Virus and Spyware Removal Guides, uninstall instructions

What is the Trojan Spyware Alert scam?

Scammers behind this tech support scam attempt to trick unsuspecting visitors into believing that their computers are infected with a Trojan and/or Spyware and calling the provided number. They attempt to trick users into paying for unnecessary services, software, or even to provide remote access to their computers.

You should avoid these websites. This particular web page is hosted using Amazon AWS, a legitimate service provided by Amazon. This is not the first case whereby cyber criminals/scammers have employed this service for malicious purposes.

What is TRAPGET?

TRAPGET is a variant of NEFILIM ransomware. This variant was discovered by GrujaRS and is designed to encrypt victims' files, modify their filenames and create the "TRAPGET-INSTRUCTION.txt" text file - a ransom message with instructions about how to contact the ransomware developers, and various other details.

TRAPGET renames encrypted files by appending the ".TRAPGET" extension to filenames. Therefore, "1.jpg" would be renamed to "1.jpg.TRAPGET", "2.jpg" to "2.jpg.TRAPGET", and so on.

What is FractionData?

FractionData is an adware-type application with browser hijacker characteristics. Following successful infiltration, this app delivers intrusive advertisement campaigns, makes modifications to browser settings and promotes fake search engines. On Safari browsers, FractionData promotes z6airr.com, and on Google Chrome browsers, search.trustenviroment.com.

Additionally, most adware-type apps and browser hijackers collect browsing-related information. Due to the dubious methods used to proliferate FractionData, it is also classified as a Potentially Unwanted Application (PUA). One of the techniques employed in FractionData's distribution is proliferation via fake Adobe Flash Player updates.

Bogus software updaters/installers are used to spread PUAs, Trojans, ransomware and other malware.

What is WebQuestSearch?

WebQuestSearch serves advertisements and changes certain browser settings (promotes a fake search engine address). It might also be designed to gather information relating to users' browsing habits and various other details. In this way, WebQuestSearch functions as adware and a browser hijacker. 

Commonly, users download and install adware-type apps/browser hijackers inadvertently and, for this reason, WebQuestSearch and similar apps are classified as potentially unwanted applications (PUAs). This particular PUA is distributed through a fake installer, which is disguised as an installation for Adobe Flash Player.

What is the jioer[.]pro site?

jioer[.]pro is a rogue website and just one of thousands of identical and similar pages on the web. Some other examples are mybestnewz.com, mypushz.com, and beforeigntools.club. Visitors to jioer[.]pro are presented with dubious information and/or are redirected to other untrusted and possibly malicious sites.

Few users access these websites intentionally - most are redirected to them by intrusive advertisements or Potentially Unwanted Applications (PUAs) already installed onto their devices. This software does not need explicit users consent to infiltrate systems. PUAs cause redirects, run intrusive ad campaigns and collect browsing-related data.

What is the FedEx Invoice Ready email virus?

Malspam campaigns are usually disguised as official messages from legitimate companies and organizations, and contain an attachment or website link designed to download a malicious file. The main aim of cyber criminals behind such emails is to deceive the recipient into executing a file that infects the computer with a malicious program.

This malspam campaign is disguised as a message from FedEx and is used to distribute malicious software called Dridex.

What is DuckRAT?

DuckRAT is malicious software classified as a Remote Access Trojan (RAT). Trojans of this type enable remote access and control over an infected machine. RATs can have a wide variety of dangerous functionality, which can be used in various ways and lead to likewise varied issues.

DuckRAT malware employs DarkTrack, NirSoft and Fynloski RAT tools to access and control compromised devices, and to steal information from them. This RAT is classified as a highly dangerous piece of software and its infections must be eliminated immediately upon detection.

What is news-gg[.]com?

Websites such as news-gg[.]com load dubious content and promote (open) dubious websites. There are many websites similar to news-gg[.]com online including, for example, mypushz[.]com, beforeigntools[.]club and readnewmessage[.]com. 

Generally, users do not visit these sites intentionally - they are opened when browsers have potentially unwanted applications (PUAs) installed.

What is urt-news1[.]club?

urt-news1[.]club functions in a similar manner as mypushz[.]com, beforeigntools[.]club, readnewmessage[.]com and many other rogue websites.

It loads dubious content and/or opens other dubious web pages. In most cases, users arrive at these sites when they click deceptive ads, visit other untrusted pages, or have potentially unwanted applications (PUAs) installed on their browsers and/or computers. I.e., most people do not visit sites such as urt-news1[.]club intentionally.

What is HDSportSearchs?

HDSportSearchs is rogue software categorized as a browser hijacker. Following successful infiltration, it makes modifications to browser settings to promote hdsportsearchs.com (a fake search engine). This browser hijacker also has data tracking capabilities, which are used to monitor activity and collect browsing-related information.

Due to the dubious techniques employed to proliferate HDSportSearchs, it is also classified as a Potentially Unwanted Application (PUA).