Virus and Spyware Removal Guides, uninstall instructions

What is Artemis (Optimus) ransomware?

Artemis (Optimus) is a malicious program classified as ransomware. Systems infected with this malware have their data encrypted and users receive ransom demands for decryption. I.e., the files affected by this ransomware are rendered inaccessible, and victims are asked to pay to recover access.

During the encryption process, files are renamed following this pattern: original filename, unique ID assigned to the victims, cyber criminals' email address, and the ".optimus" extension. For example, a file initially named "1.jpg" would appear as something similar to "1.jpg.id[C279F237].[Opener@tutamail.com].optimus" after encryption.

Once this process is complete, ransom messages within "ReadMe-[victim's_ID].txt" files are dropped into compromised folders.

What is Project Plague?

Project Plague is malware that adds infected computers to a botnet and installs a cryptocurrency miner onto them. Cyber criminals control Project Plague through a website used as the Command and Control server.

The more computers in the botnet, the more resources cyber criminals have at their disposal to perform their activities and generate revenue.

What is the security-protect[.]systems website?

security-protect[.]systems is a deceptive site, which runs various scams. At the time of research, this page promoted two schemes: one claiming that the user's iPhone has been infected; the other that cyber criminals have hacked the device and are monitoring them.

The goal of these scams is to endorse untrusted and malicious software. Typically, they proliferate fake anti-viruses, adware, browser hijackers, and other Potentially Unwanted Applications (PUAs). They can even spread malware (e.g., trojans, ransomware, etc.).

Most users access websites like security-protect[.]systems unintentionally via mistyped URLs, or redirects caused by intrusive advertisements or installed PUAs.

What is Bqd2?

Bqd2 is a ransomware variant that encrypts files (blocking access to them), displays a pop-up window with contact details, and creates the "FILES ENCRYPTED.txt" file (another ransom message).

It also renames files by appending the victim's ID, badhach@aol.com email address, and ".bqd2" extension to their filenames. For example, "1.jpg" is also renamed to "1.jpg.id-C279F237.[badhach@aol.com].bqd2", "2.jpg" to "2.jpg.id-C279F237.[badhach@aol.com].bqd2", and so on.

This ransomware variant is part of the Dharma ransomware family.

What is "Your System Detected Some Unusual Activity"?

There are many fake error messages that are displayed when users visit deceptive/untrustworthy websites. These include "Your System Detected Some Unusual Activity", a fake virus alert message that is displayed in text format and also plays an audio message.

Typically, people arrive at these deceptive websites unintentionally - they are redirected by unwanted applications. These apps infiltrate systems without users' direct permission, deliver intrusive ads, and record browsing-related information.

What is DominantCommand?

DominantCommand generates ads and promotes a fake search engine by modifying browser settings. Therefore, this app is classified as adware and a browser hijacker. Note that apps like DominantCommand are capable of accessing sensitive information.

Both adware-type apps and browser hijackers are classified as potentially unwanted applications (PUAs) because users rarely download or install them intentionally.

What is the "Banca Sella" scam email?

"Banca Sella email scam" refers to a spam campaign. This term defines a mass-scale operation during which thousands of deceptive emails are sent. The scam messages sent through this campaign are presented as emails from Banca Sella, a genuine Italian bank based in Biella, Piedmont.

The fake messages claim that recipients have an important message waiting for them. The scammers behind this spam campaign aim to gain access/control over recipients' Banca Sella bank accounts by promoting a phishing website disguised as a sign-in page.

What is "Chrome search contest 2021"?

Practically identical to "You've Made The 5-billionth Search", "Chrome search contest 2021" is a scam promoted on various deceptive websites. This scheme claims that users have been selected as winners to win valuable prizes.

All scams aim to generate revenue for their designers, yet how they profit differs. Typically, scams like "Chrome search contest 2021" ask victims to pay to receive fake prizes and/or operate as phishing schemes (collect sensitive/personal data).

Users rarely access these deceptive sites intentionally - most are redirected to them by intrusive advertisements or installed Potentially Unwanted Applications (PUAs). This software can have dangerous functionality, and users may be unaware of its presence as it does not require explicit permission to infiltrate systems.

What is Conf Search?

Conf Search is a browser hijacker which changes certain browser settings to conf-search.com, the address of a fake search engine. This app also adds the "Managed by your organization" feature (on Chrome browsers).

Note that most browser hijackers collect details relating to web browsing activity, and this is also likely to be the case with Conf Search.

Typically, users download browser hijackers unintentionally and, therefore, Conf Search and other apps of this type are classified as potentially unwanted applications (PUAs).

What is Search Monster?

Search Monster is rogue software categorized as a browser hijacker. It is designed to promote the search.wemakemonsters.it bogus search engine by making modifications to browser settings. Search Monster also adds the "Managed by your organization" feature to Google Chrome browsers.

Furthermore, most browser hijackers have data tracking capabilities, which are used to monitor users' browsing activity. Search Monster likely has this functionality as well. Due to the dubious distribution techniques used to proliferate browser hijackers, they are classified as Potentially Unwanted Applications (PUAs).