Virus and Spyware Removal Guides, uninstall instructions

What is the "Synchronize Mail Error" scam email?

"Synchronize Mail Error" refers to an email spam campaign. This term refers to a large-scale operation during which deceptive emails are sent by the thousand. The letters distributed through this campaign notify recipients that they have a number of pending emails.

The messages are supposedly withheld and require to be released or deleted. It must be emphasized that this information is false, and recipients have no mail that has failed to arrive into their email inbox. The purpose of the "Synchronize Mail Error" scam letters is to promote a phishing website, which is disguised as the email account sign-in page.

Any data entered into this site is disclosed to the scammers behind the spam campaign.

What is Periox ransomware?

Periox is a piece of malicious software that is classified as ransomware. It is designed to encrypt data and demand payment for the decryption. During the encryption process, affected files are appended with the ".periox" extension.

For example, a file originally named something like "1.jpg" would appear as "1.jpg.periox", "2.jpg" as "2.jpg.periox", "3.jpg" as "3.jpg.periox", and so on. After this process is complete, ransom-demanding message - "help.html" - is created.

What is Package Tracker Express?

Package Tracker Express is a piece of rogue software, which is endorsed as a tool for easy access to package/mail tracking services. It operates by making modifications to browser settings - to promote the packagetrackerexpress.com fake search engine.

Due to its behavior, Package Tracker Express is classified as a browser hijacker. Typically users download/install Package Tracker Express inadvertently, hence it is also deemed to be a PUA (Potentially Unwanted Application). Most of these apps have data tracking abilities that are used to collect browsing-related information.

Package Tracker Express likely has such functionalities as well.

What is Ceprolad?

Ceprolad (also known as Behavior:Win32/Ceprolad.A) is high-risk trojan-type virus that stealthily infiltrates the system and performs malicious actions. Note is that this malware behaves differently on each computer infiltrated, since developers control Ceprolad via a remote server.

What kind of malware is Cadq?

Typically, victims of ransomware attacks cannot access data on their computers or other devices until they pay a ransom. Ransomware is a type of malware that encrypts files stored on a device and generates a ransom note that usually contains details such as an email address to contact the attackers, the price of a decryption tool, etc.

This ransomware belongs to the ransomware family called Djvu. It renames every encrypted file by appending the ".cadq" extension to its filename. For example, it renames "1.jpg" to "1.jpg.cadq", "2.jpg" to "2.jpg.cadq", and so on, and creates the "_readme.txt" file (ransom note). Cadq creates its ransom note in all folders that contain encrypted data.

What is HAM ransomware?

Ransomware is a type of malware that encrypts either the files or the entire computer. The attackers use ransomware to prevent victims from accessing their files (or computers) and demand a ransom. As long as the victims do not pay the ransom, their files or computers stay encrypted/unusable.

Quite often, ransomware not only encrypts but also renames files. HAM renames them by adding the victim's ID, the backup24@msgsafe.io email address, and appending the ".HAM" extension to their filenames.

For example, HAM renames "1.jpg" to "1.jpg.id-C279F237.[backup24@msgsafe.io].HAM", "2.jpg" to "2.jpg.id-C279F237.[backup24@msgsafe.io].HAM", and so on. It also displays a pop-up window and creates the "FILES ENCRYPTED.txt" file (ransom notes). HAM is a part of the Dharma ransomware family.

What is captcha2020[.]com?

Captcha2020[.]com is the address of an untrustworthy web page that is designed to promote other pages of this kind, or to load dubious, deceptive content. The Internet is full of pages like this one. Some examples of pages that are similar or almost identical to captcha2020[.]com are withoughtc[.]top, uspetenti[.]top and settings-chrome[.]com.

It is important to mention that users do not visit such pages on purpose. Typically, users unintentionally open pages like captcha2020[.]com by clicking shady ads while visiting other unreliable websites. It is also common that browsers open unreliable pages without user interference.

It usually happens when browsers have some potentially unwanted application (PUA) installed on them.

What is itabsolan[.]com?

The Internet is full of untrustworthy and unreliable websites, itabsolan[.]com is but one of them. Visitors to this page are presented with dubious material and/or redirected to other rogue and possibly malicious sites.

Typically, itabsolan[.]com and webpages akin to it (e.g., withoughtc.top, uspetenti.top, settings-chrome.com, etc.) - are accessed through redirects caused by intrusive ads or installed PUAs (Potentially Unwanted Applications). This software does not require permission to infiltrate systems; hence, users may be unaware of their presence.

PUAs are designed to force-open websites, run intrusive advertisement campaigns, and collect private data.

What is PDFConverterSearchPro?

PDFConverterSearchPro is a piece of software categorized as a browser hijacker. It operates by making modifications to browser settings to promote the pdfconvertersearchpro.com fake search engine. Software within this category typically collects browsing-related data, and it is likely that PDFConverterSearchPro does so as well.

Due to the dubious methods employed to proliferate browser hijackers, they are also classified as Potentially Unwanted Applications (PUAs).

What is veniamad[.]com?

veniamad[.]com is one of many websites that promote applications using deceptive methods. In this case, it employs a scare tactic to trick visitors into believing that their devices are infected with viruses and claims that they must download and install an app to remove the threats.

Deceptive web pages such as veniamad[.]com can never be trusted, even if the software that they advertise is legitimate. These sites are usually opened after clicking dubious ads, while visiting bogus websites, or by installed potentially unwanted applications (PUAs). I.e., they are not often visited by people intentionally.