Virus and Spyware Removal Guides, uninstall instructions

What is the fake "IOS /MAC Defender Alert"?

"IOS /MAC Defender Alert" is a technical support scam, promoted on deceptive websites. This scheme targets Apple product users and claims that their devices have been infected. To prevent any damage being caused to the device, users are encouraged to call "Apple technical Support".

This is a scam, and all of the information provided by "IOS /MAC Defender Alert" is false. Additionally, this fake alert is in no way associated with the genuine Apple Inc. company. Few users access these deceptive/scam pages intentionally - most are redirected to them by intrusive advertisements or Potentially Unwanted Applications (PUAs) already infiltrated into the system.

What is Docallisec?

Docallisec is an adware-type application with browser hijacker traits. Following installation, it runs intrusive advertisement campaigns (i.e. delivers various unwanted ads), makes alterations to browser settings and promotes fake search engines. Most adware and browser hijackers have data tracking capabilities, and it is highly likely that Docallisec has these as well.

Due to the dubious methods used to spread this app, it is also classified as a Potentially Unwanted Application (PUA). One of the distribution techniques used for Docallisec is proliferation via fake Adobe Flash Player updates. Rogue software updaters/installers proliferate not just PUAs but also Trojans, ransomware and other malware.

What is ExpertLookupEngine?

ExpertLookupEngine is rogue software categorized as adware. This app also has browser hijacker traits. It operates by running intrusive advertisement campaigns, making modifications to browser settings and promoting fake search engines. It is highly likely that ExpertLookupEngine records browsing activity, as is the case with most adware and browser hijackers.

Since users typically download/install ExpertLookupEngine unintentionally, it is classified as a Potentially Unwanted Application (PUA). One of the dubious techniques used to distribute ExpertLookupEngine is via fake Adobe Flash Player updates. Bogus software updaters/installers are also used to proliferate malware (e.g. Trojans, ransomware, etc.).

What is "Your Mac is infected with 5 viruses!"?

This deceptive website is designed to promote another scam ("Norton subscription has expired today") and trick visitors into believing that their Mac computers are infected with viruses. It claims that, to remove the viruses, visitors must renew their antivirus software subscriptions.

In fact, this web page promotes a potentially unwanted application (PUA), which has nothing to do with Norton AntiVirus or any other legitimate antivirus software.

What is SectionBrowser?

SectionBrowser is an adware-type application with browser hijacker traits. Following successful installation, it operates by delivering intrusive advertisement campaigns, making modifications to browser settings and promoting fake search engines. SectionBrowser promotes Safe Finder via akamaihd.net in this way.

Additionally, most adware and browser hijackers have data tracking capabilities that are used to monitor users' browsing activity. It is highly likely that SectionBrowser has this functionality as well. Due to the dubious methods used to proliferate SectionBrowser, it is classified as a Potentially Unwanted Application (PUA).

What is [Zfile@Tuta.Io] ransomware?

[Zfile@Tuta.Io] is a malicious program, which is part of the GlobeImposter ransomware family. It operates by encrypting files and demanding payment for decryption. During the encryption process, all affected files are appended with the ".[Zfile@Tuta.Io]" extension.

For example, a file originally named something like "1.jpg" would appear as "1.jpg.[Zfile@Tuta.Io]" following encryption. After this process is complete, ransom-demand messages within "recover files.hta" files are dropped into compromised folders.

What is SearchWebPortal?

SearchWebPortal is a rogue application classified as adware, which also has browser hijacker traits. Following successful infiltration, it operates by delivering intrusive advertisement campaigns, making modifications to browser settings and promoting fake search engines.

Most adware and browser hijackers monitor users' browsing activity, and it is highly likely that SearchWebPortal does so as well. Due to the dubious methods used to proliferate this app, it is classified as a Potentially Unwanted Application (PUA). One of the dubious distribution methods employed to proliferate SearchWebPortal is via fake Adobe Flash Player updates.

Note that bogus software updaters/installers distribute both PUAs and malware (e.g. Trojans, ransomware, etc.).

What is FlyingShip?

Discovered by Karsten Hahn, FlyingShip ransomware is based on CryptoWire. It encrypts files using the AES-257 encryption algorithm and renames all encrypted files by inserting the ".flyingship" string into the filenames. For example, it would rename a file called "1.jpg" to "1.flyingship.jpg", "2.jpg" to "2.flyingship.jpg", and so on.

Instructions about how to contact the cyber criminals behind FlyingShip and pay the ransom are provided in a pop-up window.

What is the "Secure Boot Violation" scam?

"Secure Boot Violation" is a deceptive message displayed by screen-locking malicious software. Screenlockers prevent using the infected device (by locking its screen) and often present users with false information regarding the loss of access.

"Secure Boot Violation" is no exception to this, and claims that the Windows Operating System (OS) has been blocked due to detected, unauthorized changes made to it. The "Secure Boot Violation" message shares characteristics with technical support scams, since it promotes fake tech support helplines.

This screenlocker has been observed being proliferated under the guise of a "Driver Update" (an application with a wide database of Windows drivers), which is capable of detecting outdated drivers and updating them.

What is ivpnconfig[.]com?

ivpnconfig[.]com is a deceptive website that often tricks visitors into downloading and installing a potentially unwanted application (PUA). For example, a fake anti-virus tool, adware, or browser hijacker. In most cases, these sites are opened through other dubious websites, untrusted advertisements, or by installed PUAs.

In any case, people do not often visit addresses such as ivpnconfig[.]com intentionally.