Virus and Spyware Removal Guides, uninstall instructions

What is Bondy ransomware?

Discovered by S!Ri, Bondy is ransomware designed to encrypt files, append its extension to the filenames of all affected files, and create a ransom message (within the "HELP_DECRYPT_YOUR_FILES.txt" text file) in all folders that contain encrypted files.

It renames files by appending the ".bondy" extension. For example, "1.jpg" is renamed to "1.jpg.bondy", "2.jpg" to "2.jpg.bondy", and so on. The "HELP_DECRYPT_YOUR_FILES.txt" file contains instructions about how to pay the ransom and contact the cyber criminals who created Bondy.

What is undertain[.]work?

Generally, users do not open undertain[.]work or similar web pages intentionally - they are opened by browsers with potentially unwanted applications (PUAs) installed on them. These rogue apps are classified as PUAs because most users download and install them inadvertently. In addition to promoting sites such as undertain[.]work, PUAs often serve ads and gather data.

What is swindoors[.]work?

swindoors[.]work is a rogue website designed to present visitors with dubious content and/or redirect them to other untrusted/malicious pages. Few users access this site intentionally - most are redirected to it by intrusive ads or by Potentially Unwanted Applications (PUAs) already installed on their devices.

This software does not need explicit user consent to infiltrate systems. PUAs operate by causing redirects, running intrusive advertisement campaigns and collecting browsing-related data. There are thousands of websites similar to swindoors[.]work on the web - liveplayingnow.com, finvesterns.work, bargaret.work, and jrg-news1.club are just some examples.

What is Scarry?

Scarry belongs to the Scarab ransomware family. Malware of this type is designed to encrypt files, rename them and provide instructions about how to contact the developers, pay the ransom, and various other information. Scarry renames encrypted files by replacing their filenames with a string of random characters and appending ".scarry" as the file extension.

For example, "1.jpg" is renamed to "fuYzvjnkM=Tqz4.scarry", "2.jpg" to "giTxbjkmlN=Rwx6.scarry", and so on. It also creates a ransom message (within the "Инструкция.TXT" text file) in all folders that contain encrypted files.

What is MyRansom ransomware?

MyRansom is ransomware that was discovered by GrujaRS. It encrypts files and creates the "README.TXT" text file in every folder that contains encrypted files. This text file is a ransom message detailing instructions about how to contact MyRansom's developers and cost of decryption tools.

What is Umate Mac Cleaner?

Umate Mac Cleaner is untrusted software endorsed as a tool for optimizing the performance of Mac operating systems. This application is supposedly capable of eliminating junk, large and duplicate files, and also removing personal information to prevent privacy leaks.

Since most users download/install Umate Mac Cleaner inadvertently, it is classified as a Potentially Unwanted Application (PUA). Often, apps within this classification cannot perform their advertised functionality and might have undisclosed dangerous capabilities.

What is Stop Notifications?

Stop Notifications is a browser hijacker which hijacks browsers by changing certain settings to stopnotifications.com, the address of a fake search engine. It also gathers browsing-related information. Note that most users download and install browser hijackers inadvertently.

Therefore, Stop Notifications and other apps of this type are categorized as potentially unwanted applications (PUAs).

What is "This is how you make $562 in 1 hour!"?

"This is how you make $562 in 1 hour!" is a smishing scam. The term "smishing" is coined from the abbreviation "SMS" and word "phishing". It refers to a scheme typically targeting personal/sensitive information, which is promoted via text messages.

In the case of the "This is how you make $562 in 1 hour!" scam, the SMS messages greet recipients by name, indicate their geolocations, and then offer a chance to earn US$562 (or other sum). To earn the money, recipients are urged to visit the provided URL.

The opened pages are classified as phishing websites, which ask visitors to complete surveys and provide private information, however, this scam can also be promoted on other untrusted and malicious sites.

What is Kut ransomware?

Kut belongs to the Dharma ransomware family and functions like most ransomware-type programs. It encrypts files, renames them and provides instructions about how to contact the developers. Kut renames encrypted files by adding the victim's ID, kuk1@tuta.io email address and appending the ".kut" extension to filenames.

For example, after encryption, "1.jpg" is renamed to "1.jpg.id-C279F237.[kuk1@tuta.io].kut", "2.jpg" to "2.jpg.id-C279F237.[kuk1@tuta.io].kut", and so on. Instructions about how to contact the developers are provided in a pop-up window and the "FILES ENCRYPTED.txt" text file.

What is liveplayingnow[.]com?

liveplayingnow[.]com is a rogue web page. Generally, these sites are promoted via other dubious websites, deceptive advertisements or potentially unwanted applications (PUAs). I.e., users do not often visit them intentionally. There are many websites similar to liveplayingnow[.]com on the internet.

Some examples are finvesterns[.]work, bargaret[.]work and jrg-news1[.]club.