Virus and Spyware Removal Guides, uninstall instructions

What is bifidavity[.]club?

bifidavity[.]club is the address of an untrusted website which, once visited, opens other pages of this kind or loads dubious content. There are many websites similar to bifidavity[.]club online. Some examples are cloystercdn[.]com, meetclick[.]biz and tiktok-news[.]com.

Typically, users do not visit them intentionally - they are opened through deceptive advertisements, dubious web pages, or by installed potentially unwanted applications (PUAs).

What is BubblePDF?

BubblePDF promotes fake search engine addresses (hp.bubblepdf.com and find.bubblepdf.com) by changing certain browser settings. It can also access data on the system. Generally, users do not download or install browser hijackers intentionally and, for this reason, apps such as BubblePDF are classified as potentially unwanted applications (PUAs).

What is FinSpy?

FinSpy is spyware used to log keystrokes, record audio via microphones and video via webcams, execute remote shell commands, and extract system information and other data. Therefore, cyber criminals can use this spyware for spying, stealing data and remotely controlling infected computers.

What is Lookmini?

Lookmini is rogue software categorized as a browser hijacker. Following successful infiltration, it makes modifications to browser settings to promote tailsearch.com (a fake search engine). Additionally, this browser hijacker monitors users' browsing activity. Due to the dubious methods used to proliferate Lookmini, it is also classified as a Potentially Unwanted Application (PUA).

What is TypeConsole?

TypeConsole is an adware-type application that possesses browser hijacker characteristics. It runs intrusive advertisement campaigns and makes alterations to browser settings to promote bogus search engines. TypeConsole promotes 0yrvtrh.com on Safari browsers and search.dominantmethod.com on Google Chrome browsers.

Additionally, most adware-type apps and browser hijackers have data tracking capabilities, which are employed to monitor users' browsing habits. Due to the dubious techniques used to proliferate TypeConsole, it is also classified as a Potentially Unwanted Application (PUA).

What is search.dominantmethod.com?

search.dominantmethod.com is the address of a fake search engine. These addresses often appear in browser settings after inadvertent installation of a browser hijacker or adware. Note that, in most cases, users download and install apps of this type unintentionally and, therefore, they are categorized as potentially unwanted applications (PUAs).

What is the opertisticolk[.]club website?

Sharing similarities with lokpresearch.club, cloystercdn.com, meetclick.biz and countless others, opertisticolk[.]club is a rogue web page. Visitors to it are presented with dubious content and/or are redirected to other bogus or possibly malicious sites.

Few users access opertisticolk[.]club or similar sites intentionally - most are redirected to them by intrusive advertisements or Potentially Unwanted Applications (PUAs) already installed on the system. This software does not need express user permission to infiltrate devices, and hence users may be unaware of its presence.

PUAs cause redirects, run intrusive ad campaigns and collect browsing-related information.

What is DigitalEnviroment?

DigitalEnviroment is an adware-type application with browser hijacker characteristics. It operates by delivering intrusive ad campaigns and making modifications to browser settings to promote fake search engines. Most adware-type apps and browser hijackers collect browsing-related information, and it is likely that DigitalEnviroment also has these data tracking capabilities.

Due to the dubious techniques employed to proliferate this app, it is also classified as a Potentially Unwanted Application (PUA).

What is atharori[.]net?

atharori[.]net opens other bogus web pages or displays dubious content. This is a rogue website that operates in a similar manner to cloystercdn[.]com, meetclick[.]biz, tiktok-news[.]com, and many other sites of this type. Commonly, they are opened through deceptive ads, other sites of this kind, or by installed potentially unwanted applications (PUAs).

I.e., most users do not visit them intentionally. Note that the aforementioned applications can also be designed to gather data and display ads. 

What is the DLL (Phobos) ransomware?

Discovered by Luigi Martire, DLL is a malicious program belonging to the Phobos ransomware family. This ransomware operates by encrypting data and demanding payment for decryption tools.

During the encryption process, files are renamed according to this pattern: original filename, unique ID assigned to the victim, cyber criminals' email address and the ".DLL" extension (not the be confused with the extension of Dynamic Link Library files).

For example, a file originally named "1.jpg" would appear as something similar to "1.jpg.id[C279F237-2989].[technopc@tuta.io].DLL" following encryption. After this process is complete, ransom messages are created in a pop-up window ("info.hta") and "info.txt" text file.