Virus and Spyware Removal Guides, uninstall instructions

What is ProductUpgrade?

ProductUpgrade is a rogue application classified as adware with browser hijacker traits. Following successful infiltration, this app runs intrusive advertisement campaigns and modifies browsers to promote fake search engines.

Due to the dubious methods employed to proliferate ProductUpgrade, it is also classified as a Potentially Unwanted Application (PUA). Most PUAs have data tracking capabilities, which are used to collect browsing-related information.

What is OpticalPartition?

OpticalPartition displays advertisements and promotes a fake search engine. In this way, the app functions as adware and a browser hijacker. It is also likely that this app gathers browsing-related (and other) data.

People commonly download and install apps such as OpticalPartition inadvertently and, for this reason, they are categorized as potentially unwanted applications (PUAs).

What is AXI ransomware?

AXI is malicious software, which belongs to the Dharma ransomware family. Systems infected with this malware have their data encrypted and users receive ransom demands for decryption.

During the encryption process, affected files are renamed following this pattern: original filename, unique ID, cyber criminals' email address, and the ".AXI" extension. For example, "1.jpg" would appear as as something similar to "1.jpg.id-C279F237.[axitrun2@tutanota.com].AXI" after encryption.

Once this process is complete, ransom-demand messages are created in a pop-up window and "FILES ENCRYPTED.txt" text file.

What is Best File Converter?

Best File Converter's developers advertise this app as a tool that quickly converts PDF files, images, and audio files, however, it actually generates advertisements and is thus classified as adware.

Additionally, this app can read and change all data on websites that users visit. In most cases, users download and install adware inadvertently and, therefore, Best File Converter and similar apps are classified as potentially unwanted applications (PUAs).

What is "Payment Schedule email virus"?

"Payment Schedule email virus" refers to a malware-spreading spam campaign. The term "spam campaign" defines a mass-scale operation, during which thousands of deceptive/scam emails are sent. The messages distributed through this campaign are presented as notifications concerning a payment schedule.

The purpose of "Payment Schedule email virus" is to proliferate the LokiBot Trojan.

What is DoNotWorry?

DoNotWorry is designed to encrypt files and modify filenames by prepending the elixuwaril@gmail.com email address, victim's ID, and appending the ".DoNotWorry" extension to them. For example, "1.jpg" is renamed to "[elixuwaril@gmail.com][id=C279F237]1.jpg.DoNotWorry", "2.jpg" to "[elixuwaril@gmail.com][id=C279F237]2.jpg.DoNotWorry", and so on.

DoNotWorry also creates the "#ReadThis.HTA" file (ransom message) in all folders that contain encrypted files.

What is BIOSAgentPlus?

BIOSAgentPlus is advertised as software that checks for BIOS updates, outdated drivers, and recommends updates. It also provides detailed information regarding currently installed BIOS and drivers.

There is a possibility that this application is distributed using the 'bundling' method. Apps that are distributed by bundling them with other programs are classified as potentially unwanted applications (PUAs).

What is COVID-19 vaccination NHS email scam?

Today, COVID-19 is commonly used as the subject for various scams, including email phishing scams. Typically, cyber criminals behind them attempt to trick recipients into providing private, sensitive information. For example, social security numbers, credit card details, bank account numbers, and login credentials.

They might also use the emails to trick recipients into opening malicious files and infecting their computers with malware.

What is DominantPartition?

DominantPartition is an adware-type app with browser hijacker characteristics. This application operates by running intrusive advertisement campaigns and making changes to browser settings to promote fake search engines. Additionally, most adware-type apps and browser hijackers collect browsing-related information.

Since users typically download/install DominantPartition inadvertently, it is also classified as a Potentially Unwanted Application (PUA).

This app has been observed being spread via fake Adobe Flash Player updates. These bogus software updaters are employed to proliferate PUAs, Trojans, ransomware, and other malware.

What is FPMPlayer?

FPMPlayer is a potentially unwanted application (PUA) that is distributed using a fake Adobe Flash Player installer. In most cases, users download and install apps that are distributed using such methods inadvertently.

Fake installers are often used to distribute multiple PUAs at once and, therefore, it is likely that FPMPlayer is bundled with browser hijackers, adware-type apps, or other PUAs.