malwarebytes banner


How to remove 39 viruses were found pop-up (Windows/Mac/Android/iOS)

If you witness 39 viruses were found window after booting the browser, then this is because your computer is being disrupted by adware or other viruses. The "39 viruses were found" pop-up has been spotted targetting all Apple products such as Mac, iPhone, iPad, however, it also appears on Windows and Android devices. The virus can affect Google Chrome, Safari, Mozilla Firefox or Edge browsers. The intrusive tab claims that your computer is infected with 39 viruses and needs urgent recovery. Unlike other similar scammers, the pop-up tries to intimidate inexperienced users by saying that you should delete the found threats within 2 minutes, otherwise, they will obliterate all of the files stored on your PC. In fact, the pop-up imitates huge troubles meaning that your device might be completely secure and virus-free. Depending on what device was infected, the message may also vary individually. Such messages are basically meant to convince users that their pcs are damaged therefore forcing into spending money on fake anti-malware tools that will ostensibly solve the detected issues.

How to remove Nile Ransomware and decrypt .nile files

New wave of STOP Ransomware infection continues with Nile Ransomware, that appends .nile extensions. Those extensions are added to encrypted files in the middle of August of 2019. This tricky virus uses the AES encryption algorithm to encode the user's important information. As a rule, Nile Ransomware attacks photos, videos, and documents - data, that people value. The malware developers extort ransom and promise to provide a decryption key in return. In the ransom note, we can see, that malefactors demand $980 (amount can be reduced if paid within the first 72 hours). Hackers offer victims to contact them via e-mails: and In most cases algorithms of Nile Ransomware are unbreakable. But virus code has its flaws. Particularly, if attacked PC lost internet connection during ransomware activity or hackers servers experienced some sort of malfunction, there are high chances to recover your files. In this case, Nile Ransomware generates an offline key, that can be retrieved by special decryption tool - STOPDecrypter.

How to remove CONTI Ransomware and decrypt .CONTI files

CONTI is a ransomware-type virus that encrypts user's data and keeps it locked until the ransom is paid. Some security experts indicate, that it can be a successor or Ryuk Ransomware. Whilst the encryption is being made, all files including photos, videos, documents, and other regular data will be altered with the new .CONTI extension. This means that the affected files will look like 1.mp4.CONTI or similarly depending on the original name. After this, successful encryption is followed up with a text file (CONTI_README.txt) that is dropped on the desktop of victims. For the moment, it is almost unreal to decrypt your files for free with the help of additional tools. If possible, you can restore your data from backup storage that was created before the infection. Either way, we recommend you to get rid of CONTI Ransomware to prevent further encryptions.

How to remove WastedLocker Ransomware and decrypt .***wasted files

WastedLocker is a file-encrypting malware categorized as ransomware. Programs within this category block access to stored data and require paying a fee to get decryption tools. When ransomware gets settled on your system, all files (videos, images, documents, text files, etc.) will be updated with new extensions. There is a range of extensions used by WastedLocker to highlight encrypted files. Most basic variants include 3 random letters alongside .***wasted extension at the end. For example, files affected by WastedLocker might get a new look of 1.mp4.bbawasted, 1.mp4.rlhwasted or similar. After this, unlike other ransomware that use one common note to explain ransom details, WastedLocker creates separate notes for each infected file. The best thing you can do safe and definite is to get rid of WastedLocker and try to recover data from external backups, if possible. Follow our guide below to find out how.

How to remove Kook Ransomware and decrypt .kook files

If your files became unavailable, got weird icons and got kook extension, that means your computer got hit by Kook Ransomware (also known as STOP Ransomware or Djvu Ransomware). This is an extremely dangerous and harmful encryption virus, that encodes data on victim's computers and extorts ransom equivalent of $490/$960 in cryptocurrency to be paid on an anonymous electronic wallet. If you didn't have backups before the infection, there are only a few ways to return your files with a low probability of success. However, they are worth trying and we describe them all in the following article. In the text box below, you can get acquainted with the contents of _readme.txt file, which is called "ransom note" among security specialists and serves as one of the symptoms of the infection.

How to remove Erif Ransomware and decrypt .erif files

Erif Ransomware, being a part of STOP Ransomware is a critical virus, endangering user's personal files. It belongs to the family of file-encrypting malware, that uses the AES (Salsa20) algorithm and unbreakable key. This virus is, sometimes, called DJVU Ransomware, after the word used as an extension in the first versions (.djvu). The variant of the threat, that we describe today, modifies files with .erif extension. Files are encrypted with a secure key and there are quite small chances to decrypt them completely. However, certain manual methods and automatic tools, described in this article can assist you to successfully decrypt some data.