Virus and Spyware Removal Guides, uninstall instructions

What is LeadingLibrary?

LeadingLibrary is a rogue application classified as adware and also with browser hijacker characteristics. It operates by running intrusive advertisement campaigns and making modifications to browser settings to promote fake search engines. In addition, most software of this type (adware and browser hijackers) collects browsing-related information.

Due to the dubious techniques used to proliferate LeadingLibrary, it is also classified as a Potentially Unwanted Application (PUA).

What is AdminLink?

The AdminLink application generates revenue for its developers by deploying advertisements, promoting a fake search engine, and collecting private, sensitive information. In this way, AdminLink functions as adware, a browser hijacker, and data collector.

Commonly, users download and install apps such as AdminLink unintentionally and, for this reason, they are classified as potentially unwanted applications (PUAs).

What is NIGG3R ransomware?

NIGG3R is a malicious program, which belongs to the Xorist ransomware family. Devices infected with this malware have their data encrypted and users receive ransom demands for decryption. During the encryption process, all affected files are appended with the ".NIGG3R" extension.

To elaborate on how a file would appear following encryption, a filename originally named something like "1.jpg" would appear as "1.jpg.NIGG3R", "2.jpg" as "2.jpg.NIGG3R", and so on. After this process is complete, ransom-demand messages are created in a pop-up window and "HOW TO DECRYPT FILES.txt" files, which are dropped into compromised folders.

What is Jfwztiwpmqq?

Jfwztiwpmqq belongs to the Snatch ransomware family. It is designed to encrypt files, rename each compromised file, and create a ransom message. Jfwztiwpmqq renames files by appending the ".jfwztiwpmqq" extension to filenames. For example, "1.jpg" is renamed to "1.jpg.jfwztiwpmqq", "2.jpg" to "2.jpg.jfwztiwpmqq", and so on.

It also creates a ransom message within the "HOW TO RESTORE YOUR FILES.TXT" file, placing copies in each folder that contain encrypted files.

What is Movie Finder?

Movie Finder is rogue software endorsed as a tool for easy access to content relating to film (e.g. best and trending movies, film titles, etc.). Movie Finder features supposedly include quick search options of the Internet Movie Database (IMDb), film/TV, home video, video game, streaming content database, and the Rotten Tomatoes film and TV review-aggregation website.

Following successful infiltration, Movie Finder runs intrusive advertisement campaigns and, due to this, is classified as adware. Additionally, Movie Finder monitors users' browsing activity. Since most users download/install adware inadvertently, these programs are also classified as Potentially Unwanted Applications (PUAs).

What is MegaSource?

Adware usually generates advertisements, however, MegaSource is classified as adware and also as a browser hijacker, and therefore promotes a fake search engine address. In most cases, users download and install adware-type apps and browser hijackers inadvertently.

For this reason, apps such as MegaSource are categorized as potentially unwanted applications (PUAs). Note that it is likely that MegaSource also collects browsing data and other information.

What is the "Request For Payment" email?

"Request For Payment email virus" refers to a spam campaign designed to proliferate malware. The term "spam campaign" defines a large-scale operation, during which thousands of deceptive/scam emails are sent. The "Request For Payment" messages attempt to trick recipients into opening the attached dangerous file by stating that it is an important payment invoice.

If the malicious file is opened, the infection process (i.e. download/installation) of Agent Tesla Remote Access Trojan (RAT) is initiated. RATs operate by enabling stealthy remote access and control over an infected machine. This type of malware can have a wide variety of dangerous functionality and poses a significant threat to device/user safety.

What is NIGGERWARE?

NIGGERWARE is was discovered by xiaopao. In most cases, ransomware encrypts files, renames them, and generates ransom messages. NIGGERWARE has this behavior, however, it does not modify the names of encrypted files. It provides instructions about how to contact the developers for payment information within a pop-up window that appears after installation.

What is Snopy ransomware?

Snopy is malicious software belonging to the Xorist ransomware family. Systems infected with this malware have their data encrypted and users receive ransom demands for decryption tools. During the encryption process, files are appended with the ".snopy" extension.

For example, a file originally named something like "1.jpg" would appear as "1.jpg.snopy", "2.jpg" as "2.jpg.snopy", "3.jpg" as "3.jpg.snopy", and so on. Following the completion of this process, a ransom message within the "HOW TO DECRYPT FILES.txt" text file is created.

What is Greedyf*ckers?

Greedyf*ckers ransomware belongs to the Xorist ransomware family. It encrypts files, modifies their filenames, changes the desktop wallpaper, creates the "HOW TO DECRYPT FILES.txt" text file, and displays a pop-up window.

Greedyf*ckers renames files by appending the ".greedyf*ckers" extension. For example, "1.jpg" is renamed to "1.jpg.greedyf*ckers", "2.jpg" to "2.jpg.greedyf*ckers", and so on.

The desktop wallpaper, pop-up window, and "HOW TO DECRYPT FILES.txt" text file (stored in all folders that contain encrypted files), contain instructions about how to contact the ransomware developers.