Virus and Spyware Removal Guides, uninstall instructions

What is Gdiview?

Gdiview is a potentially unwanted application (PUA) that developers distribute via a dubious web page (possibly, multiple web pages).

The exact purpose of Gdiview is unknown, however, it is likely that users who install this app will also have installed adware, a browser hijacker, or other PUA. These apps are classified as PUAs, since they are often downloaded and installed by users unintentionally.

What is Solaso ransomware?

Discovered by malware analyst 0x4143, Solaso is a ransomware-type program. Systems infected with this software experience data encryption and users receive ransom demands for decryption tools. During the encryption process, all affected files are appended with the ".solaso extension.

For example, a file originally named something like "1.jpg" would appear as "1.jpg.solaso", "2.jpg" as "2.jpg.solaso", "3.jpg" as "3.jpg.solaso", and so on. After this process is complete, ransom messages in "__READ_ME_TO_RECOVER_YOUR_FILES.txt" files are dropped into compromised folders.

What is the "Stopped processing incoming emails" scam message?

"Stopped processing incoming emails" is a spam phishing campaign. This term refers to a mass-scale operation, during which thousands of deceptive/scam emails are sent. These messages claim that recipients' email accounts have been suspended and incoming mail is no longer reaching the inbox. To recover the accounts, they must supposedly be updated.

Note that all information provided by "Stopped processing incoming emails" is false. The purpose of this spam campaign is to trick recipients into attempting to sign-in to their email accounts through the promoted phishing site, thereby unintentionally exposing their log-in credentials (i.e. passwords) to the scammers.

What is peachlandcn[.]com?

There are many websites similar to peachlandcn[.]com on the web. Most display fake virus or other notifications stating that the device is infected (or that another problem exists) and suggests removal of viruses and protection of devices with potentially unwanted applications (PUAs), which can be downloaded via provided links.

In this way, websites such as peachlandcn[.]com promote applications using deceptive methods. These pages should be ignored and reported.

What is o2tvseries[.]com?

o2tvseries[.]com is a torrent website which provides illegal content. Downloading copyrighted content from websites such as o2tvseries[.]com is illegal in many countries.

o2tvseries[.]com also uses rogue advertising networks: it contains dubious ads and opens bogus, potentially malicious websites.

What is DEcovid19bot ransomware?

DEcovid19bot is a malicious program classified as ransomware. It is designed to encrypt files and rename them in order to demand payment for decryption.

There are two variants of this ransomware - the way these versions change filenames and the ransom message they create differs. During the encryption process, one variant appends files with the ".covid19" extension, whilst the other, with ".locked". For example, a file originally named "1.jpg" would appear as either "1.jpg.covid19" or "1.jpg.locked".

After this process is complete, ransom-demand messages named "!DECRYPT_FILES.txt" or "ATTENTION!!!.txt" (depending on the version) are dropped into compromised folders.

What is Amazon Customer Care email scam?

By sending phishing emails, scammers seek to trick unsuspecting recipients into providing sensitive information. For example, bank account numbers, social security numbers, credit card details, and login credentials. Generally, these emails are disguised as messages from legitimate organizations, companies or other entities.

You are strongly advised to ignore these emails (do not click any links within them or provide personal information).

What is the fake "BRT" email?

"BRT Email Virus" refers to a spam campaign spreading the Ursnif trojan. The term "spam campaign" defines a large-scale operation, during which thousands of deceptive emails are distributed. The "BRT" scam emails target Italian users and are presented as notifications about due invoices.

These messages have infectious files attached. When these are opened (thereby executing malicious macro commands), the infection chain of Ursnif malware starts.

What is Sett4545?

Sett4545 ransomware is based on Hidden Tear (open-source ransomware) and was discovered by Emmanuel_ADC-Soft. Sett4545 encrypts and renames files by appending the ".encryptedQjbQpkgd.sett4545" extension. For example, "1.jpg" is renamed to "1.jpg.encryptedQjbQpkgd.sett4545", "2.jpg" to "2.jpg.encryptedQjbQpkgd.sett4545", and so on.

This ransomware also infects the MBR (Master Boot Record) and prevents the operating system from loading (stops the computer from booting into Windows). After data encryption, Sett4545 restarts the infected computer and displays a ransom message.

What is DigitalEngine?

DigitalEngine is an adware-type app with browser hijacker characteristics. This piece of software delivers intrusive ad campaigns and makes alterations to browser settings to promote fake search engines. Additionally, most adware-type apps and browser hijackers can track data and use these capabilities to gather browsing-related information.

Since users tend to download and install DigitalEngine unintentionally, it is also classified as a Potentially Unwanted Application (PUA).