Virus and Spyware Removal Guides, uninstall instructions

What is "AdBlocker Update"?

The internet is full of deceptive websites designed to trick people into downloading and installing various potentially unwanted applications (PUAs). This particular page encourages visitors to continue watching a video in Safe Mode and install/update AdBlocker.

Research shows that this dubious web page is used to advertise not one, but multiple PUAs. One is called Super BlockerAd. You are advised to download applications only from official, trustworthy websites. Note that people do not generally visit these sites intentionally - in most cases, they are opened through dubious ads, other sites of this kind, or by installed PUAs.

What is ComputerDestroyer?

Discovered by S!Ri, ComputerDestroyer is a form of malware that locks the infected computer. In this way, it prevents victims from accessing and using their data. It also changes the desktop wallpaper, displays a pop-up window asking users to enter a 'decryption code', and plays an audio message repeatedly stating the word "coronavirus".

What is Access+?

Access+ is classified as adware. It delivers various unwanted and even harmful advertisements into search results provided by the Google search engine. Additionally, most adware-type apps have data tracking capabilities, which are employed to monitor users' browsing activity.

Access+ is no exception to this. Due to its dubious proliferation methods, it is also classified as a Potentially Unwanted Application (PUA).

What is KEY0004?

As with Jerry_glanville and DavesSmith, KEY0004 is yet another variant of Balaclava ransomware, which was discovered by GrujaRS. It encrypts files, renames them and creates ransom messages. KEY0004 renames files by appending the ".KEY0004" extension to filenames.

For example, it renames "1.jpg" to "1.jpg.KEY0004", "2.jpg" to "2.jpg.KEY0004", and so on. Instructions about how to contact the cyber criminals who designed this ransomware can be found in "HOW_TO_RECOVERY_FILES.txt" text files. KEY0004 drops these files into folders that contain encrypted data.

What is Damn Good Recipe Promos?

The Damn Good Recipe Promos application generates revenue for the developers by feeding users with various advertisements.

Therefore, it is classified as adware. These apps commonly serve ads and also collect browsing-related (and other) data. Generally, people download and install adware inadvertently and, for this reason, software programs of this type are classified as potentially unwanted applications (PUAs).

What is DataHandler?

DataHandler is an application categorized as adware. It delivers intrusive ad campaigns and also possesses browser hijacker characteristics. This app makes alterations to browser settings to promote a fake search engine: Safe Finder via akamaihd.net.

Additionally, most adware apps and browser hijackers monitor users' browsing habits. It is also likely that DataHandler has data tracking capabilities. Due to the dubious methods used to proliferate this adware, DataHandler is also classified as a Potentially Unwanted Application (PUA).

What is "HSBC Bank Covid-19 Update"?

Many spam campaigns infect computers with high-risk malware. Cyber criminals send emails that contain malicious attachments, or website links designed to download malicious files, and they hope that recipients open/execute them. Generally, the emails are disguised as important, official messages from legitimate companies.

This particular email is disguised as a message from HSBC Bank. It contains an attachment, which installs malicious software called Pony.

What is the "We Have Hacked Your Website" email?

"We Have Hacked Your Website" is a scam email claiming that the website of the recipient's company has been hacked. The scammers state that they have obtained the databases and will leak them, unless a certain sum is paid within the given time frame.

This message is a scam and the information provided is false. Therefore, you are advised to simply ignore the "We Have Hacked Your Website" email.

What is Creepy?

Discovered by malware researcher S!Ri, Creepy is a ransomware-type program that encrypts files and appends filenames with the "[rzi-tna][Zir0@airmail.cc].creepy" extension. For example, a file like "1.jpg" would appear as "1.jpg[rzi-tna][Zir0@airmail.cc].creepy" following encryption.

After this process is complete, a pop-up window is displayed containing a message demanding payment for decryption tools/software.

What is Twin Flower?

Twin Flower is a malware campaign used to spread files designed to install a malicious music downloader, which downloads files without users' permission and collects browser cookies. Files distributed through the Twin Flower campaign can do further damage by injecting malicious code into systems.

Therefore, if files relating to the Twin Flower campaign are present on the operating system, they should be removed immediately.