malwarebytes banner

Tutorials

Useful tutorials on various PC troubleshooting topics. Video tutorials.

How to remove Lucknite (ETH) Ransomware and decrypt .lucknite files

0
Lucknite (ETH) or LuckniteRansom is a ransomware virus that was recently inspected by malware researchers. The purpose of this malware type is to encrypt potentially important data and hold it hostage until victims pay money for ransom. During encryption, this ransomware also assigns the .lucknite extension to each targeted file. For instance, originally named 1.pdf will change to 1.pdf.lucknite and lose its shortcut icon after encryption. After this, cybercriminals feature decryption instructions in the README.txt note. Sometimes the content of the ransom may vary slightly depending on which ransomware version affected the system.

How to remove OBZ Ransomware and decrypt .OBZ files

0
OBZ is a ransomware-type virus that encrypts access to data and blackmails victims into paying money for decryption. At the time of encryption, the virus alters targeted files with the .OBZ extension. For instance, a file originally named 1.pdf will turn into 1.pdf.OBZ or 1.pdf.obz depending on which ransomware version penetrated the system. In addition, victims also reported seeing a malicious process named Traffic Light in Windows Task Manager. Once the encryption process gets to a close, OBZ Ransomware creates a text document (ReadMe.txt) that features decryption instructions. It is worth noting that the content of this ransom note is identical to other previously discovered U2K and MME ransomware, which may indicate that OBZ was developed by the same group of developers.

How to fix Windows 11 Update error 0x80070103

0
0x80070103 is an update error that has gained substantial popularity across many Windows 11 users. It occurs when users are trying to install the latest pending update in their system. The error becomes evident when the following message comes up on the screen: "There were some problems installing updates, but we’ll try again later. If you keep seeing this and want to search the web or contact support for information, this may help – (0x80070103).". The reason why this issue appears is usually related to driver incompatibilities. This can be if Windows Update is attempting to install an already installed driver, if you have an incompatible driver version installed, or if the driver is being used by some other program while Windows tries to update it. The guilty driver can be related to any piece of hardware like graphics, audio, and so forth. Luckily, there are a couple of simple solutions that may resolve the issue and get you to install the update successfully. Use our guide to try them.

How to remove CryWiper Ransomware and decrypt .CRY files

0
CryWiper is a devastating virus that damages the configuration of data to make it inaccessible and then demands money from victims for fake decryption. CryWiper developers disguise their software as ransomware that encrypts data, however, it is in fact a data wiper that simply corrupts the files. While running "encryption", the virus deletes all shadow copies from the root drive and appends the new .CRY extension to highlight the files. For instance, a file originally named 1.pdf will turn into 1.pdf.CRY and become permanently damaged. After this, CryWiper creates a file called README.txt with misleading decryption instructions. It is known that CryWiper avoids damaging .exe, .dll, .lnk, .msi, and .sys files and others stored in Boot, System, and Windows directories. In addition, this virus has also been observed getting distributed via the browserupdate.exe malicious file, programmed in C++ language, and targetting organizations that are localized in Russia.

How to fix “DLLRegisterServer Was Not Found” error on Windows 11/10

0
DLLRegisterServer Was Not Found is a message error that makes its presence known when users are trying to manually register a DLL (Dynamic Link Library) or OCX (OLE Control EXtension) file via Command Prompt. It has also been reported to occur on both Windows 10 and 11. While there is no single reason that drives users to see this error, it can be related to a lack of certain permissions in registry keys, corrupted/missing system file elements, problematic DLL files, or even incompatibilities caused by the side of third-party software (such as antivirus). Trying to find the exact reason and solution immediately is like a shot in the dark, so we advise you to try each method we wrote down below until the issue gets resolved eventually. The instructions are almost the same on both Windows 10 and 11 operating systems.

How to remove Beijing Ransomware and decrypt .beijing files

0
Beijing is a ransomware-classified infection that encrypts access to data and demands that victims pay money for its decryption. This file encryptor is also likely released by the same cybercriminals who previously developed another ransomware named LeakTheMall. During encryption, victims will see their files change visually - it is the new .beijing that will be eventually added to them. For instance, an originally named 1.pdf will change to 1.pdf.beijing and become no longer accessible. After this, the virus creates text instructions in !RECOVER.txt explaining what should be done to recover the data.

How to remove Trigona Ransomware and decrypt ._locked files

0
Trigona is the name of a ransomware virus that encrypts data of corporate users (e.g., companies) and demands money for file decryption. During encryption, it appends the new ._locked extension (for instance, 1.pdf._locked) and creates a file named how_to_decrypt.hta after successful completion. This file contains instructions with steps on what victims should do to decrypt their data. It is said all critical information, such as documents, databases, local backups, and so forth has been encrypted and leaked. Cybercriminals also mention that file decryption is impossible without their direct involvement. Also, it is mentioned that data of those who refuse to collaborate with cybercriminals will be sold to figures potentially interested in its abuse. To prevent all of this, threat actors guide victims to open a decryption page via the TOR Browser and contact the ransomware developers.

How to remove Bazek Ransomware and decrypt .bazek files

0
Bazek is a virus infection that features all the traits inherent to ransomware. Put simply, it encrypts access to data (using AES-256 algorithms) and asks victims to contact cybercriminals in order to get a special decryption key. During encryption, the virus also assigns the new .bazek extension to each targeted file. To illustrate, a file named 1.pdf will change to 1.pdf.bazek and lose its original icon as well. Depending on what version of Bazek Ransomware attacked the computer, it will either create a text note called README.txt or display a pop-up window with similar decryption instructions.