malwarebytes banner


Useful tutorials on various PC troubleshooting topics. Video tutorials.

How to remove PLAY ransomware and decrypt .PLAY files

PLAY is a ransomware-type virus that runs encryption of important data and extorts money from victims. While rendering files inaccessible, it assigns the .PLAY extension and also creates a text note called ReadMe.txt. For instance, a file previously titled 1.pdf will change to 1.pdf.PLAY and reset it's icon after encryption. Since then, victims lose control over their data and have to read instructions on its recovery in the created text note. It is common for ransomware infections to be distributed via phishing techniques. A virus may be disguised as some legitimate-looking file (e.g., Word, Excel, PDF, EXE, JavaScript, RAR, ZIP, etc.) and be sent inside of an e-mail spam letter. Such a letter may present information explaining the “importance” of opening attached files or links.

How to remove Ransomcrow Ransomware and decrypt .encrypted files

Ransomcrow is a ransomware infection designed to encrypt valuable data and blackmail victims into paying money for its retrieval. During encryption, it assigns the .encrypted extension, which is generic to many file-encryptors. To illustrate, a file initially named 1.pdf will change to 1.pdf.encrypted and also drop its icon. After this, the virus creates a text note called readme.txt and also replaces desktop wallpapers. Information within the generated note is meant to guide victims through the recovery process. It is said a payment equivalent to €50 in Bitcoins is necessary for transfer to get special decryption tools and return the data. Victims can also contact swindlers for in-person communication via the given email address ( As a rule, decryption without the help of cybercriminals is very complex and even impossible - it may be the opposite if there are some bugs or flaws alleviating third-party interference.

How to remove Cceo Ransomware and decrypt .cceo files

Just like many previous versions of this virus, Cceo Ransomware is a malicious program recently developed by the STOP (Djvu) ransomware family, which runs data encryption. Once it gets on your computer, the virus covers all personal data with strong encryption algorithms, so that you could no longer be able to get access to them. Unfortunately, preventing ransomware from blocking your data is impossible unless you have special anti-malware software installed on your PC. In case of its absence, the files stored on your disks will be restricted and no longer accessible. After the encryption process is done, you will see all the files change to 1.pdf.cceo and similarly with other file names. This version of STOP ransomware uses .cceo extension to highlight the encrypted data. Then, as soon as ransomware has stormed through your system and put all the sensitive data under a lock, it goes further creating a ransom note (_readme.txt).

How to remove Payt Ransomware and decrypt .payt files

Payt is the name of a ransomware infection that encrypts system-stored data and blackmails victims into paying money for its return. It does so by adding new filenames (consisting of unique victim's ID, cybercriminals' e-mail, and .Payt or .payt extension). For instance, this is how an image file infected by Payt Ransomware will likely appear - 1.png.[MJ-YK7364058912]( After this, a money-demanding note called ReadthisforDecode.txt gets generated onto the desktop. As stated within this message, victims should write an e-mail to or addresses and express their interest in decrypting data. It is also possible to send a test file and get it decrypted for free - this way cybercriminals seek to illustrate that their decryption actually works and can be relied on.

How to remove World2022decoding Ransomware and decrypt .world2022decoding files

World2022decoding is a recent ransomware infection that was spotted encrypting device-stored data and blackmailing victims to pay money for it. During encryption, all affected files get appended with the victim's personal ID, and the .world2022decoding extension as well. As a result, it acquires a new look similar to this - from previously uninfected 1.png to now restricted 1.png.[9222911A].world2022decoding. This is only an example and it can happen to any piece of data, especially documents and databases. Cybercriminals also create a text note called WE CAN RECOVER YOUR DATA.MHT that entails instructions on how to return the files.

How to fix ERR_CONNECTION_CLOSED error in Google Chrome

ERR_CONNECTION_CLOSED is a frequently-encountered error when trying to open some page in the Google Chrome browser. It happens when Chrome fails to establish connection with a page being loaded - and that is quite obvious. The reason for that, though, could be one out of many. For instance, it could be your third-party antivirus intentionally preventing connection with its firewall setup; a conflict caused by installed browser extensions; misconfigured Internet settings; and other issues as well. Luckily, our solutions below should be enough to forget about the problem and start using the necessary page or pages again. Follow along and try each of them until one finally does it.