Virus and Spyware Removal Guides, uninstall instructions

What is the news-howaci[.]cc website?

News-howaci[.]cc is a rogue webpage, which operates by presenting visitors with dubious content and/or redirecting them to other untrustworthy and possibly malicious sites. Users seldom access news-howaci[.]cc and similar websites intentionally; most get redirected to them by intrusive advertisements or installed PUAs (Potentially Unwanted Applications).

This software can infiltrate systems without user consent. PUAs can have heinous abilities, including - causing redirects, running intrusive advertisement campaigns, and collecting information relating to browsing activity.

There are thousands of rogue sites on the Web; special-message.online, wouldreallyl.biz, success-news.net, and ooddeco.online are but a few examples.

What is special-message[.]online?

Special-message[.]online is pretty similar to wouldreallyl[.]biz, success-news[.]net, ooddeco[.]online, and many other pages designed to load deceptive content and open untrustworthy websites. It is worth mentioning that their behavior depends on the IP address of their visitors.

In one way or another, special-message[.]online and other pages of this type cannot be trusted. In most cases, they get opened via dubious ads or websites and potentially unwanted applications (PUAs) installed on browsers, computers - users do not visit them intentionally.

What is the SLAM ransomware?

SLAM is the name of a ransomware-type program. It is designed to encrypt data (lock files) and demand payment for the decryption (access recovery). During the encryption process, files are appended with the ".SLAM" extension.

For example, a file initially titled something like "1.jpg" would appear as "1.jpg.SLAM", "2.jpg" as "2.jpg.SLAM", "3.jpg" as "3.jpg.SLAM", and so on. After this process is complete, SLAM ransomware displays a multilingual ransom note in a pop-up window.

What is Quick WordCount?

Quick WordCount is advertised as a browser extension that counts the number of paragraphs, words, and characters in a text. Although it is known that this app hijacks browsers by changing their settings - Quick WordCount changes certain settings to fxsmash.xyz, an address of a fake search engine.

Usually, browser hijackers promote fake search engines and collect browsing data. It is common for apps of this type to be downloaded and installed unintentionally. For this reason, they are also known as potentially unwanted applications (PUAs).

What is the fake "Santander" email?

"Santander email virus" is the name of a malware-proliferating spam campaign. The term "spam campaign" defines a mass-scale operation during which deceptive emails are sent by the thousand.

The scam emails distributed through this campaign are disguised as letters from the Italian branch of the Banco Santander multinational financial services company. It must be emphasized that these emails are fake and in no way associated with the genuine Santander Group.

The aim of this spam mail is to trick recipients into opening the virulent files attached to the letters. Once opened, the attachment triggers download/installation of the LokiBot trojan.

What is wouldreallyl[.]biz?

Wouldreallyl[.]biz is designed to promote questionable websites or load deceptive content - it checks the geolocation of its visitors and then does one or the other. There is a great number of websites like wouldreallyl[.]biz. Some examples are ooddeco[.]online, stoachaigog[.]com, and onutil[.]com.

In most cases, they get visited unintentionally - users end up on them through other untrustworthy websites, deceptive advertisements, or when potentially unwanted applications (PUAs) installed on browsers or computers open them. It is worth mentioning that PUAs can be monetized by designing them to generate advertisements and collect various data.

What is success-news[.]net?

Success-news[.]net is a rogue website sharing many similarities with ooddeco.online, stoachaigog.com, onutil.com, and thousands of others. This page is designed to load questionable content and/or redirect visitors to different unreliable and malicious sites.

Users rarely intentionally enter websites of this type. Most access these webpages via redirects caused by intrusive advertisements or installed PUAs (Potentially Unwanted Applications).

This software can infiltrate systems without explicit user consent. PUAs are designed to force-open sites, run intrusive advert campaigns, and collect browsing-related data.

What is ChupaCabra?

Ransomware is a form of malware that blocks access to data by encrypting it and generates a ransom demanding message. ChupaCabra is the name of ransomware that encrypts files and creates a text file named "HowToDecrypt.txt" (and displays a pop-up window) as its ransom note.

Also, ChupaCabra appends its extension to the filenames of all encrypted files. For example, it renames a file named "1.jpg" to "1.jpg.ChupaCabra", "2.jpg" to "2.jpg.ChupaCabra", and so on.

As a rule, malware of this type encrypts files using strong cryptography. Therefore, victims cannot regain access to their files without the right decryption tool.

What is Dark Mode?

Dark Mode is a rogue browser extension classified as a browser hijacker. As its name implies, this extension is endorsed as a tool capable of enabling dark mode for browsing.

Typically, browser hijackers make alterations to browser settings - in order to promote fake search engines. However, Dark Mode does not consistently modify browsers when promoting its illegitimate search engine (mktsrc.com).

This piece of software also spies on users' browsing habits. Since most users download/install browser hijackers unintentionally, they are categorized as PUAs (Potentially Unwanted Applications).

What is ooddeco[.]online?

Ooddeco[.]online loads deceptive content or opens questionable websites - it depends on its visitor's Internet Protocol address/geolocation. It is similar to stoachaigog[.]com, beastclick[.]biz, ackbrdown[.]biz, and many other websites.

Typically, pages like ooddeco[.]online are promoted through various untrustworthy advertisements or websites and potentially unwanted applications (PUAs). Typically, users do not visit them (or install PUAs) intentionally.

It is noteworthy that PUAs tend to be designed to collect data related to browsing habits and (or) display advertisements as well.