Virus and Spyware Removal Guides, uninstall instructions

What is MassLogger?

MassLogger (also known as Mass Logger) is a malicious program classified as a keylogger and 'stealer malware'. The primary purpose of MassLogger is data extraction (i.e., it steals information). The data targeted by this malware depends on the cyber criminals using it.

Since this keylogger/stealer is available for purchase, the threat actors operating it can be varied, unconnected to one another, and have different goals. This program is highly dangerous software, and therefore is it crucial to remove MassLogger infections immediately.

What is "Australian Government Department of Health Email Virus"?

Cyber criminals often attempt to trick users into installing malware on their computers through spam campaigns. They send emails that contain malicious attachments or website links designed to download malicious files. Their main goal is to deceive recipients into opening the rogue file, which then installs malware.

Commonly, they disguise their emails as important, and are seemingly sent from well-known, official companies, etc. In this case, they send emails disguised as messages from the Australian Government Department of Health and include attachments designed to install a Remote Access Trojan (RAT) called NanoCore.

What is thediseasetracker[.]com?

thediseasetracker[.]com is a rogue web page similar to zpredir1.com, biz-4u.com, behavingsoping.club and thousands of others. It provides visitors with dubious content and/or redirects them to other untrusted or even malicious sites.

Typically, thediseasetracker[.]com and similar websites are accessed via redirects caused by intrusive advertisements and Potentially Unwanted Applications (PUAs). These rogue apps do not need explicit user consent to be installed onto devices. PUAs cause redirects, deliver intrusive ad campaigns and collect browsing-related data.

What is Precious Bible browser hijacker?

Precious Bible is a browser hijacker endorsed as a tool capable of providing daily bible verses and easy access to related content. In fact, this rogue software modifies browsers to promote preciousbible.com (a fake search engine). Additionally, Precious Bible has data-tracking capabilities, which are employed to monitor users' browsing habits.

Due to the dubious methods used to proliferate Precious Bible, it is also classified as a Potentially Unwanted Application (PUA).

What is Qensvlcbymk?

Discovered by GrujaRS, Qensvlcbymk is a malicious program belonging to the Snatch ransomware family. Qensvlcbymk ransomware operates by encrypting data and demanding payment for decryption. During the encryption process, all compromised files are appended with the ".qensvlcbymk" extension.

For example, a file like "1.jpg" would appear as "1.jpg.qensvlcbymk" following encryption. Once this process is complete, a ransom message ("HOW TO RESTORE YOUR FILES.TXT") is dropped into every affected folder.

What is PC Win Booster?

As its name suggests, PC Win Booster is software designed to improve computer performance. In fact, this app is distributed by including it into the set-ups of other programs. Programs distributed in this way are categorized as potentially unwanted applications (PUAs). These rogue apps have a dubious reputation and should not be trusted.

What is zpredir1[.]com?

zpredir1[.]com is a rogue website sharing many similarities with biz-4u.com, thenickelpress.com, behavingsoping.club and countless others. These sites operate by presenting visitors with dubious content and/or redirecting them to other untrusted or even malicious web pages.

Few visitors access zpredir1[.]com or similar websites intentionally - most are redirected to them by intrusive ads or Potentially Unwanted Applications (PUAs) already installed onto the system. PUAs cause redirects, run intrusive ad campaigns and track browsing-related information.

What kind of malware is Eking?

Eking belongs to the Phobos ransomware family. It encrypts files, renames them, and generates a number of ransom messages. Eking renames files by adding the victim's ID, decphob@tuta.io email address, and appending the ".eking" extension to filenames.

For example, it renames "1.jpg" to "1.jpg.id[1E857D00-2275].[decphob@tuta.io].eking", "2.jpg" to "2.jpg.id[1E857D00-2275].[decphob@tuta.io].eking", and so on. It displays a ransom message in a pop-up window ("info.hta") and creates another in a text file ("info.txt").

What is Weather Online Now?

Weather Online Now is advertised as an app providing the latest forecast updates. In fact, this is a browser hijacker that promotes a fake search engine (weatheronlinenow.com) by changing browser settings. Additionally, it might collect information relating to users' browsing activity.

Typically, users download and install browser hijackers unintentionally and, therefore, Weather Online Now is categorized as a potentially unwanted application (PUA).

What is Bunitu?

Bunitu is a Trojan, which turns infected computers into proxies for remote clients. It can reduce network traffic and be used to reroute IP addresses of infected computers and misuse them for malicious purposes. If there is any reason to believe that your computer is infected with this proxy Trojan, it should be uninstalled from the operating system immediately.