Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is Revon?

Revon is a malicious program, belonging to the Phobos ransomware family. It encrypts data and demands payment for decryption tools/software. During encryption, the files are renamed according to this pattern: original filename, unique ID, cyber criminals' email address and the ".revon" extension.

For example, a file originally named "1.jpg" would appear as something similar to "1.jpg.id[1E857D00-2795].[werichbin@protonmail.com].revon", and so on for all compromised files. Once this process is complete, ransom messages within the "info.hta" and "info.txt" files are created.

What is "COVID-19 Pandemic Email Virus"?

The number of cases whereby scammers use spam campaigns to profit from the COVID-19 (coronavirus) outbreak is growing daily. In most cases, they send emails designed to appear as if they are from the CDC (Centers for Disease Control and Prevention), WHO (World Health Organization) offering medical advice or other information.

In this particular case, scammers proliferate an email asking recipients if the outbreak is going to affect a shipment delivery time, and then encouraging them to open an attached IMG file disguised as a purchase order. The file attached to this email is designed to install FormBook, a malicious program designed to steal personal, sensitive information.

What is the Sorano Stealer?

Sorano Stealer is malicious software designed to exfiltrate (i.e., steal) various information from an infected system. This malware's primary functions include exfiltration of information stored in browsers and sessions from applications. The stolen data can be misused in various ways.

For example, Sorano Stealer's developers offer stolen information for sale. How the malware works and obtained information is used depends on the cyber criminals' modus operandi.

What is "Microsoft Email Scam"?

Scammers attempt to deceive people into providing sensitive, personal information in various ways. In this particular case, they use a phishing campaign. I.e., they send emails disguised as messages from Microsoft regarding unusual sign-in activity.

Scammers spread this scam in order to trick unsuspecting people into entering credentials on a fake Microsoft account web page.

What is DisplayAdvice?

DisplayAdvice serves advertisements, collects sensitive information and promotes Safe Finder by opening it via akamaihd.net. Therefore, this application functions as adware and an information tracking tool. Apps of this type are categorized as potentially unwanted applications (PUAs), since people often download and install them accidentally.

What is Best Coupons Now Promos?

As its name suggests, Best Coupons Now Promos serves advertisements and is classified as adware. Commonly, adware-type applications collect various user-system information. Most users download and install programs such as Best Coupons Now Promos inadvertently and, therefore, they are classified as potentially unwanted applications (PUAs).

What is MainPanelSearch?

MainPanelSearch is a rogue application categorized as adware. It runs intrusive ad campaigns (i.e., enables the placement of various ads on any visited website). Additionally, this app has browser hijacker characteristics, such as modification of browser settings and promotion of fake search engines.

Most adware and browser hijackers can track browsing-related data. MainPanelSearch has been distributed using fake Adobe Flash Player update/installation set-ups. Due to these dubious proliferation methods, MainPanelSearch is also classified as a Potentially Unwanted Application (PUA).

Furthermore, bogus updaters/installers are often used to spread PUAs and even Trojans, ransomware and other malware.

What is LookupTrack?

The LookupTrack application is categorized as adware with browser hijacker characteristics. This app enables the placement of various intrusive ads on any visited website, and also modifies browsers and promotes fake search engines. LookupTrack promotes Safe Finder through akamaihd.net.

Most adware and browser hijackers monitor users' browsing activity. Due to its dubious proliferation methods, LookupTrack is also classified as a Potentially Unwanted Application (PUA).

What is savethevideo[.]com?

savethevideo[.]com is an untrusted website allowing users to convert videos from YouTube, Facebook, Twitter and other sites, from URLs. It can also be used to edit (e.g. cut and merge) videos. As well as infringing copyright law, savethevideo[.]com uses rogue advertising networks.

This is a common monetization technique by which content/advertisements displayed within a website promote dubious and possibly malicious material. Therefore, when these web pages are accessed and used (i.e., any buttons/options are pressed) or displayed ads are clicked, people are redirected to other dubious and even dangerous websites.

Therefore, avoid visiting or using savethevideo[.]com, since this can result in serious issues.

What is TechAdviseSearch?

TechAdviseSearch is designed to operate as adware and a browser hijacker. It displays various advertisements and promotes a fake search engine by changing browser settings. Applications of this type are categorized as potentially unwanted applications (PUAs), since people tend to download and install them inadvertently.

In this particular case, it is very likely that most users install TechAdviseSearch through a fake Adobe Flash Player installer.