Virus and Spyware Removal Guides, uninstall instructions

Word Ransomware

What is Word ransomware?

Word is a malicious program belonging to the Dharma ransomware family. It operates by encrypting (locking) files (making them inaccessible to victims) in order to demand payment for decryption.

When Word ransomware encrypts data, all affected files are renamed following this pattern: original filename, unique ID assigned to the victim, cyber criminals' email address, and the ".word" extension. For example, a file originally named "1.jpg" would appear as something similar to "1.jpg.id-C279F237.[vm1iqzi@aol.com].word" following encryption.

After this process is complete, ransom-demand messages are created in a pop-up window and "FILES ENCRYPTED.txt" text file.

   
Ygkz Ransomware

What is Ygkz?

Ransomware is a type of malware that cyber criminals use to encrypt files and then demand payment to unlock and decrypt them. In summary, victims of ransomware attacks cannot access or use files unless they pay a ransom.

Usually, ransomware renames encrypted files and creates a ransom message. Ygkz renames files by appending the ".ygkz" extension to filenames. For example, it renames "1.jpg" to "1.jpg.ygkz", "2.jpg" to "2.jpg.ygkz", and so on. It also creates the "_readme.txt" file in all folders that contain encrypted data.

Note that this ransomware belongs to the family called Djvu.

   
Lcutterlyba.top Ads

What is lcutterlyba[.]top?

lcutterlyba[.]top and other pages of this kind are promoted through deceptive advertisements, rogue web pages, various unwanted apps, and so on. Users do not often visit them intentionally. Note that lcutterlyba[.]top and similar sites contain dubious content and promote other bogus websites.

More examples of other, similar sites are goodmode[.]biz, zvideo-live[.]com, and fypretailo[.]top. If a browser opens these web pages automatically, there is a high probability that potentially unwanted applications (PUAs) are installed on it.

   
Greemed.top Ads

What is the greemed[.]top website?

greemed[.]top is a dubious site, sharing many similarities with blackfr1dayz.com, goldeneraaudio.org, load28.biz, and countless others. Visitors to this website are presented with dubious content and/or are redirected to other untrusted/malicious pages.

The greemed[.]top web page is rarely accessed intentionally. In most cases, users are redirected to it by intrusive advertisements or Potentially Unwanted Applications (PUAs). This software does not require explicit consent to be installed onto systems, and thus users may be unaware of its presence.

   
Blackfr1dayz.com Ads

What is blackfr1dayz[.]com?

Typically, websites such as blackfr1dayz[.]com promote various untrusted websites and attempt to trick visitors into allowing them to show notifications.

Note that users do not often visit these pages intentionally - they are opened when they click dubious ads or visit other untrusted pages. Browsers also open bogus web pages by when potentially unwanted applications (PUAs) are installed on them.

There are many web pages similar to blackfr1dayz[.]com on the internet. Some examples are goldeneraaudio[.]org, load28[.]biz and goodmode[.]biz.

   
Captchatopsource.com Ads

What is captchatopsource[.]com?

The internet is rife with various untrusted and rogue websites, and captchatopsource[.]com is a prime example. It shares many similarities with continue-site.site, freshnewmessage.com, check-me.online, and thousands of others. Visitors to this page are presented with dubious material and are redirected to other bogus/malicious sites.

Most visits to such web pages occur via redirects caused by intrusive ads or Potentially Unwanted Applications (PUAs). Software within this classification does not require explicit permission to be installed onto systems, and thus users may be unaware of its presence on their devices.

   
Danielthai Ransomware

What is Danielthai ransomware?

Discovered by xiaopao, Danielthai is a malicious program and a new variant of RIP lmao ransomware. It is designed to encrypt data and demand ransoms for decryption. During the encryption process, files are appended with the ".locked" extension.

For example, a file originally named as something like "1.jpg" would appear as "1.jpg.locked", "2.jpg" as "2.jpg.locked", and so on. After this process is complete, ransom messages are created in a pop-up window and "___RECOVER__FILES__.locked.txt" text file.

   
Santa APP Browser Hijacker

What is Santa APP?

Generally, browser hijacking programs change browser settings to promote a specific address, usually a fake search engine. The Santa APP browser hijacker promotes the keysearchs.com address, but not by changing settings (see below). Other rogue apps also promote this address.

Santa APP can also read browsing histories and might access other information as well.

Browser hijackers are classified as potentially unwanted applications (PUAs), since users often download and install them unintentionally.

   
Banco De Espana Email Scam

What is the fake "Banco de Espana" email?

"Banco de Espana email scam" refers to a spam campaign. This term defines a mass-scale operation during which deceptive emails are sent by the thousand. The scam messages distributed through this campaign are disguised as deposit notifications from "Banco de Espana".

Note that these emails are in no way associated with the real Banco de España (Bank of Spain). The purpose of the deceptive emails is to promote a phishing/malicious website via link presented in them.

   
HelloKitty Ransomware

What kind of malware is HelloKitty?

Ransomware is a type of malware that encrypts files and demands a ransom to decrypt them. It targets both businesses and individuals. Typically, cyber criminals demand to be paid in Bitcoins or other cryptocurrencies, and ransomware victims cannot access or use files unless a ransom is paid.

HelloKitty ransomware targets businesses (companies), with one of the known victims being the Cyberpunk 2077 developer CD Project. This ransomware renames encrypted files and appends the ".crypted" extension to their filenames. For example, "1.jpg" is renamed to "1.jpg.crypted", "2.jpg" to "2.jpg.crypted", and so on.

HelloKitty also creates the "read_me_unlock.txt" file (ransom messages), which it drops among encrypted files (in all directories that contain encrypted data). The ransom message name and the text contained within it may change depending on the attacked victim (company).

   

Page 916 of 2106

<< Start < Prev 911 912 913 914 915 916 917 918 919 920 Next > End >>
About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal