Virus and Spyware Removal Guides, uninstall instructions

What is Checkup?

It is known that websites with the "checkup" and a number in their domain name (for example, checkup006[.]biz, checkup06[.]biz, checkup07[.]biz, checkup08[.]biz, checkup09[.]biz) are untrustworthy pages that promote other pages of this kind and use deceptive methods to trick visitors into allowing them to show notifications. Usually, users open them by clicking shady advertisements, visiting unreliable pages. It is also common that browsers open websites of this kind when they have a potentially unwanted application (PUA) installed on them.

What is 0xxx?

0xxx is a ransomware-type program. It operates by encrypting data (rendering files inaccessible) to demand payment for the decryption (access recovery). During the encryption process, files are appended with the ".0xxx" extension. For example, a file initially titled "1.jpg" would appear as "1.jpg.0xxx", "2.jpg" as "2.jpg.0xxx", and so forth.

Once this process is complete, ransom-demanding messages - "!0XXX_DECRYPTION_README.TXT" - are dropped into compromised folders.

What is Apis ransomware?

Ransomware is a type of malicious software that blocks access to files by encrypting them. Usually, it renames encrypted files (changes their extension) and generates a ransom note as well. Apis renames files by appending the ".apis" extension to their filenames. For example, it changes the filename of a file named "1.jpg" to "1.jpg.apis", "2.jpg" to "2.jpg.apis", and so on. Apis creates its ransom note (the "read_apis.txt" file) in all folders containing affected/encrypted files.

What is SuperMovieSearch browser hijacker?

SuperMovieSearch is a potentially unwanted application (PUA) that hijacks a browser by forcing it to open a specific address on certain occasions. In other words, SuperMovieSearch is a browser hijacker that changes a browser's settings to promote the supermoviesearch.com address - a fake search engine. It is called a PUA because users rarely download and install browser hijackers intentionally. It is worth mentioning that apps of this type often are designed to collect data about their users.

What is the fake "Verify Microsoft Account" email?

"Verify Microsoft Account" refers to an email spam campaign. These emails are disguised as notifications from Microsoft Corporation, concerning a necessary Microsoft account verification.

It must be emphasized that these scam letters are in no way associated with the actual Microsoft Corporation. The purpose of said fake notifications is to extract users' Microsoft account log-in credentials (i.e. usernames and passwords) through a phishing website.

What is GoToMovieSearch?

GoToMovieSearch is a piece of rogue software categorized as a browser hijacker. It operates by promoting the gotomoviesearch.com illegitimate search engine. Furthermore, most browser hijackers spy on users' browsing activity; hence, GoToMovieSearch likely does as well. Since most users download/install browser hijackers inadvertently, they are also classified as PUAs (Potentially Unwanted Applications).

What is news-rewuje[.]cc?

There are hundreds of pages like news-rewuje[.]cc on the Internet. Some examples are flashymass[.]com, profitsurvey365[.]online, and ndconsiderat[.]biz. As a rule, these pages are designed to open other questionable sites or load dubious content (it depends on the geolocation of their visitors). In one way or another, these pages are not trustworthy and should not be visited.

What is nomore-spam[.]com?

Nomore-spam[.]com is the address of a rogue website, which shares common traits with news-joruca.cc, flashymass.com, chicheet.com, and countless others. This page operates by loading questionable content and/or redirecting its visitors to different untrustworthy and malicious sites.

Users rarely access such websites intentionally; most get redirected to them by intrusive ads or installed PUAs (Potentially Unwanted Applications). These apps can be installed onto systems without express user permission. PUAs can have heinous functionalities, including - causing redirects, running intrusive advertisement campaigns, and collecting information relating to browsing activity.

What is Klingon RAT?

A Remote Access Trojan (RAT) is a type of malware that allows cybercriminals to access and control infected computers over the Internet. As a rule, RATs are used for financial gain, for example, to credit car details or other steal sensitive information.

Klingon is the name of a RAT written in Go programming language. Cybercriminals behind it control infected machines through a Command and Control (C2) server that uses Transport Layer Security (TLS) protocol.

What is PDFConverterSearchOnline?

PDFConverterSearchOnline is a browser hijacker. This piece of software alters browser settings to promote (i.e., cause redirects to) the pdfconvertersearchonline.com fake search engine. Additionally, PDFConverterSearchOnline spies on users' browsing habits. Due to the dubious methods employed to distribute browser hijackers, they are also classified as PUAs (Potentially Unwanted Applications).