Kwaaklocked Ransomware

Kwaaklocked Ransomware is not yet fully developed, but it seems it could be another malicious file-encrypting application based on an open source ransomware program known as Hidden Tear. Most of them were created the year the original Hidden Tear’s sample was uploaded (2015), but apparently, there are still some hackers who keep using this code to generate more infections. Further, in the text, we will discuss the threat’s possible distribution channels and explain what to expect if it enters your system. Of course, you will find tips on how to avoid malicious applications like Kwaaklocked Ransomware as well as how to get rid of this malware manually. However, we would like to stress that since the infection is still in the process of being developed it might change and it is difficult to say how accurate the instructions at the end of this article can be. Therefore, if you encounter this threat, it might be best to use a legitimate antimalware tool instead. Read more »

Donut Ransomware

Donut Ransomware

If you do not want to put your personal files at risk, Donut Ransomware is an infection you need to keep away from your operating system. Any careless click could let this malware in, which is why you need to be most cautious. For example, you should forget about interacting with spam emails. If you are not smart about it, you could let in all kinds of malware, including other well-known file-encrypting threats, such as Danger Ransomware, Scarab-Leen Ransomware, Autismlocker Ransomware, or BansomQare Manna Ransomware. If you are interested, all of these – and many others – infections have been reviewed by our Anti-Spyware-101.com research team. Once the infection slithers in silently, it immediately scans your operating system and encrypts files. Although the threat evades all system files, as well as some specific files (“autorun.inf,” “boot.ini,” “bootsect.bak,” “desktop.ini,” “iconcache.db,” “ntuser.dat,” “ntuser.dat.log,” and “thumbs.db”) regardless of their location, it does not ignore what we call “personal files.” You can save them only if you delete Donut Ransomware in time, and, unfortunately, it is most likely that you have found this removal guide because your personal files got encrypted already. Read more »

Crybrazil Ransomware

Crybrazil Ransomware

If you live in Brazil or speak Portuguese, Crybrazil Ransomware is an infection that is specifically targeted at you. The installer of this dangerous infection could be dropped using remote access or introduced to you as a harmless spam email attachment. Other methods could be employed to spread this malware as well. Our Anti-Spyware-101.com research team has found that the infection was built using the infamous Hidden Tear source code. We have reviewed hundreds of other infections (e.g., Cyberresearcher Ransomware) that have been built using the same code and spread in similar ways. Although all of these threats have unique features, they function in the same ways. For one, they were all created to terrorize Windows users, hijack their files, and demand huge ransom fees in return for decryptors and decryption keys. In some cases, free decryptors are released by malware researchers, but one that would work with this malware did not exist at the time of research. All in all, whether or not you decrypt your files, you must delete Crybrazil Ransomware as soon as possible. The removal tips we have for you will surely help. Read more »

Danger Ransomware

Danger Ransomware does not meet us with anything new. If anything, our research team suggests that this program is just a version of a previously released infection. So it will exhibit the same behavioral patterns as its predecessors. On the other hand, although it should be easier to deal with an infection when you know what it is up to, we cannot say that about ransomware programs. That is because each ransomware application is unique, and so while we can apply similar methods to remove Danger Ransomware, they will not work for the file decryption. That is perhaps the most frustrating part about ransomware infections. Read more »

QuizFunWow Extension

QuizFunWow Extension

Some users click the button and install QuizFunWow Extension consciously on their computers because this piece of software looks reliable, and they expect that they could take cool online quizzes for free whenever they want to. The majority of users install it from the page (https://quizfunwow.com/quiz/?sid=05302018_organic) they are redirected to after opening https://quizfunwow.com/. Some users come across this website by accident while browsing the Internet, but we are sure there are more users who ended up on it against their will after having clicked on an untrustworthy link/advertisement found on the web. Researchers at anti-spyware-101.com have also managed to find one more source QuizFunWow Extension can be downloaded from – it is the official Chrome Web Store. If you have not installed this application yet, we highly recommend that you refrain yourself from doing this no matter if this piece of software looks like great fun because it is far from being perfect. Research conducted by experienced malware analysts has also confirmed that this extension is a typical potentially unwanted program, or PUP. To put it in other words, it is not anywhere near harmful malware, but it will not act as fully reliable software. Continue reading to find out more about QuizFunWow Extension. Read more »

