Virus and Spyware Removal Guides, uninstall instructions

What is Greedyf*ckers?

Greedyf*ckers ransomware belongs to the Xorist ransomware family. It encrypts files, modifies their filenames, changes the desktop wallpaper, creates the "HOW TO DECRYPT FILES.txt" text file, and displays a pop-up window.

Greedyf*ckers renames files by appending the ".greedyf*ckers" extension. For example, "1.jpg" is renamed to "1.jpg.greedyf*ckers", "2.jpg" to "2.jpg.greedyf*ckers", and so on.

The desktop wallpaper, pop-up window, and "HOW TO DECRYPT FILES.txt" text file (stored in all folders that contain encrypted files), contain instructions about how to contact the ransomware developers.

What is MicroLookup?

Typically, users do not download or install adware intentionally and, for this reason, MicroLookup and other adware-type apps are categorized as potentially unwanted applications (PUAs). MicroLookup is distributed via a deceptive installer designed to appear similar to the installer for Adobe Flash Player.

This app generates advertisements and modifies browser settings, functioning both as an advertising-supported app and a browser hijacker. Note that these apps often collect browsing-related and other information.

What is Bioawards (Scarab) ransomware?

Bioawards is a malicious program, which is part of the Scarab ransomware family. It is designed to encrypt data and demand payment for decryption. During the encryption process, all affected files are renamed with a random character string and appended with the ".Bioawards" extension.

For example, a file originally named "1.jpg" would appear as something similar to "0QaYDVwrbPn4E4.Bioawards" following encryption. Once this process is complete, text files named "DECRYPT FILES.TXT" are dropped into compromised folders. These files contain identical ransom-demand messages.

What is HD Video Player?

HD Video Player software is often bundled with various untrusted and even harmful applications. The term "bundling" refers to a deceptive marketing technique of packing regular programs with unwanted or malicious additions.

Due to the dubious methods used to proliferate HD Video Player, it is classified as a Potentially Unwanted Application (PUA). While PUAs typically have nonoperational features and/or undisclosed, dangerous capabilities, this is not the case with HD Video Player, however, should users find this app installed on their systems without their consent/knowledge, it is likely that other, possibly dangerous software has infiltrated the device as well.

What is LANDSLIDE?

LANDSLIDE encrypts and renames files, and creates "#ReadThis.HTA" and "#ReadThis.TXT" files, which contain instructions about how to contact the developers. LANDSLIDE renames files by prepending the nataliaburduniuc96@gmail.com email address, victim's ID, and appending the ".LANDSLIDE" extension to filenames.

For example, "1.jpg" is renamed to "[nataliaburduniuc96@gmail.com][id=C279F237]1.jpg.LANDSLIDE", "2.jpg" to "[nataliaburduniuc96@gmail.com][id=C279F237]2.jpg.LANDSLIDE", and so on.

What is Cat (Xorist) ransomware?

Cat is a malicious program, which is part of the Xorist ransomware family. Systems infected with this program suffer data encryption and users receive ransom demands for decryption. During the encryption process, all affected files are appended with the ".cat" extension.

For example, a file originally named something like "1.jpg" would appear as "1.jpg.cat", "2.jpg" as "2.jpg.cat", and so on. After this process is complete, ransom messages are created in a pop-up window and "КАК РАСШИФРОВАТЬ ФАЙЛЫ.txt" text files, which are dropped into compromised folders.

The messages in both are identical, however, whether the text presented in the pop-up is displayed properly depends if the Russian alphabet is installed on the system. It is highly likely that Cat (Xorist) ransomware is still in development, as its messages do not contain crucial information.

What is SysKey?

Typically, browser hijacking apps promote fake search engines by modifying certain browser settings. SysKey promotes fxsmash.xyz in this way. It can also read browsing history, and possibly other data.

Commonly, users download and install browser hijackers inadvertently and, for this reason, they are categorized as potentially unwanted applications (PUAs).

What is Movie Tab?

Movie Tab is a browser hijacker designed to promote tailsearch.com (a bogus search engine). Browser hijackers usually operate by making modifications to browser settings to promote fake search engines (including tailsearch.com). In fact, Movie Tab does not always modify browsers in this way (see below).

Additionally, this browser hijacker monitors users' browsing habits. Due to the dubious techniques used to proliferate Movie Tab, it is also categorized as a Potentially Unwanted Application (PUA).

What is SkillFormat?

SkillFormat generates advertisements and promotes a fake search engine address, and thus functions as adware and a browser hijacker. Additionally, it is possible that SkillFormat gathers information relating to users' browsing habits and other data. This app is distributed via a deceptive installer that is disguised as the installer for Adobe Flash Player.

Typically, users download and install apps such as SkillFormat inadvertently and, for this reason, they are classified as potentially unwanted applications (PUAs).

What is GLB ransomware?

GLB is malicious software belonging to the Dharma ransomware family. It operates by encrypting data in order to demand payment for decryption. When this ransomware encrypts, all compromised files are renamed following this pattern: original filename, unique ID assigned to the victims, cyber criminals' email address, and the ".GLB" extension.

For example, a file originally named "1.jpg" would appear as something similar to "1.jpg.id-C279F237.[gonald58@cock.li].GLB" following encryption. Once this process is complete, ransom messages are created in a pop-up window and "FILES ENCRYPTED.txt" text file.