Virus and Spyware Removal Guides, uninstall instructions

What is GNS ransomware?

GNS encrypts files, changes their filenames and provides victims with instructions about how to contact the developers. This ransomware renames files by adding the victim's ID, geniusid@protonmail.ch email address and appending the ".GNS" extension.

For example, it would rename "1.jpg" to "1.jpg.id-9CFA2D20.[geniusid@protonmail.ch].GNS", "2.jpg" to "2.jpg.id-9CFA2D20.[geniusid@protonmail.ch].GNS", and so on. Instructions about how to contact cyber criminals (ransom messages) can be found in a pop-up window and the "FILES ENCRYPTED.txt" text file.

GNS is a part of the Dharma ransomware family and was discovered by Jakub Kroustek.

What is the "System Activation KEY has expired" scam?

"System Activation KEY has expired" is a message displayed in a fake technical support scam, promoted by various deceptive websites. Visually this scheme mimics the appearance of the Blue Screen error displayed on Windows Operating Systems (OSs), specifically the graphics of these errors as they appear on Windows 8, 8.1 and 10 OS versions.

This scam is designed to trick users into calling a fraudulent tech support helpline. The scheme claims that users' device has been blocked, due to detected infections.

To further the impression that this claim is legitimate, "System Activation KEY has expired" scam automatically displays file download dialogue windows (which appear continuously, despite any declinations) - this freezes the browser and increases the believability of the statement that the computer has been locked.

It must be emphasized that this is not a genuine Windows error/alert and the scam is in no way associated with the actual Microsoft corporation.

Furthermore, no webpage can detect threats/issues present on a device. Most users access scam sites unintentionally, they get redirected to such by intrusive advertisements or by PUAs (Potentially Unwanted Applications), already infiltrated into the system.

What is "Total Mac Fixer"?

The Total Mac Fixer application is promoted as a tool capable of optimizing system operations by removing unwanted files, managing apps, and improving system start-up speed. Since most users download/install Total Mac Fixer inadvertently, it is classified as a Potentially Unwanted Application (PUA).

Apps within this category are typically untrusted and can have dangerous capabilities. For example, causing redirects to dubious/malicious websites, delivering intrusive advertisement campaigns, making modifications to browsers and collecting browsing-related information.

What is DPS Websafe?

DPS Websafe hijacks browsers by modifying certain browser settings (changing them to dpswebsafe.com, the address of a fake search engine). Users often download and install browser hijackers inadvertently and, for this reason, they are categorized as potentially unwanted applications (PUAs).

Note that apps such as DPS Websafe are often designed to promote fake search engines and collect browsing-related data.

What is WebAdvancedSearch adware?

WebAdvancedSearch is an adware-type application with browser hijacker traits. It delivers intrusive advertisement campaigns and modifies browsers to promote fake search engines.

Most adware type apps and browser hijackers have data tracking capabilities, which are used to monitor users' browsing activity, and it is very likely that WebAdvancedSearch has this functionality as well. Due to the dubious techniques used to proliferate WebAdvancedSearch, it is classified as a Potentially Unwanted Application (PUA).

This app has been observed being spread via fake Adobe Flash Player updates. Bogus software updaters/installers are also used to spread malware such as Trojans, ransomware, cryptominers, etc.

"Adobe Email Virus" removal guide

What is "Adobe Email Virus"?

Typically, cyber criminals behind these spam campaigns send emails disguised as "official" and "important" to trick people into installing malicious software. In many cases, they succeed when recipients open/execute a malicious file (attachment), which then installs malware. In this particular case, the attached file contains a website link designed to download a malicious file. Therefore, do not to trust emails of this type or open files/links within them.

How to remove ExtendedTask adware from Mac computers

What is ExtendedTask adware?

ExtendedTask is rogue software classified as adware and possessing browser hijacker traits. This application operates by running intrusive advertisement campaigns, making modifications to browser settings and promoting fake search engines. ExtendedTask promotes Safe Finder via akamaihd.net. It is highly likely that this app also monitors users' browsing activity, as this is a common feature of adware and browser hijackers. Due to the dubious techniques used to proliferate ExtendedTask, it is also classified as a Potentially Unwanted Application (PUA).

"Your device was not properly secured" email scam removal guide

What is the "Your device was not properly secured" email?

"Your device was not properly secured" is a scam email, claiming that all recipients' devices have been compromised and their data has been exfiltrated. Unless they pay the ransom, the messages threaten that there are serious consequences. Note that all information provided by "Your device was not properly secured" emails is false. Therefore, recipients' computers have not been infiltrated and their data has not been stolen.

How to remove AdvancedProcesser adware from Mac computers

What is AdvancedProcesser adware?

AdvancedProcesser is categorized as adware with browser hijacker traits. Following successful installation, this application runs intrusive advertisement campaigns and modifies browser settings to promote fake search engines. AdvancedProcesser promotes Safe Finder through akamaihd.net. Additionally, most adware and browser hijackers monitor users' browsing activity, and it is likely that AdvancedProcesser does so as well. Since most users download/install AdvancedProcesser inadvertently, it is classified as a Potentially Unwanted Application (PUA).

What is Pojie ransomware?

Discovered by malware researcher, S!Ri, Pojie is malicious software categorized as ransomware. Systems infected with this malware experience data encryption and users receive ransom demands for decryption. During the encryption process, all compromised files are appended with the ".52pojie" extension.

For example, a file originally named "1.jpg" would appear as something similar to "1.jpg.52pojie" following encryption. After this process is complete, a ransom message in Chinese is created in the "52pojie-DECRYPT----[random_number].txt" file. For example, "52pojie-DECRYPT----1594079023934.txt".