malwarebytes banner

How to remove SearchBlox

0
SearchBlox (200,000+ downloads) is a rogue browser extension designed to hack Roblox accounts. This extension is ostensibly developed to help Roblox players fast search for various servers and allegedly play with famous YouTubers. In fact, quite recently it was discovered that SearchBlox has a malicious JavaScript, which allows developers to access Roblox accounts, automatically trade limited items (de facto steal them) via Rolimon's platform, and steal Robux (in-game currency) as well. SearchBlox is similar to another malicious extension called RoSearcher, which was popular around 3 months ago and was being used for stealing Roblox accounts as well. And despite both of them are no longer available for installation from Chrome Web Store, they managed to score a number of downloads and still continue affecting numerous players who do not know about their malicious abilities. Thus, if the SearchBlox (or other) extension happens to be installed in your browser, we strongly advise you to delete it immediately. Use our step-by-step guide to do so below. After this, it is also worth changing your login credentials (password) for your Roblox account to avoid further or not-yet-happened abuse.

How to remove Trigona Ransomware and decrypt ._locked files

0
Trigona is the name of a ransomware virus that encrypts data of corporate users (e.g., companies) and demands money for file decryption. During encryption, it appends the new ._locked extension (for instance, 1.pdf._locked) and creates a file named how_to_decrypt.hta after successful completion. This file contains instructions with steps on what victims should do to decrypt their data. It is said all critical information, such as documents, databases, local backups, and so forth has been encrypted and leaked. Cybercriminals also mention that file decryption is impossible without their direct involvement. Also, it is mentioned that data of those who refuse to collaborate with cybercriminals will be sold to figures potentially interested in its abuse. To prevent all of this, threat actors guide victims to open a decryption page via the TOR Browser and contact the ransomware developers.

How to remove Uyit Ransomware and decrypt .uyit files

0
Uyit Ransomware is a complex encryption-type virus, that uses AES (Salsa20) algorithm to cipher user files. Data affected by this malware become unavailable without a special decryption key. The virus gets slightly modified every week, and recent versions append the following extensions: .uyit. Uyit Ransomware does not touch system files, but may block navigation to certain security websites using the Windows "hosts" file. When users try to download anti-malware or decryption tools, the pest won't allow them to do it. You can easily download recommended programs from our site and read instructions on how to use them. Ransomware copies file _readme.txt, the so-called "ransom note", to the desktop and to the folders with encrypted files. The text file contains information about the infection, ways to pay the ransom, and contact information.

How to remove Bazek Ransomware and decrypt .bazek files

0
Bazek is a virus infection that features all the traits inherent to ransomware. Put simply, it encrypts access to data (using AES-256 algorithms) and asks victims to contact cybercriminals in order to get a special decryption key. During encryption, the virus also assigns the new .bazek extension to each targeted file. To illustrate, a file named 1.pdf will change to 1.pdf.bazek and lose its original icon as well. Depending on what version of Bazek Ransomware attacked the computer, it will either create a text note called README.txt or display a pop-up window with similar decryption instructions.

How to remove RansomBoggs Ransomware and decrypt .chsch files

0
Also known as Sullivan, RansomBoggs is a ransomware infection designed to encrypt data and demand payment for decryption afterwards. Recent research showed that this virus has had numerous attacks on various organizations placed in Ukraine. During encryption, RansomBoggs renames all targeted files with the .chsch extension. For example, a file originally titled as 1.pdf will change to 1.pdf.chsch and become no longer accessible. Following this, the ransomware also creates its own note (SullivanDecryptsYourFiles.txt) with decryption instructions.

How to remove Notifpushback.com

0
Notifpushback.com is a hazardous site, that displays ads, pop-ups, and notifications in Safari, Google Chrome, Mozilla Firefox, Internet Explorer or Edge. If you see advertisements from Notifpushback.com while browsing certain sites, it means those sites use bad-quality advertising, or they are hacked. This can be fixed by installing ad-blocking software, like AdGuard (see description below). If you see notifications from Notifpushback.com, it means the website is allowed to show them in browser settings. In this situation, you need to check your PC for viruses and follow the instructions below. Ads promotion like this one appeared recently and uses user habits and standard browser features to create social-engineering attacks and deliver unwanted ads. Learn how to stop ads and block notifications in your browsers by removing Notifpushback.com.