Category Trojans/Viruses

How to remove Oktropys@protonmail.com ransomware and decrypt .Aurora files

Oktropys@protonmail.com ransomware is a crypto-trojan, which encrypts all files on victims machines without permission. It insert new file extensions .Aurora to every encrypted file, for example, if you have a Photo.png file, then its name becomes Photo.png.Aurora. All text documents, images , photos, images, and other files is at risk. We think, that files with next extensions can be encrypted by a virus:
.shw, .cat, .csv, .db, .doc, .gif, .htm, .ico, .inf, .ini, .jpg, .png, .ppt, .sam, .txt, .url, .xls, .xml, .wav, .wb2, .wk4, .wpd, .wpg
After encryption, criminals create special files with the debscription of their demands and procedure of payment for decryption.

How to remove ‘Dear User, Congratulations’ from Google Chrome

"Dear User, Congratulations", as well as "Amazon winner pop up" cyclically shows fake information when the user starts to open a new tab in Google Chrome and reports that "user wins iPhone" or other smartphones. Usually it redirect browsers to search-engine.today-rewards.stream. In reality, it is annoying virus, called SCAM, or telephone virus. It created for next purposes: to lock screen in browsers, by showing winning or alert messages and persuade user to call tech support for example, similar with "Dear User Congratulations" Windows trouble SCAM shows, that windows can't work normally and the user should call to 'tech support' number. The main purpose of Scams is to force victims to call on fake software support, for solving fake PC, Mac or iPhone error or for taking a prize.

How to remove BtcKING ransomware and decrypt .BtcKING files

If you found, that some files on your PC got new .BtcKING extension and became unreadable, unfortunately, your system was hit by a virus. Virus researchers classified such viruses as Ransomware-trojan. Our sample called BtcKING Ransomware and started to attack users machines since the second half of June 2018. An encryption method is AES, so decryption is near impossible. Despite it, we can help with removing BtcKing ransomware and partial decryption of .BtcKING files.

How to remove Scarab Bomber ransomware and decrypt .bomber, .glutton, .fastsupport@xmpp.jp or .fastrecovery@xmpp.jp files

Scarab Bomber is a new version of the widespread Scarab Ransomware. Created in the Russian-language country, it spreads around the world, mostly in English speaking countries. The virus is very dangerous, because it crypts all files on victims PCs. Moreover, after encryption users can loose these files completely. Unfortunately, only a few versions of this virus are decryptable now. The latest versions of Scarab become very difficult to decrypt. Encrypted files got new .bomber, .fastsupport@xmpp.jp or .fastrecovery@xmpp.jp extensions. For example 1.txt become 1.txt.bomber. Ransomware can encrypt doc, txt, pdf, xls, bmp, jpg, bmp, mp3, avi and many other files.