Virus and Spyware Removal Guides, uninstall instructions

What is amazing-dating[.]com?

Websites such as amazing-dating[.]com are commonly promoted via potentially unwanted applications (PUAs), which most users download and install on their browsers and/or computers inadvertently. I.e., they do not visit these bogus pages intentionally.

More examples of similar websites designed for the same purpose are webquizspot[.]com, enhesita[.]online and dozki[.]pro.

What is Gac?

Gac was discovered by Jakub Kroustek and belongs to the Dharma ransomware family. Gac renames encrypted files by adding the victim's ID, the getacrypt@tuta.io email address, and appending the ".gac" extension to filenames.

For example, "1.jpg" is renamed to "1.jpg.id-1E857D00.[getacrypt@tuta.io].gac", "2.jpg" to "2.jpg.id-1E857D00.[getacrypt@tuta.io].gac", and so on. Gac also displays a pop-up window and creates the "FILES ENCRYPTED.txt" text file, both of which are the ransom messages.

What is Cyberpunk 2077 virus?

Cyberpunk 2077 is a 2020 action role-playing video game, one of the most anticipated games of the year that was released on 10 December 2020. Cyber criminals commonly exploit the popularity of games to distribute malware, and Cyberpunk 2077 is no exception.

In this particular case, cyber criminals promote supposedly pirated versions of the Cyberpunk 2077 game. These 'cracked' versions are bundled with Raccoon stealer, which is Trojan-type malware.

What is aldiscret[.]online?

Web pages such as aldiscret[.]online are usually opened by browsers automatically - when they have potentially unwanted applications (PUAs) installed on them. I.e., users do not often visit these bogus sites intentionally, and neither do they install (or even download) PUAs intentionally.

There are many pages similar to aldiscret[.]online on the web. Some examples are dozki[.]pro, webquizspot[.]com and enhesita[.]online.

What is directsearchapp.com?

directsearchapp.com is a fake search engine which appears in browser settings after installation of a browser hijacker (browser hijacking extension). Commonly, apps of this type collect browsing-related and other information.

In most cases, users download and install browser hijackers inadvertently and, for this reason, they are categorized as potentially unwanted applications (PUAs).

What is CoderWare?

CoderWare (also known as BlackKingdom) is designed to encrypt victims' files, modify their filenames, and generate ransom messages. It renames encrypted files by appending ".DEMON" as the file extension. For example, "1.jpg" is renamed to "1.jpg.DEMON", "2.jpg" to "2.jpg.DEMON", and so on.

CoderWare is designed to display a pop-up window and create the "README.txt" text file, which contains instructions about how to pay the ransom, contact the developers, etc.

What is Omfl?

Omfl encrypts victims' files and renames each encrypted file by appending the ".omfl" extension to filenames. For example, "1.jpg" is renamed to "1.jpg.omfl", "2.jpg" to "2.jpg.omfl", and so on. Omfl also creates the "_readme.txt" text file (a ransom message) in each folder that contains encrypted files. This ransomware belongs to the family of ransomware called Djvu.

What is 21btc ransomware?

21btc is a malicious program belonging to the Dharma ransomware family. It is designed to encrypt data and demand payment for decryption. During the encryption process, all affected files are renamed following this pattern: original filename, unique ID assigned to the victims, cyber criminals' email address and the ".21btc" extension.

For example, a file named "1.jpg" would appear as something similar to "1.jpg.id-C279F237.[21btc@cock.li].21btc" after encryption. Once this process is complete, ransom-demand messages are created in a pop-up window and "FILES ENCRYPTED.txt" text file.

What is webquizspot[.]com?

Web pages such as webquizspot[.]com are promoted by potentially unwanted applications (PUAs), which people install on their computers/browsers inadvertently. I.e., they do not often visit these sites intentionally.

There are many websites that are similar to webquizspot[.]com including, for example, enhesita[.]online, npolicito[.]online, and roboverify[.]xyz.

What is VIAM ransomware?

VIAM is malicious software categorized as ransomware. Systems infected with this malware experience data encryption and users receive ransom demands for decryption tools. I.e., VIAM locks files, making them inaccessible and redundant to users.

During the encryption process, files are appended with the ".viamwasted" extension. For example, a file originally named "1.jpg" would appear as "1.jpg.viamwasted", "2.jpg" as "2.jpg.viamwasted", "3.jpg" as "3.jpg.viamwasted", and so on.

After this process is complete, ransom messages are created for each affected file, with their original names included in the associated filenames (e.g. "1.jpg.viamwasted_info"). The message contained in each of these files is identical.