Virus and Spyware Removal Guides, uninstall instructions

What is the "(10) Viruses were detected on your iPhone" fake alert?

"(10) Viruses were detected on your iPhone" is a scam promoted on various deceptive webpages. As evidenced by its name, this scheme primarily targets iPhone users (however, it might be accessed using other Apple devices as well).

The scam claims that threats were found on the users' mobile devices, and the viruses have damaged them. It must be emphasized that no website can detect threats/issues present on the visitors' devices.

The goal of such schemes is to promote untrustworthy software that is supposedly capable of removing the fake malware infections. Typically, the scams endorse fake anti-viruses, adware, browser hijackers, and other shady apps.

These schemes may even proliferate malware (e.g., trojans, ransomware, cryptocurrency miners, etc.). Few users access scam sites intentionally; most enter them via mistyped URLs, redirects caused by intrusive ads, or force-opened by installed unwanted apps.

What is the video-notification[.]digital site?

Sharing common traits with ngthatwe.fun, ndmeeting.fun, dollarsurvey365.online, and thousands of others, video-notification[.]digital is a rogue website. It is designed to redirect visitors to other untrustworthy/malicious pages and/or present them with questionable material.

Users rarely access such sites intentionally. Most get redirected to rogue webpages by intrusive ads or installed PUAs (Potentially Unwanted Applications).

These apps do not require express user consent to infiltrate devices. PUAs operate by causing redirects, delivering intrusive advertisement campaigns, and gathering browsing-related information.

What is ngthatwe[.]fun?

It is uncommon for websites like ngthatwe[.]fun to be visited by users intentionally. Usually, these pages are promoted through various untrustworthy websites, advertisements, or potentially unwanted applications (PUAs) that most users download and install inadvertently.

A couple of examples of pages like ngthatwe[.]fun are ndmeeting[.]fun, rdsb21[.]club, and bengekoo[.]com. Typically, these pages display questionable content and open other untrustworthy sites.

What is CRaccoon?

CRaccoon is a piece of software endorsed as a tool for cleaning operating systems. According to its promotional material, among its listed features are deletion of browsing cookies and temporary and download files.

Due to the dubious methods used to promote this app, it is considered to be a PUA (Potentially Unwanted Application). Software within this classification may have unmentioned abilities and/or be distributed alongside harmful programs.

What kind of scam is "Your System Is Infected With 3 Viruses!"?

"Your System Is Infected With 3 Viruses!" is a fake alert stating that a Mac computer is infected with some viruses. This (and other) fake messages are often displayed on untrustworthy, deceptive websites that trick people into purchasing software or services.

People do not generally visit these websites intentionally - they are redirected to them by unwanted apps. These are installed inadvertently without users' knowledge. Furthermore, once installed, these apps feed users with intrusive advertisements and gather data relating to browsing habits.

What are Frlock, Grlock, Itlock, Czlock, and Zalock?

Belonging to the MedusaLocker ransomware family, Frlock, Grlock, Itlock, Czlock, and Zalock are malicious programs, named after the extensions they add to the files they encrypt. These ransomwares operate by encrypting the data stored on infected systems - in order to demand payment for the decryption.

In other words, they render files inaccessible/useless and request victims to pay - to recover the access/use. During the encryption process, affected files are appended with the ".frlock", ".grlock", ".itlock", ".czlock", or ".zalock" extensions - depending on the ransomware variant.

For example, a file initially titled something like "1.jpg" would appear as "1.jpg.frlock", "1.jpg.grlock", "1.jpg.itlock", "1.jpg.czlock", or "1.jpg.zalock".

After the encryption is complete, ransom notes - "Recovery_Instructions.html" - are dropped into compromised folders. All of the ransomware variants create identical notes.

What is ndmeeting[.]fun?

There is a great number of pages like ndmeeting[.]fun on the Internet. Some examples are dollarsurvey365[.]online, rdsb21[.]club, and bengekoo[.]com.

Usually, the content on these pages is not trustworthy, often deceptive, and they are used to promote other questionable websites. It is important to mention that users do not visit sites like ndmeeting[.]fun intentionally.

Typically, they are promoted through shady advertisements, other unreliable websites, or potentially unwanted applications (PUAs) that most users download and install unknowingly.

What is "Your iPhone was hacked after visiting an Adult website"?

There are various ways to trick users into downloading and installing potentially unwanted applications (PUAs). One of them is design websites to display a fake virus notification (or multiple notifications) claiming that a device is infected with a virus (or a number of viruses) and encouraging to remove it with a certain PUA.

It is important to mention that users do not visit websites showing fake virus, error notifications intentionally. In most cases, these pages get opened after clicking on some dubious ads, visiting other pages of this kind. Also, they can be opened by some PUA that is already installed on the operating system or a browser.

What is "Shopper Survey"?

"Shopper Survey scam" refers to a scheme run on various untrustworthy websites. The scam states that users can claim a prize by completing a short survey.

By offering fake rewards, such schemes aim to promote other deceptive and possibly malicious sites. Therefore, by trusting scams like "Shopper Survey", users can experience a variety of severe issues.

Typically, scam pages are accessed via mistyped URLs, redirects caused by intrusive ads, or force-opened by installed PUAs (Potentially Unwanted Applications). It is noteworthy that the "Shopper Survey" scam has been promoted through spam campaigns - mass-scale operations during which deceptive emails are sent by the thousand.

The subject of these letters is "Claim your Amazon gift card now", but both the title and the text presented in the emails - may vary.

What is the partmentha[.]fun site?

Partmentha[.]fun is a rogue website designed to present visitors with dubious material and/or redirect them to other unreliable/malicious pages. The Internet is rife with such untrustworthy sites; dollarsurvey365.online, rdsb21.club, bengekoo.com - are just a few examples.

Users tend to access partmentha[.]fun and webpages akin to it unintentionally. Most get redirected to them by intrusive adverts or installed PUAs (Potentially Unwanted Applications).

These apps do not need explicit user consent to infiltrate systems. PUAs operate by force-opening websites, running intrusive advertisement campaigns, and gathering browsing-related data.