How to remove STOP Ransomware and decrypt .derp, .nakw, .coot or...

STOP Ransomware (a.k.a Djvu Ransomware) encrypts victim's files with Salsa20 (stream encryption system) and appends one of the hundreds of possible extensions including latest discovered .derp, .nakw, .coot or .nols. STOP is one of the most active ransomware today, but they hardly talk about it. The prevalence of STOP is also confirmed by the extremely active forum thread on Bleeping Computer, where victims seek help. The fact is that this malware attacks mainly fans of pirated content, visitors to suspicious sites and is distributed as part of advertising bundles. There is a possibility for successful decryption, however, to date, there are more than 174 STOP variants that are known to researchers, and such a variety significantly complicates the situation.

How to remove Muhstik (QNAPCrypt) Ransomware and decrypt .muhstik files

Muhstik Ransomware is nasty cipher virus, that encrypts user data on QNAP NAS network drives using AES-256 (CBC mode) + SHA256 algorithms, and then requires a ransom of 0.045 - 0.09 BTC (currently ~$700) to return the files. According to researchers, this program is not directly related to eCh0raix Ransomware, although there is a certain external similarity. After finishing encryption procedure, malware adds .muhstik extension to affected files. The malware first checks the system language and does not start encryption on systems with Russian, Belorus or Ukranian languages. At the moment, there is a public decryption tool called EmsiSoft Decrypter for Muhstik available. It is able to decrypt files encrypted by most versions of this virus. If it is unable to recover the data, full recovery is only possible with the help of backups.

How to remove STOP Ransomware and decrypt .leto, .werd, .bora or...

STOP Ransomware (sometimes called DJVU Ransomware) is an obnoxious virus, that encrypts files on computers using the AES encryption algorithm, makes them unavailable and demands money in exchange for so-called "decryptor". Files processed by the latest version of STOP Ransomware, in particular, can be distinguished by the .leto, .werd, .bora or .xoza extensions. The analysis showed that the cryptographic installer loaded with the "crack" or adware is installed under an arbitrary name in the %LocalAppData%\ folder. When executed, it loads four executable files there: 1.exe, 2.exe, 3.exe and updatewin.exe. The first of them is responsible for neutralizing Windows Defender, the second is for blocking access to information security sites. After the malware is launched, a fake message appears on the screen that says about installing the update for Windows. In fact, at this moment, almost all user files on the computer are encrypted. In each folder containing encrypted documents, a text file (_readme.txt) appears in which attackers explain the operation of the virus. They offer to pay them a ransom for decryption, urging them not to use third-party programs, as this can lead to the deletion of all documents.

How to remove Mac Heal Pro (Mhptask)

Mac Heal Pro is deceptive Mac optimisation application. After installation, it opens on the whole screen and starts a fake system scan. It does not give users the opportunity to resize the window. When the scan is finished, Mac Heal Pro offers paid activation, which costs $60 - $70. The problem is, that viruses, errors and performance issues, found by this app, never existed on your Mac. Mac Heal Pro is categorized as rogue program, fake optimization software. The virus poses a threat to the financial security and privacy of the users, due to its misleading tactics, untrustworthy scan results, and unscrupulous developers. There are also some complaints, that Mac Heal Pro cannot be removed, or keeps coming back.

How to remove Similar Photo Cleaner (Nspchlpr) (Mac)

Similar Photo Cleaner is ad-supported application for Mac. It was developed to detect and remove duplicate photos and pictures. It is one of those pointless apps, that provide low functionality, but leads to severe computer and privacy problems. It installs without user's consent, and does not disclose all conditions of the installation. The consequences of installing the program are pitiable: users start seeing ads and pop-ups in browsers, they get unknown programs installed without their intention. Besides, some users complain, that they cannot quit Similar Photo Cleaner, as it displays pop-up, that cannot be closed (see the picture below). All this peculiar properties put the program to the category of potentially unwanted apps.