Virus and Spyware Removal Guides, uninstall instructions

What is youneerdmo[.]top?

Youneerdmo[.]top is a website designed to ask permission to show untrustworthy notifications and promote questionable websites. It is similar to boffero[.]com, rookinews[.]com, news-vocice[.]cc and a great deal of other websites. It is noteworthy that users do not visit them intentionally.

What is Inbank email virus?

One of the most popular ways to deliver malware is to send emails disguised as letters from legitimate companies (or other entities) with malicious attachments or website links. Cybercriminals behind this malspam campaign send emails disguised as letters from Inbank containing a download link for a malicious file designed to install FormBook malware.

What is GameBox?

GameBox is an adware-type application. Software within this classification typically operates by running intrusive advertisement campaigns (displaying various ads) and collecting browsing-related and other sensitive data. However, GameBox may have additional harmful functionalities.

Due to the dubious methods used to distribute adware-type products, they are also deemed to be PUAs (Potentially Unwanted Applications). Common proliferation tactics are bundling with other programs, promotion on deceptive sites, or stealthy installation by intrusive ads.

What is boffero[.]com?

Boffero[.]com is designed to load a fake CAPTCHA test (to trick its visitors into allowing it to show notifications) and promote questionable pages. It is important to mention that users do not visit websites like boffero[.]com on purpose. Usually, these pages get opened via other shady pages, dubious ads, or installed potentially unwanted apps (PUAs).

What is CryptoLocker (Xorist) ransomware?

Belonging to the Xorist ransomware family, CryptoLocker is a malicious program designed to encrypt data and demand payment for the decryption. In other words, this malware renders files unusable and asks victims to pay - to restore access to their data.

During the encryption process, affected files are appended with ".CRYPTOLOCKER" extension. For example, a file like "1.jpg" would appear as "1.jpg.CRYPTOLOCKER". Once this process is complete, identical ransom notes are created/displayed in a pop-up window and "READMETOUNLOCK.txt" text file, which is dropped onto the desktop.

What is Horus Eyes?

Remote Access Trojan is a type of malware used by cybercriminals to gain full access and remote control on a victim's computer. Typically, RATs are used to install additional malware or steal sensitive information. Horus Eyes is the name of an upgraded version of another RAT called SpyBoxRat.

What is Herrco ransomware?

Cybercriminals behind Herrco ransomware target computers owned by commercial businesses (companies). Although, they may target computers owned by separate individuals as well. This ransomware blocks access to files by encrypting them and changes their filenames by appending the ".herrco" extension.

For example, Herrco renames a file named "1.jpg" to "1.jpg.herrco", "2.jpg" to "2.jpg.herrco", and so forth. Also, this ransomware creates the "How to decrypt files.txt" text file - a ransom note that contains instructions on how to contact the attackers and some other information.

What is AdBlock Popup & Ads?

AdBlock Popup & Ads is a rogue browser extension endorsed as an adblocker. It is supposedly capable of blocking pop-ups, advertisements, trackers, and even auto-skipping ads on YouTube videos. Instead, this piece of software runs intrusive advertisement campaigns (i.e., delivers various adverts). Additionally, it has data tracking abilities.

Due to how AdBlock Popup & Ads operates, it is classified as adware. Since most users download/install adware-type products inadvertently, they are also categorized as unwanted applications.

What is Divinity ransomware?

Belonging to the Xorist ransomware family, Divinity is a malicious program designed to encrypt data and demand ransoms for the decryption. In other words, this malware renders files inaccessible and demands that victims pay - to recover access to their data.

During the encryption process, affected files are appended with the ".divinity" extension. For example, a file like "1.jpg" would appear as "1.jpg.divinity", etc. Afterwards, ransom notes are created/displayed in a pop-up window and "HOW TO DECRYPT FILES.txt" text file. Additionally, Divinity ransomware changes the desktop wallpaper.

What is rookinews[.]com?

The main reasons not to visit rookinews[.]com are that this page uses a clickbait technique to trick visitors into agreeing to receive notifications and opens untrustworthy websites. It is very unlikely for rookinews[.]com to be visited intentionally - websites of this type get opened via shady advertisements, pages, or by potentially unwanted applications (PUAs).