Virus and Spyware Removal Guides, uninstall instructions

What are the fake "Your iPhone is now online and located" text messages?

"Your iPhone is now online and located" is a smishing scam. The term "smishing" is closely related to "phishing". This type of scheme is promoted via text (SMS) messages and typically attempts to extract personal information from potential victims - often, under the guise of legitimate company representatives.

In the case of the "Your iPhone is now online and located" scam, the deceptive SMS messages are disguised as security alerts from "Apple Support". The messages sent by this scam state that recipients' mobile devices have been located and are currently online.

This scheme is in no way associated with Apple Inc., and all of the information provided by it is false. The goal of "Your iPhone is now online and located" is to abuse users' trust for profit.

What kind of malware is Heroes of the Storm?

This ransomware was discovered by GrujaRS. Cyber criminals behind Heroes of the Storm (or simply Crypt32) ransomware use the same name as developers of a legitimate game. In fact, the game has nothing to do with this malware.

Heroes of the Storm ransomware is designed to encrypt files and create the "!! YOUR FILES HAS BEEN ENCRYPTED !!.txt" text file (containing a ransom message) in all folders that contain encrypted files. Unlike most other ransomware-type programs, this ransomware leaves the filenames of encrypted files unchanged.

I.e., Heroes of the Storm does not append any extension or modify filenames in any other way.

What is Foxy Newtab?

Foxy Newtab hijacks browsers by changing certain settings (such as the address of a fake search engine) to tryfoxy.com and collects browsing-related information. Commonly, users download and install browser hijackers inadvertently and, therefore, they are categorized as potentially unwanted applications (PUAs).

What is Eco Search?

Eco Search is rogue software categorized as a browser hijacker. It operates by making changes to browser settings to promote ecosearch.club (a fake search engine). This browser hijacker also monitors users' browsing activity. Due to the dubious methods used to proliferate Eco Search, it is also classified as a Potentially Unwanted Application (PUA).

What is WSHLP?

WSHLP is a ransomware-type program and part of the Dharma ransomware family. Generally, malware of this type is designed to encrypt files, rename them, and provide victims with instructions about how to contact the developers through a ransom message.

WSHLP renames encrypted files by adding the victim's ID, newhelper@cock.li email address and appending the ".WSHLP" extension to filenames.

For example, after encryption a file named "1.jpg" is renamed to "1.jpg.id-C279F237.[newhelper@cock.li].WSHLP", "2.jpg" is renamed to "2.jpg.id-C279F237.[newhelper@cock.li].WSHLP", and so on. This ransomware displays ransom message in a pop-up window and creates the "FILES ENCRYPTED.txt" file, a shorter ransom message.

What is Spotify email scam?

In most cases, cyber criminals/scammers behind phishing emails contact potential victims via email, text message or telephone. They attempt to trick people into providing sensitive information such as credit card details and passwords.

In this particular case, scammers send emails disguised as messages from Spotify asking recipients to update their payment methods via a fake Spotify website. Their main goal is to steal Spotify accounts. Never trust this email, or similar.

What is PDFSearchio?

PDFSearchio is dubious software categorized as a browser hijacker. It operates by making alterations to browser settings to promote pdfsearchio.com (a bogus search engine). This browser hijacker also has data tracking capabilities, which are used to collect browsing-related information.

Since most users install PDFSearchio unintentionally, it is also classified as a Potentially Unwanted Application (PUA).

What is hp.myway.com?

Like most browser hijackers, RecipeSearch promotes a fake search engine address by changing browser settings. In this case, it assigns them to hp.myway.com. It can also access and collect various data. Users often download and install browser hijackers inadvertently and, for this reason, they are categorized as potentially unwanted applications (PUAs).

RecipeSearch is a PUA developed by Mindspark Interactive Network.

What is the Jackpot ransomware?

Discovered by GrujaRS, Jackpot is malicious software categorized as ransomware. During the encryption process all compromised files are appended with the ".coin" extension. For example, a file named something like "1.jpg" would appear as "1.jpg.coin", "2.jpg" as "2.jpg.coin", and so on.

After this process is complete, ransom messages (in "payment request.html" and "payment request.txt" files) are created on the desktop. Additionally, Jackpot locks the device's screen with an identical message to those in the ransom-demand .html and .txt files.

What is Atlas Home Products email virus?

Typically, cyber criminals use malspam campaigns to trick recipients into opening a downloaded malicious attachment, or file downloaded through a website link, in a received email. When opened, the file installs malicious software. Commonly, emails sent by cyber criminals are disguised as important and official.

The email in this malspam campaign is disguised as a message from Atlas Home Products and used to distribute a malicious program called Adwind.