Virus and Spyware Removal Guides, uninstall instructions

What is K9-PCFixer?

K9-PCFixer is untrusted software advertised as a tool for operating system scanning and performance boosting, however, due to the dubious methods used to proliferate this app, it is categorized as a Potentially Unwanted Application (PUA).

Software within this category often cannot perform the features promised and, furthermore, PUAs may have undisclosed and dangerous capabilities.

What is Customer Complaint email virus?

Cyber criminals often use emails as channels to trick users into downloading and installing malware onto their computers. Emails that are used to deliver malware are termed phishing messages or malspam. Usually, the emails contain an attachment or website link that opens a download page for a malicious file.

Note that cyber criminals behind malspam/phishing emails often claim to be legitimate companies. They also disguise their emails as important, official, and urgent.

This particular email is used to deliver Cobalt Strike.

What is the fake "Facebook" email?

"Facebook email scam" refers to a spam campaign, a mass-scale operation during which thousands of deceptive emails are sent. The messages distributed through this campaign inform recipients that suspicious activity has been detected on their Facebook accounts.

The information provided by these scam emails is false, and the messages themselves are in no way associated with Facebook, Inc. The goal of the "Facebook email scam" is to promote a phishing/malicious website designed to record data entered into it.

What is Application?

The 'Application' app functions as adware and, therefore, serves various advertisements on the user interface and/or visited websites.

Users often install adware onto their browsers or computers unintentionally. Therefore, Application and other apps of this type are classified as potentially unwanted applications (PUAs). Adware-type apps can also be designed to collect certain information.

If a program called "Application" ("Application version 0.2.9" or similar) is on the list of installed programs, remove/uninstall it from the system immediately.

What is Trash the Cache?

Trash the Cache supposedly deletes browser history, cookies, cache, and various other data, however, this app functions as adware: it generates revenue for the developers by feeding users with unwanted advertisements.

Adware can collect data relating to users' browsing habits or even private, sensitive information.

Note that Trash the Cache is an untrusted app. Typically, users download and install these bogus apps inadvertently and, therefore, they are classified as potentially unwanted applications (PUAs).

What is ValidMemory?

ValidMemory is an adware-type app with browser hijacker traits. It operates by delivering various intrusive advertisements and promoting fake search engines by modifying browsers. Due to the dubious techniques used to spread ValidMemory, it is also classified as a Potentially Unwanted Application (PUA).

Most PUAs have data tracking capabilities that are employed to monitor users' browsing habits. ValidMemory has been observed being spread via fake Adobe Flash Player updates. Note that bogus software updaters/installers can proliferate trojans, ransomware, and other malware.

What is "WIN-8x0007 Error"?

"WIN-8x0007 Error" is the name of a technical support scam run on deceptive websites. Schemes of this type inform users of nonexistent threats on their systems and urge them to contact fake tech support. The "WIN-8x0007 Error" scam targets German users. It also downloads an audio file that contains the same message in Japanese.

As is common of these scams, "WIN-8x0007 Error" is presented as a Windows support alert issued by Microsoft. Note that no site can detect threats/issues on visitors' devices. Any that makes such claims are scams with no relation to legitimate companies (e.g., Microsoft Corporation).

Typically, untrusted web pages are accessed via mistyped URLs, or redirects caused by intrusive ads or installed unwanted applications.

What is "Fund Release email scam"?

Scammers often use email as a channel to trick people into providing sensitive information (e.g., login credentials, credit card details, social security numbers), sending money and installing malware onto their computers. Scammers usually disguise their emails as important, official messages from legitimate companies.

They use the names of well-known entities, logos, names of real people, take advantage of real events, etc., to add authenticity to their emails. This email is disguised as a message regarding fund release - scammers spread with the aim to extort money from recipients.

What is Bright Tab?

Bright Tab is a browser hijacker promoting the tailsearch.com fake search engine. Typically, software within this category promotes fake search engines by modifying browser settings, however, Bright Tab does not always operate in this way (see below).

Additionally, Bright Tab has data tracking capabilities, which are used to collect browsing-related information. Since most users download/install browser hijackers inadvertently, they are also classified as Potentially Unwanted Applications (PUAs).

What is .help?

Ransomware is a type of malware that blocks access to files by encryption. Usually, malware of this type displays or creates a ransom message stating that victims cannot access their files unless they pay a ransom.

.help ransomware encrypts files, modifies their filenames, and creates the "readme-warning.txt" text file (.help creates this file in each folder that contains encrypted files). It renames encrypted files by adding the victim's ID, tuzadiea@msgsafe.io email address, and appending the ".help" extension. For example, "1.jpg" is renamed to "1.jpg.[9B83AE23].[tuzadiea@msgsafe.io].help", "2.jpg" to "2.jpg.[9B83AE23].[tuzadiea@msgsafe.io].help", and so on.

This ransomware belongs to the Makop ransomware family.