Virus and Spyware Removal Guides, uninstall instructions

What is Assurance Certificates email virus?

When an email letter is used to deliver malware, it contains a malicious attachment or website link. In both cases, the main purpose of such email is to trick its recipients into opening a file designed to install malware on the operating system. This particular email is used to deliver FormBook malware.

What is DataBoost?

DataBoost is a piece of rogue software, which is classified as adware. It also has browser hijacker traits. This app operates by running intrusive advert campaigns and modifying browsers - to promote fake search engines. DataBoost likely has data tracking abilities as well.

Since most users unintentionally download/install adware and browser hijackers, they are categorized as PUAs (Potentially Unwanted Applications). One popular distribution technique is proliferation via fraudulent Adobe Flash Player updates.

What is WebResultsTool?

WebResultsTool is the name of an adware-type application that has qualities of a browser hijacker - it displays advertisements and promotes a fake search engine (its address) by modifying web browser's settings. In order to trick users into installing WebResultsTool, its developers use a fake installer.

What is CLEAN ransomware?

Ransomware is a form of malware used by cybercriminals with the purpose to force victims to pay a ransom so they could access and use their files again. Ransomware encrypts files and displays or creates (or both) a ransom note to provide instructions on how to contact the attackers, purchase a decryption tool, and other details.

CLEAN ransomware belongs to the Dharma family. It renames encrypted files by appending the victim's ID, clean@onionmail.org email address and the ".CLEAN" extension. For example, it renames a file named "1.jpg" to "1.jpg.id-C279F237.[clean@onionmail.org].CLEAN", "2.jpg" to "2.jpg.id-C279F237.[clean@onionmail.org].CLEAN", etc.

What is TypeCharacter?

TypeCharacter is an adware-type application with browser hijacker qualities. It operates by delivering intrusive advertisement campaigns and promoting fake search engines through alterations to browser settings. Additionally, TypeCharacter likely has data tracking abilities.

Due to the dubious methods used to distribute adware and browser hijackers, they are also categorized as PUAs (Potentially Unwanted Applications). TypeCharacter has been observed being spread via fake Adobe Flash Player updates. It is worth noting that fraudulent updaters may proliferate malware (e.g., trojans, ransomware, etc.).

What is LeadingChannelSearch adware?

LeadingChannelSearch is a potentially unwanted application (PUA) designed to display advertisements and force users to use a fake search engine by modifying a web browser's settings. This PUA functions as a browser hijacker and adware. It is known that LeadingChannelSearch is distributed using a fake installer.

What is "Email Cloud scam"?

"Email Cloud scam" refers to a spam campaign - a mass-scale operation during which thousands of deceptive emails are sent. The letters distributed through this campaign - make false claims that several confidential files have been sent to the recipients' cloud storage, and unless they are retrieved - they will be deleted.

It must be emphasized that all of the information provided by the "Email Cloud" letters - is false. The aim of this spam campaign is to trick users into entering their log-in credentials (i.e., usernames/passwords) into a phishing website. With this data in their possession, scammers can steal the corresponding accounts and potentially others as well.

What is nearbyme.io?

Nearbyme.io is the address (URL) of a fake search engine. Web searching tools are considered illegitimate as they cannot generate search results and record browsing information.

Fake search engines are typically promoted by PUAs (Potentially Unwanted Applications), which are classified as browser hijackers.

This software promotes (i.e., cause redirects to) illegitimate search engines by making modifications to browser settings. Furthermore, most browser hijackers have data tracking abilities.

What is Keversen ransomware?

Keversen ransomware is a type of malware that encrypts files and demands a ransom payment in order to restore access. Also, it renames encrypted files by appending the ".keversen" extension (for example, it renames a file named "1.jpg" to "1.jpg.keversen", "2.jpg" to "2.jpg.keversen") and creates the "!=READMY=!.txt" file (a ransom note).

What is Infa ransomware?

Infa is a piece of malicious software classified as ransomware. It operates by encrypting data for the purpose of making ransom demands for the decryption. In simple terms, Infa ransomware renders files inaccessible and demands victims pay - to restore access to their data.

During the encryption process, affected files are appended with the ".infa" extension. For example, a file initially named something like "1.jpg" would appear as "1.jpg.infa", "2.jpg" as "2.jpg.infa", "3.jpg" as "3.jpg.infa", etc. After this process is finished, a ransom note - "readnow.txt" - is dropped onto the desktop.