Virus and Spyware Removal Guides, uninstall instructions

What is "Uniswap Giveaway"?

"Uniswap Giveaway" is a scam promoted on various deceptive sites. Uniswap is a decentralized cryptocurrency exchange for automated transactions between cryptocurrency tokens. The scheme in question is presented as a promotion of the second AirDrop round of Uniswap. By participating, users can supposedly receive 100 UNI tokens.

Note that this giveaway scam is in no way associated with the genuine Uniswap - the scheme's goal is to urge users into downloading/installing a fake Uniswap application, which is in fact RedLine Stealer malware.

These deceptive/scam websites are typically accessed unintentionally - most users enter them via mistyped URLs, redirects caused by intrusive advertisements, or installed Potentially Unwanted Applications (PUAs).

What is the "I have obtained document you mailed me" scam email?

"I have obtained document you mailed me" is an excerpt from a scam email. This fragment is used as the name of the spam campaign distributing the messages in question. The term "spam campaign" defines a mass-scale operation during which thousands of deceptive emails are sent.

These messages are presented as requests to provide certain missing details from a document previously sent by the recipients. The file that is supposedly lacking some necessary data is attached to the emails. The attachment is an archive, which contains an infectious Microsoft Office Excel file.

The aim of this spam campaign is to trick recipients into opening the malicious document, which is designed to stealthily download/install the Qakbot banking trojan.

What is Microsoft Security Essentials Alert?

Typically, technical support scam websites display fake error messages or virus alerts to trick visitors into calling the provided number to receive support. Scammers behind tech-support scams attempt to trick unsuspecting users into paying for unnecessary or even fake software and services.

Commonly, scammers ask users to provide remote access to their computers as well. You should ignore these scams - none of the legitimate error (or other) messages from Microsoft include telephone numbers or encourage users to call.

Technical support scam websites are promoted through deceptive advertisements, other untrusted websites, and potentially unwanted applications (PUAs). I.e., users do not often visit these pages intentionally.

What is ConfigType?

ConfigType is a rogue application classified as adware with browser hijacker traits. ConfigType operates by delivering various intrusive advertisements and promoting fake search engines by making alterations to browser settings.

Additionally, most adware-type apps and browser hijackers have data tracking capabilities, which are used to collect browsing-related information.

Since most users download/install ConfigType unintentionally, it is categorized as a Potentially Unwanted Application (PUA). One of the dubious methods used to proliferate this app is distribution via fake Adobe Flash Player updates.

Bogus software updaters/installers have been noted spreading trojans, ransomware, other malware, as well as PUAs.

What is DeskProduct?

The DeskProduct app is often downloaded and installed by users inadvertently. It is distributed through a fake Adobe Flash Player installer, which makes DeskProduct a potentially unwanted application (PUA).

DeskProduct is an adware-type application, however, it also functions as a browser hijacker: it generates advertisements and alters browser settings to promote a fake search engine. There is a high probability that DeskProduct will also collect information about users.

What is ourcoolspot[.]com?

ourcoolspot[.]com opens other untrusted websites or displays dubious content. There are many other similar sites on the web including, for example, topfreenewsfeeds[.]com, artepigr[.]com, and viralnewsobserver[.]com.

Typically users do not often open these web pages intentionally - in most cases, browsers open them automatically when potentially unwanted applications (PUAs) are installed on them.

Additionally, ourcoolspot[.]com and similar pages are promoted through dubious ads and other bogus web pages.

What is the dbytheseth[.]fun website?

Sharing many of the same traits with topfreenewsfeeds.com, allowlucks.com, artepigr.com, vossulekuk.com, and thousands of others, dbytheseth[.]fun is a rogue website. Visitors to this site are presented with dubious material and/or are redirected to other untrustworthy, possibly malicious websites.

Users rarely access dbytheseth[.]fun or similar web pages unintentionally - most are redirected to them by intrusive ads or installed Potentially Unwanted Applications (PUAs). These rogue apps do not require explicit user consent to be installed onto systems. PUAs cause redirects, run intrusive advertisement campaigns, and collect browsing-related data.

What is Qel email virus?

Phishing emails are used to extract sensitive information (such as credit card details, usernames, and passwords, social security numbers, etc.), or to deliver malicious software.

The emails usually ask to send personal information or provide it on a website. They might also encourage recipients to click a link or open a malicious attachment. This particular phishing campaign uses a rogue attachment to deliver Agent Tesla, a Remote Administration Trojan (RAT).

What is the Hack (Xorist) ransomware?

Hack is malicious software, which is part of the Xorist ransomware family. Systems infected with this malware have their data encrypted and users receive ransom demands for decryption - victims lose access to their files and are informed that they must pay to recover them.

During the encryption process, affected files are appended with the ".Hack" extension. For example, a file originally named something like "1.jpg" would appear as "1.jpg.Hack" following encryption. Once this process is complete, ransom messages in Russian are created in a pop-up window and "КАК РАСШИФРОВАТЬ ФАЙЛЫ.txt" text file.

Note that if the infected system does not have the Cyrillic alphabet, the text presented in the pop-up will appear as gibberish.

What is Strigoi Master?

A Remote Access Trojan (RAT) is malicious software that allows the attackers to monitor and control infected computers (or networks). These programs can open documents or any other files, download and install software, access the webcam, microphone, etc.

Cyber criminals use RATs to infect computers with malware and to obtain sensitive information, which could be used for malicious purposes.

Strigoi Master is written in the Java programming language and can be purchased on hacker forums. Its monthly subscription cost is US$80, and $200 for 3-months.