Virus and Spyware Removal Guides, uninstall instructions

Aayu Ransomware

What kind of malware is Aayu?

While examining malware samples submitted to the VirusTotal page, we found ransomware called Aayu. We learned that Aayu is part of the Djvu ransomware. The purpose of ransomware is to encrypt files. In addition to encrypting files, Aayu renames them (it appends ".aayu" extension to filenames) and drops the "_readme.txt" file containing a ransom note.

An example of how Aayu renames files: it changes "1.jpg" to "1.jpg.aayu", "2.png" to "2.png.aayu", "3.exe" to "3.exe.aayu", and so forth.

   
Harly Malware (Android)

What is Harly malware?

Harly is a piece of malicious software targeting Android operating systems. It is a type of toll fraud malware designed to stealthily subscribe victims to various premium-rate services. Harly is proliferated under the guise of various useful and innocuous-looking applications.

   
Aabn Ransomware

What is Aabn ransomware?

While inspecting new malware submissions to VirusTotal, our research team discovered the Aabn ransomware. This malicious program is part of the Djvu ransomware family.

After we executed a sample of Aabn on our test machine, it encrypted files and altered their names. Original filenames were appended with the ".aabn" extension, e.g., a file titled "1.jpg" appeared as "1.jpg.aabn", "2.png" as "2.png.aabn", etc. Once this process was finished, a ransom-demanding message - "_readme.txt" - was created.

   
Aawt Ransomware

What kind of malware is Aawt?

Aawt is the name of ransomware belonging to the Djvu family that our team discovered while checking the VirusTotal page for recently submitted malware samples. It was found that Aawt not only encrypts files but also appends the ".aawt" extension to filenames and creates the "_readme.txt" file (a file containing a ransom note).

An example of how Aawt ransomware modifies filenames: it renames "1.jpg" to "1.jpg.aawt", "2.png" to "2.png.aawt", and so forth.

   
Duck Ransomware

What kind of malware is Duck?

Duck is ransomware that is part of the Phobos ransomware family. Our team discovered Duck while inspecting malware samples submitted to the VirusTotal page. We found that it encrypts files, appends the victim's ID, supprecovery@torguard.tg email address, and the ".duck" extension to filenames. It also generates two ransom notes: "info.hta" and "info.txt" files.

An example of how Duck ransomware modifies filenames: it renames "1.jpg" to "1.jpg.id[9ECFA84E-3316].[supprecovery@torguard.tg].duck", "2.png" to "2.png.id[9ECFA84E-3316].[supprecovery@torguard.tg].duck", and so forth.

   
Movie Database Adware

What kind of extension is "Movie Database"?

Our researchers discovered the Movie Database browser extension while investigating suspicious software-promoted websites. It is promoted as a quick-access tool to TMDB (The Move Database) - an online database for movies and TV shows. Having analyzed this extension, we determined that Movie Database operates as advertising-supported software (adware) instead.

   
EyeEase Adware

What kind of software is EyeEase?

After downloading and installing the EyeEase application, we learned that it has parameters of adware - it displays intrusive advertisements. Our team discovered EyeEase on a questionable (supposedly official) website. It is worth mentioning that most users download and install adware inadvertently.

   
VIRUS ALERT Ransomware

What is VIRUS ALERT ransomware?

Our research team discovered the VIRUS ALERT ransomware-type program while inspecting new submissions to VirusTotal. This malicious program is based on the Chaos ransomware.

We found two variants of VIRUS ALERT and tested them. Both versions appended the encrypted files with an extension consisting of four random characters. For example, one variant altered the "1.jpg" filename to "1.jpg.baha", "2.png" to "2.png.9iy", and the other variant renamed "1.jpg" to "1.jpg.paynow", etc.

Both VIRUS ALERT versions created ransom notes titled "read_it.txt". These malicious programs also changed the desktop wallpapers, which differed depending on the ransomware variant.

   
Markets Adware

What kind of software is Markets?

Markets is the name of an advertising-supported program we discovered after examining an ISO file downloaded from a deceptive page. We classified Markets as adware because it displays unwanted advertisements. We also found that this adware runs as "Markets tech Copyright © 2022" in the Task Manager.

   
CRPT Ransomware

What is CRPT ransomware?

During a routine inspection of new submissions to VirusTotal, our researchers discovered a ransomware called CRPT. We determined that this malicious program is part of the VoidCrypt ransomware family.

After we executed a sample of CRPT on our test machine, it encrypted files and altered their titles. Original filenames were appended with a unique ID, the cyber criminals' email address, and a ".CRPT" extension. For example, a file named "1.jpg" appeared as "1.jpg.(CW-OZ3980264517)(exploit1@mailfence.com).CRPT".

Once the encryption process had been completed, CRPT ransomware dropped a ransom-demanding message - "unlock-info.txt" - onto the desktop.

   

Page 10 of 1659

<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>
About PCrisk

PCrisk logo

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal