Virus and Spyware Removal Guides, uninstall instructions

What is newsfeedscroller[.]com?

newsfeedscroller[.]com is an untrusted website: it promotes other bogus web pages and contains deceptive, dubious content.

These site are not often visited by people intentionally - they are opened after clicking deceptive ads, through other untrusted web pages, or by potentially unwanted applications (PUAs) that users have inadvertently installed onto their browsers or computers.

There are many pages similar to newsfeedscroller[.]com on the internet. Some examples are thehypenewz[.]com, lcutterlyba[.]top, and goodmode[.]biz.

What is ExploreActivity?

ExploreActivity is classified as a potentially unwanted application (PUA) because of the method employed for distribution: via a fake installer for Adobe Flash Player. Note that users do not often download/install ExploreActivity or similar apps intentionally.

The main purpose of ExploreActivity is to generate ads and promote a fake search engine. In this way, it functions as adware and a browser hijacker. Moreover, it is likely that this app is designed to collect information about its users.

What is JCleaner?

JCleaner is a potentially unwanted application (PUA) with an identical name as a cleaner/system optimizer from Vitsoft. PUAs are often bundled with other software by including them with downloaders and installers as "extra offers".

These programs are classified as potentially unwanted, since users often download and install them inadvertently. Applications that are distributed using dubious methods should never be trusted or used. This also applies to JCleaner. Furthermore, the installer for JCleaner is detected as a threat by more than 40 antivirus scanners on VirusTotal.

What is the arenabg[.]ch site?

arenabg[.]ch is the address of a Peer-to-Peer sharing website. It invites users to download pirated software and media via Torrent files. As well as infringing copyright laws, this site uses rogue advertising networks. Visitors to websites that employ this monetization technique are redirected to various other untrusted and malicious web pages.

Furthermore, Torrent websites can offer Potentially Unwanted Applications (PUAs) and malware (such as Trojans, ransomware, etc.) disguised as or packed with ordinary content.

What is Txziyp?

Txziyp is a type of malware that makes files inaccessible by encryption and keeps them unusable until a ransom is paid.

It also renames each encrypted file by appending the ".txziyp" extension to filenames. For example, "1.jpg" is renamed to "1.jpg.txziyp", "2.jpg" to "2.jpg.txziyp", and so on.  Txziyp also creates a ransom message (within the "HOW TO RESTORE YOUR FILES.TXT" file), placing it in all folders that contain encrypted files.

Note that Txziyp belongs to the Snatch ransomware family.

What is VideoBoxApp?

VideoBoxApp is described by its developer as a high-quality standard video player. The problem with this app is that it is distributed using a fake Adobe Flash Player installer. Therefore, there is a significant chance that users will be unaware of how this app was installed.

Apps that users download and install inadvertently are classified as potentially unwanted applications (PUAs). Note that PUAs that are distributed using fake installers often come bundled with other apps of this kind including, for example, adware, browser hijackers.

What is SystemMonitor?

SystemMonitor is a rogue piece of software classified as adware. It operates by running intrusive advertisement campaigns and causing redirects to untrustworthy/malicious websites. Furthermore, it adds the "Managed by your organization" feature to Google Chrome browsers.

SystemMonitor collects browsing-related information, which is a serious privacy concern. This adware has been observed being distributed through deceptive installation set-ups (e.g., fake software "cracking" tools) and bundled with untrusted apps. These applications work in a similar way to SystemMonitor. Some have the capability to force-open browsers and cause redirects to bogus websites. Products proliferated using these dubious methods are classified as Potentially Unwanted Applications (PUAs).

What is Paralock ransomware?

Paralock is a new variant of Parasite ransomware. It operates by locking data, rendering it inaccessible for victims, and demands a ransom payment to restore access. This is the modus operandi of ransomware: file encryption for the purpose of demanding payment for decryption tools.

When this malicious program encrypts, affected files are appended with the ".paralock" extension. For example, a file originally named something like "1.jpg" would appear as "1.jpg.paralock", "2.jpg" as "2.jpg.paralock", and so on.

Following the completion of this process, ransom messages within "info.hta" files are dropped into compromised folders.

What is DigitalIncognitoSearch?

DigitalIncognitoSearch hijacks browsers by changing certain settings to digitalincognitosearch.com, the address of a fake search engine.

Note that most browser hijackers also collect information relating to browsing activities. This is likely to be the case with DigitalIncognitoSearch. Apps such as DigitalIncognitoSearch are classified as potentially unwanted applications (PUAs), since most users download and install them inadvertently.

What is SuperRegistryCleaner?

SuperRegistryCleaner is untrusted software, endorsed as a system registry cleaning tool. This app is classified as a Potentially Unwanted Application (PUA) due to the dubious techniques employed to proliferate it.

Despite their legitimate appearance, these  apps are usually nonoperational and unable to perform the advertised functionality. Furthermore, PUAs can have undisclosed, dangerous capabilities.