Tim Kas

Tim Kas

Computer security specialist. I try to do my best and share my knowledge with you by creating simple-to-follow and useful guides on various topics about computer security.
  • Joined: April 9, 2012
  • Articles: 7498
  • Comments: 49

How to uninstall (remove) Mojotab.com

Mojotab.com is a fake search page that comes to the PC without user consent. This browser hijacker is not a virus, but it brings many problems. According to developers, Mojotab.com designed to help the user to improve search efficiency, enhance the experience of browsing, eliminate irrelevant search results, and more.

How to remove Nemesis Ransomware and decrypt .nemesis, .63vc4, .t5019 files

Nemesis Ransomware is a successor of CryptON Ransomware and is very likely developed and distributed by the same team of hackers. Files are encrypted using mix of RSA, AES-256 and SHA-256 or SHA-512 encryption algorithm. Other version of Nemesis Ransomware are known under the names Cry9, Cry128, Cry36, X3M. Newer version add randomly generated extensions. After encryption ransomware creates file ### DECRYPT MY FILES ###.html with instructions to pay the ransom.

How to remove CryptON Ransomware and decrypt _x3m, _locked, _r9oj, _crypt files

CryptON Ransomware is crypto-virus, that gave birth to large family of ransomware encryption viruses like Nemesis, X3M, Cry9, Cry128, Cry36. This particular ransomware appends _crypt extension to filenames and saves original extension. So after encryption user file sample.txt will become sample_crypt.txt. After successful encryption CryptOn Ransomware creates readme_encrypted.txt file. There are several decryption tools released from companies like Emsisoft, Avast, Eset and we will give you instructions to use them below. Learn how to remove CryptON ransomware and decrypt _crypt files using guide on this page.

How to remove Blind Ransomware and decrypt .blind and .kill files

Blind Ransomware is cryptoviral extortion, that uses RSA and AES algorithms to encrypt user data. This particular ransomware appends .blind and .kill suffixes to compromised files. It also adds developers e-mail to the filenames: blind@cock.li or kill@rape.lol. Usually, malware attacks files, that represent value for the user - documents, presentations, photos, video, music. After finishing encoding files, Blind Ransomware creates following file: How_Decrypt_Files.hta.

How to remove Paradise Ransomware and decrypt .paradise files

Paradise Ransomware is crypto-virus distributed as RaaS (Ransomware-as-Service). That means it is simplified ransomware development kit, that allows potential hackers and malware distributors to substitute their e-mails and BitCoin wallets and receive ransom payments from infected users. Virus appends .paradise file extension and modifies filename with affiliate identification number and e-mail, so the final pattern looks like this: id-affiliate-id-[affiliate-e-mail].paradise. Malware uses RSA-1024 cryptography. Ransomware creates 3 text files: Files.txt, Failed.txt, and #DECRYPT MY FILES#.txt. First two are the lists of successfully encrypted files and files, that failed to be encrypted.