Virus and Spyware Removal Guides, uninstall instructions

What is the check-me[.]online site?

check-me[.]online is an untrusted website designed to present visitors' with dubious content and/or redirect them to other bogus and malicious pages. There are thousands of these rogue sites on the web - suggestive.com, purplemedia.biz, and luckhours.com are just some examples.

Visitors rarely enter these websites intentionally - most are redirected to them by intrusive ads or by Potentially Unwanted Applications (PUAs). This software does not require explicit user consent to be installed onto systems. PUAs operate by causing redirects, delivering intrusive advertisement campaigns and collecting browsing-related information.

What is OperativeDock?

OperativeDock is a rogue application categorized as adware. Additionally, this app has browser hijacker characteristics. Therefore, following successful infiltration, OperativeDock delivers intrusive advertisement campaigns and makes modifications to browser settings to promote bogus search engines.

Due to the dubious techniques used to proliferate this application, this app is also classified as a Potentially Unwanted Application (PUA). Furthermore, most PUAs have data tracking capabilities, making them a serious privacy concern.

What kind of scam is "Your system is heavily damaged by Two viruses!"?

"Your system is heavily damaged by Two viruses!" is a scam run on deceptive websites (e.g. todaystrends[.]co, greacore[.]com, contentfilled[.]com, nbvtread[.]com and topoffert[.]com). There are multiple variants of this scam. The text presented in them is practically identical, however, the versions are visually different (e.g. layouts, fonts, graphical elements, etc.).

In general, "Your system is heavily damaged by Two viruses!" claims that users' Apple iPhones have been infected and consequently damaged. To prevent further damage, they are encouraged to download/install the promoted application.

Scams of this type make bogus claims in order to proliferate dubious products such as fake anti-virus tools, adware, browser hijackers and other uwnanted apps. These schemes often endorse Trojans, ransomware and other malware.

Typically, visitors to deceptive sites do not access them intentionally - most are redirected to them by intrusive ads or certain kind of applications.

What is New Finder?

New Finder is a browser hijacker that promotes tailsearch.com, the address of a fake search engine and collects browsing history. It might also record other browsing-related data. In most cases, users download and install apps such as New Finder (browser hijackers) inadvertently and, for this reason, they are categorized as potentially unwanted applications (PUAs).

What is the holanews[.]biz website?

Sharing many similarities with suggestive.com, luckhours.com, yourwownews.com, thgworldwideblog.com and thousands of others, holanews[.]biz is a rogue website. Visitors to these web pages are presented with dubious material and/or are redirected to other untrusted and even malicious websites.

Users rarely access these bogus web pages intentionally - most are redirected to them by intrusive ads or by Potentially Unwanted Applications (PUAs) already installed onto their devices. This software does not need explicit permission to infiltrate systems, and thus users may be unaware of their presence.

What is B0rn30L0ck3D?

B0rn30L0ck3D is a malicious program belonging to the Xorist ransomware family. This malware operates by encrypting data in order to demand payment for decryption.

During the encryption process, all affected files are appended with the ".B0rn30L0ck3D" extension. For example, a file originally named something like "1.jpg" would appear as "1.jpg.B0rn30L0ck3D" following encryption.

Once this process is complete, ransom-demand messages are created in a pop-up window and "HOW TO DECRYPT FILES.txt" text files, which are dropped into compromised folders. In addition, the desktop wallpaper is changed.

What is Pola ransomware?

Pola is a malicious program and part of the Djvu ransomware family. Systems infected with this malware experience data encryption and users receive ransom demands for decryption tools/software.

During the encryption process, all affected files are appended with the ".pola" extension. For example, a file originally named something like "1.jpg" would appear as "1.jpg.pola", "2.jpg" as "2.jpg.pola", "3.jpg" as "3.jpg.pola", and so on. Once this process is complete, ransom messages within "_readme.txt" files are created in compromised folders.

What is Wskvke?

Wskvke encrypts files and appends the ".wskvke" extension to filenames. For example, "1.jpg" is renamed to "1.jpg.wskvke", "2.jpg" to "2.jpg.wskvke", and so on. It also creates a ransom message (within the "HOW TO RESTORE YOUR FILES.TXT" text file) in all folders that contain encrypted files.

Note that Wskvke belongs to the Snatch ransomware family.

What is suggestive[.]com?

Usually, websites such as suggestive[.]com are opened when users click deceptive ads, visit dubious web pages, or have potentially unwanted applications (PUAs) installed on browsers and/or operating systems. I.e., users do not often visit these sites intentionally.

More examples of pages similar to suggestive[.]com are luckhours[.]com, hipermovies[.]website, and thgworldwideblog[.]com.

What is 0l0lqq ransomware?

0l0lqq belongs to the TeslaCrypt ransomware family. It encrypts and renames files, and creates a ransom message (within the "RESTORE_FILES_INFO.txt" file) in folders that contain encrypted files.

0l0lqq appends the ".0l0lqq" extension to the filenames. For example, "1.jpg" is renamed to "1.jpg.0l0lqq", "2.jpg" to "2.jpg.0l0lqq", and so on.