Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is CopperStealer?

CopperStealer, also known as Mingloa, is a malicious program designed to steal sensitive/personal information. It also has the capability to cause chain infections (i.e., download/install additional malware).

Significant activity of CopperStealer has been observed in Brazil, India, Indonesia, Pakistan, and the Philippines. At the time of research, this malware had been noted being spread via websites offering illegal activation tools ("cracks") for licensed software products.

What is "Error Code: #0x564897"?

"Error Code: #0x564897" is a technical support scam run on various deceptive websites. This scheme has been observed being promoted via the Amazon AWS service.

Scams of this type operate by informing users of (nonexistent) viruses detected on their devices to trick them into contacting fake tech support. No web page can detect threats/issues present on systems, and any that make such claims are scams.

Users rarely access these deceptive sites intentionally - most enter them via mistyped URLs, redirects caused by intrusive ads, and installed unwanted applications.

What is Error Code: #2c522hq8wwj791?

Typically, scammers behind technical support scam websites like this one try to trick visitors into believing that their devices are infected and calling the provided number to resolve the problem (remove viruses, errors).

Scammers use these websites to trick users into paying for unnecessary fake software, services, and allowing remote access to their computers.

Note that users do not often visit tech support scam pages intentionally they are opened through dubious advertisements, other bogus web pages, or installed potentially unwanted applications (PUAs).

What is news-hot[.]xyz?

Most users do not open pages such as news-hot[.]xyz intentionally - they are opened by browsers that have potentially unwanted applications (PUAs) installed on them, through deceptive ads and other dubious pages.

These apps are classified as PUAs, since they are commonly downloaded and installed by users inadvertently.

There are many pages similar to news-hot[.]xyz on the internet. Some examples are ro01[.]biz, appzery[.]com, finddealsdaily[.]com.

What is the PROM ransomware?

PROM is a malicious program classified as ransomware. Systems infected with this malware have their data encrypted and users receive ransom demands for decryption tools. I.e., the files are rendered inaccessible and victims are asked to pay to recover access to their data.

During the encryption process, affected files are appended with the ".PROM[prometheushelp@mail.ch]" extension, which contains the cyber criminals' email address. For example, a file initially named something like "1.jpg" would appear as "1.jpg.PROM[prometheushelp@mail.ch]", "2.jpg" as "2.jpg.PROM[prometheushelp@mail.ch]", and so on.

After this process is complete, "RESTORE_FILES_INFO.hta" (pop-up window) and "RESTORE_FILES_INFO.txt" files are created, which contain identical ransom messages.

What is Hard?

Ransomware is a type of malware that cyber criminals use to block victims from accessing their files. It encrypts files and keeps them unusable/inaccessible until they are decrypted with a software key that the attackers encourage to purchase from them.

Hard ransomware encrypts and renames files by appending the ".hard" extension to filenames. For example, "1.jpg" is renamed to "1.jpg.hard", "2.jpg" to "2.jpg.hard", and so on.

Hard also creates the "RESTORE_FILES_INFO.txt" text file (ransom message) in each folder that contains encrypted data.

What is Tag Search?

Tag Search (or TagSearch) is a browser hijacker promoting the search-land.com fake search engine. Typically, software within this category promotes bogus search engines by making alterations to browser settings, however, Tag Search does not always modify browsers when promoting search-land.com (see below).

This dubious browser extension also collects browsing-related information. Since most users download/install browser hijackers inadvertently, they are also classified as Potentially Unwanted Applications (PUAs).

What is Direct Search Online?

Direct Search Online is an application that hijacks browsers by changing certain settings to search.directsearchonline.com, the address of a fake search engine.

In addition to changing browser settings, many browser hijackers gather browsing-related information.

Most users download and install apps such as Direct Search Online (browser hijackers) inadvertently and, therefore, they are classified as potentially unwanted applications (PUAs).

What is the "BAPATOH OFFSHORE SDN BHD" scam email?

"BAPATOH OFFSHORE SDN BHD" refers to a spam email campaign, a large-scale operation during which thousands of deceptive emails are sent. The scam messages distributed through this campaign are presented as quotation requests.

These emails promote a phishing website disguised as an Excel document attachment. Recipients are asked to sign into their email account to view the fake file. Instead, any log-in credentials (i.e., passwords) entered into this page are disclosed to the scammers behind the "BAPATOH OFFSHORE SDN BHD" spam campaign.

What is "Your Apple iPhone may be severely damaged by viruses!"?

"Your Apple iPhone may be severely damaged by viruses!" is a scam promoted on untrusted websites. It operates by claiming that users' iPhones are infected and urges them to address the nonexistent issues.

The goal is to trick users into downloading/installing and/or purchasing the endorsed products. Typically, the scams promote fake anti-viruses, adware, browser hijackers, and other Potentially Unwanted Applications (PUAs). They have also been observed proliferating trojans, ransomware, and other malware.

Most users access these deceptive websites through mistyped URLs or redirects caused by rogue web pages, intrusive ads, or installed PUAs.