Virus and Spyware Removal Guides, uninstall instructions

What is JB78?

JB78 replaces the filenames of encrypted files with the jamesBaker78@criptext.com email address, a string of random characters. It also appends the ".JB78" extension to them.

For example, "1.jpg" is renamed to "[JamesBaker78@criptext.com].y5ebua4u-oXnxuIWO.JB78", "2.jpg" to "[JamesBaker78@criptext.com].h6riot6k-pZvbmODG.JB78", and so on. JB78 also creates the "Readme_JB78.rtf" file (the ransom message) in all folders that contain encrypted files. Note that JB78 is part of the Matrix ransomware family.

What is FG69 ransomware?

FG69 is a malicious program that belongs to the Matrix ransomware family. Like most of these programs, it encrypts files, renames them and creates a ransom message. FG69 renames files, replacing their filenames with the Adamfox69@criptext.com email address, a string or random characters, and appending ".FG69" as the extension.

For example, "1.jpg" is renamed to "[Adamfox69@criptext.com].zqNIw3ba-P2Tur5vn.FG69", "2.jpg" to "[Adamfox69@criptext.com].cgMLr4pz-O3Tut7yt.FG69", and so on. FG69 creates a ransom message (within the "FG69_README.rtf" file) in all folders that contain encrypted data.

What is service24[.]report?

Websites such as service24[.]report often trick visitors into downloading and installing potentially unwanted applications (PUAs). In many cases, these web pages claim that the device is infected with viruses and offer to remove them with a specific app.

Note that users do not often visit sites service24[.]report or similar sites intentionally - they are opened by PUAs installed on operating systems and/or browsers.

What is hilanfavouris[.]top website?

hilanfavouris[.]top is a rogue web page sharing many similarities with a1-nerdhut.com, belighterservice.com, myfreshposts.com and thousands of others. Visitors to this site are presented with dubious content and/or are redirected to other untrusted or possibly malicious websites.

Typically, users access hilanfavouris[.]top and other similar sites via redirects caused by intrusive advertisements or Potentially Unwanted Applications (PUAs) already installed on their devices. This software does not need explicit permission to infiltrate systems. PUAs cause redirects, run intrusive ad campaigns and collect browsing-related information.

What is a1-nerdhut[.]com?

Commonly, browsers are forced to open websites such as a1-nerdhut[.]com due to installed potentially unwanted applications (PUAs). I.e., users do not often visit these web pages or download/install PUAs intentionally.

Note that most PUAs promote sites like a1-nerdhut[.]com, serve ads, and gather browsing-related data (allowandgo[.]com, wepushpush[.]com and daily[.]limited are examples of other pages similar to a1-nerdhut[.]com).

What is "Your Microsoft subscription has been expired" email scam?

Commonly, scammers behind phishing emails try to trick recipients into sharing personal information. Usually, their emails (or websites) demand usernames, passwords, bank account numbers, credit card details or other sensitive information.

In this particular case, scammers use an email that appears to be from Microsoft and attempts to trick users into entering their Microsoft account credentials onto a fake website.

What is AnalyticParameter?

AnalyticParameter is an adware-type application with browser hijacker traits. Following successful installation, it runs intrusive advertisement campaigns and makes modifications to browser settings to promote fake search engines. AnalyticParameter promotes d2sri.com on Safari browsers and search.locatorunit.comon Google Chrome browsers.

Additionally, most adware-type apps and browser hijackers monitor users' browsing activity. Due to the dubious methods used to proliferate AnalyticParameter, it is also classified as a Potentially Unwanted Application (PUA). One of the dubious techniques used for this app is distribution via fake Adobe Flash Player updaters.

Furthermore, bogus software updaters/installers are employed to proliferate PUAs, Trojans, ransomware and other malware.

What is belighterservice[.]com?

In most cases, websites such as belighterservice[.]com are promoted by potentially unwanted applications (PUAs) that people download and install inadvertently. I.e., people do not often visit/open these sites intentionally. PUAs tend to promote dubious websites, feed users with ads, and collect information relating to web browsing activities.

Some examples of pages similar to belighterservice[.]com are myfreshposts[.]com, ngcomunicazione[.]com and mediavideo[.]space.

What is MS-Windows Support Alert scam?

In most cases, technical support scam pages such as this are designed to appear as official Microsoft websites. Generally, they display fake notifications, virus alerts stating that there is a problem with the computer (e.g., infected with malware) and needs to be resolved immediately.

The main purpose of these scams is to trick unsuspecting users into calling the provided number and paying for bogus services and software, or to gain remote access to their computers. In any case, never trust these scam websites and ignore the information they provide.

What is myfreshposts[.]com?

myfreshposts[.]com is a rogue website, sharing many similarities with ngcomunicazione.com, mediavideo.space, brothersail.com and countless others. Visitors to this web page are presented with dubious content and/or are redirected to other untrusted or possibly malicious sites.

Few users access myfreshposts[.]com or other similar websites intentionally - most are redirected to them by intrusive advertisements or Potentially Unwanted Applications (PUAs) already installed into their devices. This software does not need explicit user consent to be infiltrated into systems.

PUAs cause redirects, run intrusive ad campaigns and collect browsing-related information.