Virus and Spyware Removal Guides, uninstall instructions

What is Lightening Media Player?

As its name suggests, Lightening Media Player is supposedly a media player, however, this program is distributed by including it into the installation set-ups of other software. Typically, people download and install these programs unintentionally.

For this reason, Lightening Media Player is categorized as a potentially unwanted application (PUA). This program might also function as adware, feeding users with intrusive ads.

What is the Ratty RAT?

Ratty is a malicious program categorized as a Remote Access Tool (RAT). When used for malicious purposes, RATS are referred to as Remote Access Trojans.

Ratty malware is an open source Java RAT. This Trojan was made available on the GitHub software development platform and was strongly endorsed on HackForums.

Sometime in 2016/2017, Ratty's original uploader deleted their repository, however, several clones (potentially, other variants) of Ratty still exist. Remote access Trojans allow remote access and control over infected devices.

These malicious programs can have a broad range of functionalities that enable likewise varied misuse. RATs are highly dangerous and, as such, all infections must be eliminated immediately.

What is CALVO?

Ransomware is a type of malicious software that encrypts files (and renames them) and generates a ransom note. Typically, a ransom note generated by ransomware informs victims that they cannot access their files without the right decryption tool and provides further instructions.

CALVO encrypts files and appends the victim's ID, the seamoon@criptext.com email address, and ".CALVO" extension to their filenames. For example, it renames a file named "1.jpg" to "1.jpg.id[C279F237-3143].[seamoon@criptext.com].CALVO", "2.jpg" to "2.jpg.id[C279F237-3143].[seamoon@criptext.com].CALVO", and so on.

It generates two ransom notes: "info.hta" and "info.txt". CALVO is part of the Phobos ransomware family.

What is Fortnite Free Vbucks Codes Generator?

Fortnite Free Vbucks Codes Generator is an adware-type browser extension. As its name implies, this piece of software promises to generate V-Bucks - the in-game currency used in the Fortnite video game.

However, instead of delivering on these promises, this extension runs intrusive advertisement campaigns. Additionally, most adwares have data tracking abilities, which are used to spy on users' browsing activity.

Hence, it is highly likely that the Fortnite Free Vbucks Codes Generator has this functionality as well. Due to the questionable techniques used to distribute adware-types, they are also categorized as PUAs (Potentially Unwanted Applications).

What is the fake Avg Antivirus extension?

The fake Avg Antivirus extension is a piece of rogue software that is presented as a product of AVG AntiVirus, supposedly designed to protect browsers from various threats. This browser extension is fake and unable to perform the promised functionalities.

Additionally, it collects browsing-related information. This illegitimate software may also operate as adware, i.e., run intrusive advertisement campaigns.

Furthermore, content like the fake Avg Antivirus is often distributed alongside other unwanted applications. Hence, with this browser extension installed, it is likely that additional adware, browser hijackers, or other harmful software has infiltrated the system.

What kind of scam is Ethereum Giveaway?

The main purpose of crypto giveaway scams is to convince unsuspecting people to send cryptocurrency to scammers. Usually, scammers attempt to trick people into believing that they can receive twice as much cryptocurrency as they would send to them.

This particular giveaway scam is used to trick people into transferring Ethereum (ETH) cryptocurrency to the provided wallet. It is noteworthy that it is common for such scams to be promoted via YouTube, Twitter, and other platforms.

They can be promoted through deceptive advertisements and unwanted applications as well.

What is ribngh[.]com?

Ribngh[.]com is an untrustworthy website designed to load dubious content and/or redirect visitors to other unreliable and possibly malicious pages. Sites of this kind are usually accessed via redirects caused by intrusive adverts or installed PUAs (Potentially Unwanted Applications).

This software does not need explicit user consent to infiltrate devices. PUAs operate by force-opening websites, running intrusive advertisement campaigns, and gathering browsing-related information.

The Internet is rife with rogue sites; wholecommonposts.com, goalmedia, nipwaghue.com, and ntformetog.fun - are just some examples of ones similar to ribngh[.]com.

What is wholecommonposts[.]com?

Sharing similarities with nipwaghue.com, allyimporta.fun, besty-deals.com, n02.biz, and many others, wholecommonposts[.]com is a rogue website. This page is designed to present visitors with questionable content and/or redirect them to untrustworthy/malicious sites.

Users rarely enter such webpages intentionally; most get redirected to them by intrusive ads or PUAs (Potentially Unwanted Applications) already installed onto their devices.

These apps do not require express user permission to infiltrate systems. PUAs operate by causing redirects, delivering intrusive advert campaigns, and gathering information relating to browsing activity.

What is LaunchEntry?

Typically, users install applications like LaunchEntry unintentionally. For this reason, this and other apps of this kind are called potentially unwanted applications (PUAs).

Research shows that to trick users into installing LaunchEntry its developers use a fake installer that looks like the installer for Adobe Flash Player. LaunchEntry is a PUA that functions as adware and a browser hijacker - it displays advertisements and changes browser settings to promote a fake search engine (its address).

It is possible that it collects information about its users as well. Either way, it is strongly recommended not to download and install this application.

What is the "OCEANIC PROJECTS" scam email?

"OCEANIC PROJECTS email virus" refers to a malware-proliferating spam campaign. The term "spam campaign" defines a mass-scale operation during which deceptive/scam emails are sent by the thousand.

The letters distributed through this campaign claim that they have a purchase order attached to them. Additionally, the emails request recipients to send an invoice containing the necessary banking information.

It must be emphasized that all of the claims made by the "OCEANIC PROJECTS" scam letters - are false. When the file attached to these emails is opened - it triggers download installation of the Agent Tesla RAT (Remote Access Trojan).