Author Archives: Sarah Stewart

Jeff Ransomware

Jeff Ransomware

After taking a closer look at Jeff Ransomware, our researchers concluded it is probably still being developed. Therefore, we doubt the malware could be spread among a lot of users. Nonetheless, we believe it is essential to learn about it just the same in case it gets upgraded and becomes a serious threat. In the article, we will explain why we believe it not yet finished and talk about its working manner. Moreover, users who are interested in how it could be erased will find instructions showing how to do so manually. Of course, if you encounter an updated version of Jeff Ransomware, it might act differently, and the provided deletion guide may not help you remove it completely. For this reason, it might be best to use a legitimate antimalware tool that could take care of the malicious program with no trouble. Read more »

DBGer Ransomware

DBGer Ransomware

DBGer Ransomware is a malicious program that may attack computers vulnerable to the so-called EternalBlue exploit. If the malware succeeds and settles in it should encipher user’s photos, documents, and other personal files with a secure encryption algorithm. As a result, the device should be unable to recognize modified files. Meaning, the only way to access them is decrypting them. Sadly, the only ones capable of deciphering data encrypted by DBGer Ransomware is the hackers who created it, and they ask for around six thousand US dollars for such services. Naturally, if you do not have so much money to spare, or do not want to risk being scammed; we would advise ignoring the malware’s displayed ransom note. For more information about the threat and the ways it can be erased, you should read our full article. Read more »

Scarab-Cybergod Ransomware

Scarab-Cybergod Ransomware

It is very likely that you have let Scarab-Cybergod Ransomware into your Windows operating system yourself, and you might have done that by opening corrupted links or spam email attachments. Our research team at Anti-Spyware-101.com also suggests that unprotected RDP channels could be used to spread the malicious infection silently. If the threat infiltrates the operating system silently, you are unlikely to realize that you need to remove anything malicious. Needless to say, if you do not take care of that, the threat starts performing malicious processes, and the most important one is to encrypt files. The infection uses an algorithm to encrypt files and make the data unreadable. If the files are corrupted successfully, you cannot restore them, unless backups exist outside the infected operating system. Even if you delete Scarab-Cybergod Ransomware successfully, your files would not be restored automatically. Therefore, if you still have the chance, you need to protect your system and files against this malware. If you are already dealing with it, you need to get rid of it ASAP. Read more »

PC Repair Clinic

PC Repair Clinic

You might have downloaded the free scanner by PC Repair Clinic, and now you do not know if you should pay for the full version of the program, or if you should remove it. You might already have your answer if you are researching your removal options, but if you are still on the fence about this whole thing, you can definitely get your answer here. Anti-Spyware-101.com research team has analyzed the PUP (potentially unwanted program), and it was found that while it does not show fictitious results to trick users into paying money for it, it is unlikely that its services are beneficial. In fact, we believe there are far better and more advantageous tools you could be investing in instead. If you are here only because you want to delete PC Repair Clinic from your operating system and browsers, check out the complete guide below. If you want to learn a little bit more, keep reading. Read more »

KEYPASS Ransomware

KEYPASS Ransomware

There are so many file-encryptors that their creators are now creating and applying new features. The malicious KEYPASS Ransomware is a perfect example of that. Although it is primarily a file-encrypting and ransom-demanding threat – just like most ransomware – it also could work as spyware because it has the functionality of a keylogger. Needless to say, this makes an already intimidating infection a real danger. It is not yet clear what kind of information the infection might attempt to record, but it is known that KEYPASS Ransomware removes itself after the encryption of files, and so it is unlikely that it would lurk on the computer for a long time just to record keystrokes in the hopes of obtaining credit card information, login data, or other sensitive details. All in all, you do not want to let your guard down. It is possible that you are in danger, and you want to make sure that every single malicious component is deleted successfully. First, scan your operating system to see what is going on. Read more »

PooleZoor Ransomware

PooleZoor Ransomware

PooleZoor Ransomware shows a ransom note asking to pay 10,000,000 Riyal. The sum seems ridiculous, especially when it is asked for decrypting files located on the Desktop folder alone. The malware does not encrypt any other data than the files available on the user’s Desktop directory. No doubt, there might be users who keep a lot of important files there, but for some users, it could be a few pictures, perhaps documents with details of their online purchases, etc. What we are trying to say is there is a chance the malicious application may not encipher any data that would be worth paying a ransom for. However, we do not think there was some mistake. The simplest explanation would be PooleZoor Ransomware could be just a test version, and the next release might damage more files and ask for a more reasonable sum to pay. For more information about it, we urge you to read our full article. Also, should you need deletion instructions, keep it in mind you can find them at the end of this text. Read more »

mirey@tutanota.com Ransomware

mirey@tutanota.com Ransomware might belong to the Cryptconsole Ransomware family: a group of malicious applications coded in C# on Microsoft .NET framework. Another thing they have in common is they might open a command prompt window while they encipher files located on the infected computer. Our researchers at Anti-spyware-101.com say closing it could make the malware stop encrypting user’s data, so it is best to close this window the moment you notice it. Unfortunately, users who have never seen a ransomware application before may not realize what is happening or imagine what the consequences might be. If you want to get to know mirey@tutanota.com Ransomware better, we recommend reading our full article. As for users who wish to get rid of the malicious program faster we encourage you to slide below the text and use the provided removal instructions. Read more »

Maxi Buy

Maxi Buy

Maxi Buy is presented as a beneficial browser extension that can help to save some time and money by finding and displaying where a particular product a user is viewing can be purchased for a lower price. It seems that users believe that this piece of software can be useful – a number of users have already installed it on their computers. To be more specific, there were 9,918 users in total who had this extension installed at the time of writing. Maxi Buy is compatible with Google Chrome, Mozilla Firefox, and Safari (but only Google Chrome version was working properly at the time of research), which clearly shows that the developer of this application targets a wide range of users. Some users consciously install Maxi Buy on their PCs from its official website, or, in the case of Google Chrome users, directly from the Chrome Web Store, but it does not mean that it cannot enter computers illegally. As research carried out by specialists working at anti-spyware-101.com has shown, this piece of software might also come bundled, which explains why it has been categorized as a potentially unwanted application by researchers. The application might seem to be really useful, but you should definitely not keep it installed if you have not installed it yourself. Read more »

Crypt6 Ransomware

Crypt6 Ransomware is a malicious program that can encrypt various user’s files and then show a warning claiming the user has to pay for decryption. Since the ransom note is in French and the infection does not provide a means to translate it, we believe the threat’s creators could be targeting users who speak the French language only. This might mean the malware may not be distributed widely. In any case, if you did encounter it, we would recommend reading our full report to get to know Crypt6 Ransomware better. Further in the text, we will talk about its possible distribution channels, working manner, and ways it could be erased from the system. More than that, if you slide a bit below the article, you will find deletion instructions explaining how to eliminate this infection manually step by step. Read more »

Jigsaw-Dat Ransomware

Jigsaw-Dat Ransomware

Jigsaw-Dat Ransomware is to blame if your files are encrypted and have .dat extension. This malicious application was created for money extortion, so by enciphering user’s data, it takes it as a hostage and to receive a ransom the cybercriminals leave a note asking to pay for decryption tools. Unfortunately, there is no way to know if the hackers will hold on to their word and allow you to decrypt your files after paying a ransom. Therefore, we advise not to gamble with your savings. Users who choose to erase it could follow the instructions available at the end of this article. Nevertheless, if you need more information before making your decision, you should keep reading this text and learn more about Jigsaw-Dat Ransomware. Read more »