Virus and Spyware Removal Guides, uninstall instructions

What is your device was compromised email scam?

Typically, scammers behind sextortion email scams threaten to share embarrassing images or a video about the recipients. The main purpose of these scams is to trick recipients into believing that such images or a video exist and paying scammers money for not releasing the compromising material.

What is Lorenz ransomware?

Lorenz is a new variant of the Sz40 ransomware. It is designed to encrypt data and demand ransoms for the decryption. In other words, Lorenz renders affected files inaccessible and asks victims to pay - to recover access to their data.

During the encryption process, files are appended with the ".Lorenz.sz40" extension. For example, a file initially titled "1.jpg" would appear as "1.jpg.Lorenz.sz40", "2.jpg" as "2.jpg.Lorenz.sz40", and so forth.

After the encryption process is complete, a ransom note with the filename "HELP_SECURITY_EVENT.html" is created.

At the time of research, Lorenz ransomware had a bug (flaw), which would corrupt certain files. This corruption occurred due to a portion of the encrypted file being deleted. Hence, full recovery of these files is not possible even with the cyber criminals' involvement.

However, there is a free decryption tool capable of restoring Lorenz-encrypted (but non-corrupted) files. This decryptor supports Microsoft Office and PDF documents, as well as some image and video format files. The decryption software was developed by Tesorion; it can be downloaded via the NoMoreRansom initiative - free of charge.

What is SearchConsole adware?

SearchConsole is the name of an application that generates advertisements, changes affected web browser's settings, and possibly collects information about its users. This app has a functionality of an adware-type app and a browser hijacker.

What is Apple cloud Subscription email scam?

Typically, scammers behind phishing emails pretend to be legitimate companies, organizations to trick recipients into providing personal information (for example, login credentials, credit card details, social security numbers). This phishing email is disguised as a letter from Apple (App Store team) regarding iCloud subscription.

What is GameSearchly?

GameSearchly is a piece of rogue software categorized as a browser hijacker. It operates by making modifications to browser settings in order to promote (i.e., cause redirects) to the gamesearchly.com fake search engine.

Furthermore, GameSearchly likely has data tracking abilities to spy on users browsing activity - since that is typical of browser hijackers.

Most users download/install browser hijackers unintentionally, and due to this - they are also classified as PUAs (Potentially Unwanted Applications).

What is stream-your-vids[.]com?

Stream-your-vids[.]com a website that checks visitor's geolocation and then loads deceptive content or opens a couple of untrustworthy websites. There are hundreds of websites similar to stream-your-vids[.]com, for example, play-new-vids[.]com, retressive[.]website, and byluxrayor[.]com.

What is scleriends[.]website?

Scleriends[.]website is a rogue page designed to load dubious content and/or redirect visitors to other untrustworthy or possibly dangerous sites. There are thousands of rogue webpages on the Internet; play-new-vids.com, retressive.website, byluxrayor.com - are but a few examples.

Users seldom access such websites intentionally. Most get redirected to them by unreliable sites, intrusive ads, or installed PUAs (Potentially Unwanted Applications).

This software can infiltrate systems without user permission. PUAs operate by force-opening sites, running intrusive advertisement campaigns, and collecting browsing-related data.

What is "Oxford Dictionary"?

"Oxford Dictionary" is a rogue browser extension promoted as an easy access tool to the online version of the Oxford dictionary. However, it operates as adware.

In other words, this piece of software delivers various intrusive advertisements. Additionally, this "Oxford Dictionary" extension has data tracking abilities that are employed to spy on users' browsing habits.

Due to the dubious methods used to distribute adware-type products, they are also classified as PUAs (Potentially Unwanted Applications).

What is F1 ransomware?

F1 is a ransomware belonging to the NEFILIM malware family. Systems infected with this malicious software experience data encryption and receive ransom demands for the decryption tools. In other words, F1 malware operates by locking victims' files in order to demand payment for access/use recovery.

During the encryption process, affected files are appended with the ".f1" extension. To elaborate, a file initially titled "1.jpg" would appear as "1.jpg.f1", "2.jpg" as "2.jpg.f1", "3.jpg" as "3.jpg.f1", and so on.

Once the encryption process is complete, ransom notes - "f1-HELP.txt" - are dropped into compromised folders.

What is URGENT INFORMATION ON COVID-19 VACCINATION email virus?

One of the most commonly used ways to deliver malware is to send emails with malicious links or files (attachments) in them. Cybercriminals behind this particular email attempt to trick users into downloading and opening a malicious document designed to install RustyBuer.