera.com Ads

What is itscythera[.]com?

The internet is full of dubious and harmful sites, including itscythera[.]com.

Load00.bizcaptcha-sourcecenter.com, and yourcommonfeed.com are some examples of similar websites. Visitors to these web pages are presented with dubious content and are often redirected to other untrusted/malicious sites.

Typically, users enter these web pages inadvertently - most are redirected to them by intrusive advertisements or installed Potentially Unwanted Applications (PUAs). This software does not need explicit permission to infiltrate systems, and thus users may be unaware of its presence.

PUAs have dangerous capabilities, including causing redirects, running intrusive ad campaigns, and collecting browsing-related information.

   
Black Kingdom Ransomware

What is the Black Kingdom ransomware?

Black Kingdom, also known as GAmmAWare, is a malicious program classified as ransomware. Systems infected with this malware experience data encryption and users receive ransom demands for decryption tools.

When Black Kingdom encrypts, the filenames of affected files are appended with the ".DEMON" extension. For example, a file originally named something like "1.jpg" would appear as "1.jpg.DEMON" following encryption.

Once this process is complete, a ransom message is created in a full-screen pop-up window and within "README.txt" text files, which are dropped into compromised folders.

   
Gopher Ransomware

What is Gopher?

Gopher is malicious software that infects computers (encrypts files) and displays messages demanding fees to be paid to regain access to computers/files. It encrypts and renames files, displays a pop-up window ("Restore Your Files.exe"), and changes the desktop wallpaper.

Gopher renames files by appending the ".gopher" extension to filenames. For example, "1.jpg" is renamed to "1.jpg.gopher", "2.jpg" to "2.jpg.gopher", and so on.

Note that this ransomware variant was discovered by S!Ri.

   

Page 890 of 2106

<< Start < Prev 881 882 883 884 885 886 887 888 889 890 Next > End >>
About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal