Virus and Spyware Removal Guides, uninstall instructions

What is maroceffects[.]com?

maroceffects[.]com is the address of a rogue web page which, when visited, redirects to other untrusted web pages or loads dubious content. There are many websites similar to maroceffects[.]com on the internet. Some examples are basenews7[.]com, topflownews[.]com and allow-space[.]com.

Generally, they are opened by potentially unwanted applications (PUAs) installed on browsers and/or operating systems. I.e., people to not often visit these sites intentionally. Furthermore, PUAs can gather browsing data and display intrusive advertisements.

What is Shipment Trackers?

Shipment Trackers supposedly allows users to track their packages, and provides quick links to various shopping and social media sites. In fact, this app is a potentially unwanted application (PUA), a browser hijacker that promotes the hp.hshipmentrackers.com and search.hshipmentrackers.com addresses by changing browser settings.

Most browser hijackers gather information, and this is very likely to include Shipment Trackers. Note that people tend to download and install browser hijackers inadvertently, and hence they are classified as PUAs.

What is Math ransomware?

Discovered by JAMESWT, Math is a malicious program belonging to the Jigsaw ransomware family. It is designed to encrypt (lock) files, change their filenames and display a ransom message in a pop-up window. Math renames encrypted files by appending the ".math" extension to filenames. For example, "sample.jpg" becomes "sample.jpg.math", and so on.

What are the Stompriln sites?

Stompriln is a group of deceptive websites that run various scams. Web pages belonging to this group have been observed promoting the "Dear Safari User, You Are Today's Lucky Visitor" phishing scheme, however, other scams might also be promoted on these sites.

Few users access these websites intentionally - most are redirected to them by intrusive ads or Potentially Unwanted Applications (PUAs) already infiltrated into the system. Note that these apps do not need express permission to be installed onto devices.

What is Oski?

Oski is a malicious program which operates as an information stealer. After infiltration, Oski attempts to access personal, sensitive information so that the cyber criminals responsible can misuse it to generate revenue in various ways. Research shows that this information stealer is distributed through deceptive web pages that are opened due to hijacked router DNS settings.

What is DynamicExtra?

DynamicExtra is an adware-type application with browser hijacker characteristics. It operates by running intrusive advertisement campaigns, modifying browsers and promoting fake search engines. DynamicExtra promotes the Safe Finder web search tool by opening it through akamaihd.net.

Most apps of this type can monitor users' browsing habits. Due to its dubious proliferation methods, DynamicExtra is also classified as a Potentially Unwanted Application (PUA).

What is Taargo?

Taargo is a malicious program belonging to the GlobeImposter ransomware family. Like many other ransomware-type programs, Taargo encrypts files, modifies their filenames and creates ransom messages. It modifies names of all encrypted files by adding the taargo@olszyn.com email address and appending the ".taargo" extension.

For example, it would rename a file called "1.jpg" to something like "1.jpg.[taargo@olszyn.com].taargo", and so on. Taargo also creates a ransom message within an HTML file named "how_to_back_files.html", which can be found in every folder that contains encrypted data.

What is .2020?

Discovered by Jakub Kroustek, .2020 belongs to a family of ransomware-type programs named Dharma. Typically, these programs are designed to prevent victims from accessing or using their files by encryption. Most rename encrypted files and create and/or display ransom messages.

This ransomware renames all files by adding the victim's ID and btckeys@aol.com email address to the filenames, and appending the ".2020" extension. For example, it might change "1.jpg" to a filename similar to "1.jpg.id-1E857D00.[btckeys@aol.com].2020", and so on.

Another variant of .2020 ransomware appends ".[tomasrich2020@aol.com].2020" extension. Instructions about how to contact .2020's developers (and other details) are provided in a pop-up window and the "FILES ENCRYPTED.txt" text file.

What is BasicVirtual?

BasicVirtual is a rogue application classified as adware - it delivers various intrusive advertisements. Additionally, it has browser hijacker characteristics, such as modification of browsers and promotion of fake search engines (BasicVirtual promotes Safe Finder via akamaihd.net).

Since most users download/install this app unintentionally, it is also classified as a Potentially Unwanted Application (PUA). Furthermore, most PUAs have data tracking capabilities, which are employed to monitor users' browsing habits.

What is ArtemisSearch?

ArtemisSearch is a potentially unwanted application (PUA) and part of the AdLoad adware family. Adware-type applications feed users with advertisements and collect various information. Research shows that ArtemisSearch also operates as a browser hijacker, since it promotes a fake search engine by changing browser settings.

Adware-type applications are classified as PUAs, since many users download and install them inadvertently. ArtemisSearch is commonly installed via a fake Adobe Flash Player installer. Note that these installers are used to distribute malware such as Trojans, ransomware, and also other malicious programs.