malwarebytes banner


Useful tutorials on various PC troubleshooting topics. Video tutorials.

How to remove Nexus Banking Trojan (Android)

Nexus is the name of a banking trojan that targets Android devices in order to extract banking and finance-related information. According to the detailed research conducted by Cyble, this trojan is assumed to be a rebranded version of the S.O.V.A trojan which has similar capabilities. As a rule, banking trojans acquire access to the targeted device by disguising themselves as legitimate apps and asking users to enable Android Accessibility Services in order to use the app's features or the app itself. Unfortunately, if permissions like this get enabled for trojanized apps, they will misuse them to grant additional permissions, prevent users from disabling them, and turn off various security measures like Google Play Protect. It is known that Nexus targets over 40 popular banking applications. To force users into entering sensitive information (e.g., passwords, passcodes, IDs, usernames, etc.), the virus downloads the appropriate HTML injection code to create a fake overlay of a specific bank app that a victim is using. This way users enter their log-in credentials without suspecting they could be recorded and sent to the cybercriminals' servers afterward.

How to remove Qarj Ransomware and decrypt .qarj files

Qarj is a new ransomware variant developed and published by a template of notorious STOP/Djvu family. This particular variant was released in March 2023. Being a file-encrypting virus, it blocks access to personal data by using secure encryption algorithms. This means that files stored on a PC will no longer be opened by users until they are decrypted. Currently, there are smal chances for decryption of files encrypted by Qarj. Only 1-2% of cases are decryptable, when certain conditions are met. Use all instructions on this page until you get some data restored. In order to show that all files have been put under a lock, developers append the new .qarj extension to each of the files. For instance, a file sample like 1.pdf will change to 1.pdf.qarj and reset its icon eventually. After this part of encryption is finished, the virus creates a text note (_readme.txt) with ransom instructions.

How to remove Qapo Ransomware and decrypt .qapo files

Qapo Ransomware is a new file-encrypting program developed and published by the authors of STOP/Djvu family. Almost all versions entitled to this group of extortionists employ similar steps to extort money from victims. This particular variant was released in the middle of March 2023. Once Qapo gets on your PC, it runs a quick scan of your system to find sensitive data. Then, once this process is done, the malicious program gets to encrypt your data. During this, all files are changed with the .qapo extension, which appears at the end of each file name. For example, a file like 1.pdf will change to 1.pdf.qapo, and similarly. Once you spot such an immediate change, you will no longer be able to access the data. In order to decrypt it, cybercriminals instruct victims through the steps listed inside a text note (_readme.txt), which opens at the end of encryption. All recent versions of this ransomware family have used identical text in the notes.

How to unlock from “iPhone is Disabled, Connect to iTunes” screen

If you or someone has exhausted all the attempts to unlock your iPhone with the right passcode, eventually it will get permanently locked and display the following message on your screen: "iPhone is Disabled, Connect to iTunes.". To be more precise, this message will appear after entering the wrong password 10 times in a row. Such a security measure is meant to prevent possible intruders from accessing your iPhone without your consent, in case it got lost and could be at risk of getting viewed by an unknown person. Unfortunately, if you are the owner of an iPhone who simply forgot the password, the only viable solution is to restore your device to factory settings, which implies a full erase of content stored on a device. After restoring, you can use your iCloud or some other backup to recover data that will be erased. Follow our guide below to explore different ways to restore and unlock your phone.

How to remove Qazx Ransomware and decrypt .qazx files

Qazx Ransomware is called so, because of .qazx extension, added to affected files, modifying original extensions of various types of sensitive data. This version appeared in the middle of March, 2023. In fact, technically it is STOP Ransomware, that uses AES encryption algorithms to encrypt user's files. This suffix is one of the hundreds of different extensions used by this malware. Does it mean you lost your valuable data? Not necessarily. There are certain methods, that allow you to recover your files fully or partially. Also, there is free decryption utility called STOP Djvu Decryptor from EmsiSoft, that is constantly updated and is able to decrypt hundreds of types of this virus. After finishing its disastrous activity Qazx Ransomware creates _readme.txt file (ransom note), where it informs users about the fact of encryption, amount of ransom, and payment conditions.

How to fix iPhone stuck in zoom mode

Among various useful capabilities, iPhone also has a seemingly interesting zoom feature allowing users to magnify their entire screen wherever it is double-tapped with three fingers. However, because some users do not know about it that much, using this feature accidentally might lead to confusion without knowing how to zoom out into the normal workspace. Due to this, such users get stuck and have difficulties with navigation, opening apps, and even unlocking the screen. Luckily, fixing this issue is pretty easy and can be done using a couple of solutions presented in our guidelines below. We will also show you how to disable this feature so that it does not get accidentally activated again.