StalinLocker Wiper

StalinLocker Wiper

StalinLocker Wiper is a nasty malicious application categorized as ransomware. Even though it belongs to this category of malware, it differs from those ransomware infections that encrypt users’ files to obtain money from them a lot because it does not lock a single file on the affected machine. Instead, once executed, it places a window with a picture of Stalin over Desktop and, by doing so, locks it completely. As a consequence, users cannot perform any activities using their PCs and/or access their programs and files. It is only one of two activities StalinLocker Wiper performs on affected computers. If you do not unlock your screen or do not disable the ransomware infection within 10 minutes, this threat will delete almost all files from your computer, including those considered system files. As a consequence, your computer could not even load up anymore. This explains why StalinLocker Wiper is often referred to as a data wiper. Read more »

Your Battery Is Damaged By Viruses

If you are seeing a notification telling Your Battery Is Damaged By Viruses you should know you most likely encountered a fake system alert. Such threats are designed to imitate genuine warnings and make the user do what the cybercriminals want while imagining they are doing it to protect their devices. For example, in this case, the hackers want their victims to download a specific tool. If you believe the fake pop-up, it is supposed to help you delete possible threats, but we suspect it might be in fact a malicious application. Thus, installing it could be extremely dangerous, for example, depending on the malware it could harm user’s files, steal his sensitive information, etc. Consequently, our specialists at Anti-spyware-101.com advise not to download any tools recommended by the Your Battery Is Damaged By Viruses notification. If you want to know how to react when coming across such alerts you should read our full report about this false pop-up. Read more »

Scarab-Leen Ransomware

Scarab-Leen Ransomware

Scarab-Leen Ransomware is a harmful infection that might enter your computer illegally. Unlike Trojans and some other malicious applications, it does not try to stay unnoticed after it infiltrates computers. Instead, it starts working immediately and locks files found on the affected system. In other words, it is typical crypto-malware that locks files with the purpose of extracting money from users. Do not send money to cyber criminals even if those files you need to access badly have been encrypted too because you will not only encourage malicious software developers to release more infections, but you might not even get the decryption tool from them. Actually, it is quite common for crooks not to give victims the promised decryptor. There is a possibility that they do not even have it. It does not mean that you can keep the ransomware infection active on your system if you decide not to make a payment. If you do not disable it soon, you will see its ransom note opened automatically each time you restart your computer. Additionally, there is a huge possibility that you will find all new files you create encrypted too. Scarab-Leen Ransomware creates a registry key, a Value in the system registry, and drops several files, so its removal will not be very quick and easy. Do not worry about this – we are here to help you. Read more »

Autismlocker Ransomware

Autismlocker Ransomware

Autismlocker Ransomware is an incredibly creepy infection that is capable of locking the screen and creating an illusion that the victim needs to either kill someone or send photos in which they are nude. Needless to say, the first option should not be even considered, but sending personal photos is not necessary either, and that is because the infection is a simple screen-locker that can be disabled very easily. Hopefully, you are not reading this after sending any photos or communicating with the malicious schemers who have created the infection. Our research team at Anti-Spyware-101.com has found an easy way for you to disable the lock and then remove Autismlocker Ransomware. Can you ignore the infection once you regain access to the operating system? You certainly cannot, and that is because the malicious files of this threat could easily be converted and used in other malicious ways. It appears that they could even encrypt data! Continue reading to learn how to successfully delete this malware ASAP. Read more »

Ember Relax Background

Ember Relax Background

Ember Relax Background is a potentially unwanted program (PUP) that may collect user’s information for unknown purposes. The suspicion arises from the fact the software has no End User Licence Agreement or Privacy Policy papers. Moreover, our researchers at Anti-spyware-101.com noticed the application might be spread through unreliable channels. Therefore, considering the extension does not look trustworthy, we would advise you not to take any chances with it and eliminate it before something goes wrong. Users who wish to get rid of it at once could slide below the article and follow the provided deletions steps showing how to remove Ember Relax Background from Google Chrome. On the other hand, users who still have not decided what to do with this PUP could read the rest of this report and get to know it better. Read more »