Virus and Spyware Removal Guides, uninstall instructions

What is yourwowfeed[.]com?

Yourwowfeed[.]com is one of the untrustworthy websites designed to check the IP address/geolocation and then load deceptive content or open a couple (about two, three) other pages of this kind. It is important to mention that it is uncommon for pages like yourwowfeed[.]com to be visited intentionally.

In most cases, users open them by clicking shady ads, visiting questionable websites. Also, pages like yourwowfeed[.]com can be opened by installed potentially unwanted applications (PUAs).

More examples of websites that are similar to yourwowfeed[.]com are ncurrentlyd[.]biz, oossautsid[.]com, and acancyfopl[.]biz.

What is "E-mail Blacklist scam"?

"E-mail Blacklist scam" refers to a spam campaign - a large-scale operation during which deceptive emails are sent by the thousand. The letters spread through this campaign - claim that recipients' email accounts have been blacklisted.

Allegedly, unless the accounts are updated - they will be permanently suspended. It must be emphasized that these emails are fake and all of the information provided by them is false. The "E-mail Blacklist" scam letters aim to promote a phishing website, which is designed to record email account log-in credentials (i.e., email addresses and passwords) provided to it.

Therefore, by trying to sign in via this site, users can have their email accounts stolen by the scammers behind this spam campaign.

What is Lama ransomware?

Lama is the name of a malicious program, which is part of the VoidCrypt ransomware family. This malware is designed to encrypt data and demand payment for the decryption tools/software.

To elaborate, systems infected with Lama ransomware have the files stored on them rendered inaccessible and unusable. Afterwards, this malicious program creates ransom notes, which ask victims to pay - in order to recover access/use of their data.

During the encryption process, affected files are renamed according to this pattern: original filename, cyber criminals' email address, unique ID assigned to the victims, and ".Lama" extension. For example, a file initially titled "1.jpg" would appear as something similar to "1.jpg.[badlamadec@gmail.com][MJ-KL5067341892].Lama" - following encryption.

Once this process is complete, ransom-demanding messages - "Decrypt-info.txt" - are dropped into compromised folders.

What is Emails Rejected On Admin Server scam?

It is common that scammers use email to trick recipients into giving them their personal information (for example, credit card details, passwords, emails and other login credentials, social security numbers), or transferring money. In order to give their emails legitimacy, they pretend to be legitimate companies, organizations.

Quite often, scammers attempt to trick recipients into opening provided website links and providing sensitive information on the opened websites.

What is Gpay?

Ransomware is a type of malware that encrypts files and generates a ransom note (or multiple ransom notes). It blocks access to data unless a ransom is paid. Gpay encrypts and renames files, it appends the ".gpay" extension to their filenames (e.g., it renames a file named "1.jpg" to "1.jpg.gpay", "2.jpg" to "2.jpg.gpay", and so on).

Gpay's ransom note is a file named "!!!HOW_TO_DECRYPT!!!.mht", victims can find this file in all folders containing encrypted files.

What is the "Air Sea Land" scam email?

"Air Sea Land email virus" refers to a malware-proliferating spam campaign. The term "spam campaign" describes a mass-scale operation during which deceptive/scam emails are sent by the thousand.

The fake "Air Sea Land" letters supposedly concern order payments. This spam mail aims to spread malicious software. Therefore, when recipients open the files attached to these emails - malware download/installation is initiated.

What is SkinnyBoy?

It is known that SkinnyBoy was used in targeted attacks (in spear phishing campaigns targeting military and government institutions). At the current moment this malware is delivered using emails that contain malicious Microsoft Word document.

SkinnyBoy is designed to collect information about the victims and distribute other malicious software. Although, it is unknown what type of malware SkinnyBoy is used to install.

It could be ransomware, a remote access trojan, cryptocurrency miner, or some another malicious software.

What is the "New app(s) have access to your Microsoft Account" scam email?

"New app(s) have access to your Microsoft Account email scam" refers to a spam campaign - a large-scale operation during which thousands of deceptive emails are sent. The letters distributed through this campaign - claim that new applications have connected to recipients' Microsoft accounts.

The scam emails also state these apps have access to users' data. It must be emphasized that these email letters are in no way associated with the Microsoft Corporation. This spam mail aims to promote a phishing website designed to steal account log-in credentials.

What is Your cloud storage was compromised email scam?

Typically, scammers behind sextortion scam emails claim to have compromising images or videos of the recipient and demand payment for not releasing those images or videos. In most cases, scammers claim to have used recipient's webcam to obtain compromising material.

The main purpose of such scams is to trick the recipient into believing that compromising material will be sent to other people (e.g., family, friends, coworkers) or published on the Internet if he or she does not pay the ransom.

What is the ZLO screenlocker?

ZLO is the name of a screen-locking ransomware. It operates by locking operating systems with a full-screen ransom-demanding message. In other words, victims are unable to use their devices until they pay the ransom.

However, at the time of research, the ZLO screenlocker's message could be removed by rebooting/restarting the infected system.