Virus and Spyware Removal Guides, uninstall instructions

What is Iwanttits?

Discovered by malware researcher, Raby, Iwanttits is decryptable ransomware. In general, malicious programs classified as ransomware encrypt the data of infected systems in order to demand ransom payments for decryption tools/software. In some cases, the files are not encrypted - instead, they are password-locked.

As the title of this ransomware suggests (and unlike most infections of this type), it does not demand a monetary ransom payment. Iwanttits appends affected files with the ".iwanttits" extension. For example, a file such as "1.jpg" appears as "1.jpg.iwanttits", and so on for all compromised files.

After this process is compete, it displays a pop-up window, which leads to a window containing the "ransom note". Iwanttits ransomware decryption password ("sAsHat1t") has been provided by malware researcher S!Ri.

What kind of malware is Crown?

Crown (Dharma) belongs to the family of ransomware named Dharma. Like most malicious programs of this type, it encrypts files, changes their filenames and provides victims with instructions about how to contact the developers. Crown (Dharma) renames all files by adding the victim's ID, developer's email address and appending the ".crown" extension to filenames.

For example, it would rename "1.jpg" to a filename similar to "1.jpg.id-1E857D00.[crown_desh@aol.com].crown", and so on. Furthermore, Crown (Dharma) creates a text file ("FILES ENCRYPTED.txt") and displays a pop-up window.

What is Easy Mac Care?

The Easy Mac Care app is advertised as supposedly enabling Mac computers to run faster and more securely, however, research shows that this app is distributed through the set-ups of other programs. Programs distributed this way are categorized as potentially unwanted applications (PUAs).

Software of this type should not be trusted. Note that people usually download and install PUAs unintentionally.

What is safariosso-aplosso[.]com?

safariosso-aplosso[.]com is a scam website that promotes untrusted/malicious software using deceptive methods. There are several versions of this scam running on safariosso-aplosso[.]com. In short, visitors to this page are informed that their device is infected or at risk.

They are then instructed to download/install nonoperational, unwanted or malicious content. Few users enter such websites intentionally - typically they are redirected to them by intrusive advertisements or Potentially Unwanted Applications (PUAs) already infiltrated into the browser/system.

What is Chrome "Managed by your organization"?

"Managed by your organization" is an entry that can be found in Google Chrome's main menu. It is a legitimate Google Chrome feature that allows organization administrators to manage various Chrome browser settings for users within their organization.

Essentially, "Managed by your organization" indicates that one or more policies are set in Chrome and it is being managed by a group, organization, etc. In fact, Chrome users who are not part of any organization see the "Managed by your organization" item in their browser settings.

This usually occurs when a potentially unwanted application (PUA), a browser hijacker, or even malicious program is installed on the Chrome browser and sets certain policies that control how the browser operates.

What is Onix ransomware?

Onix is malicious software categorized as ransomware. It operates by encrypting the data of infected systems to demand ransom payments for decryption tools.

During the encryption process, all affected files are renamed according to this pattern: original filename, random number, cyber criminals' email address and the ".ONIX" extension (e.g. "[random_number].petek@tutanota.com.ONIX").

For example, a file like "1.jpg" would appear as something similar to "1.jpg.33868453691972502380.petek@tutanota.com.ONIX" following encryption.

There are several variants of this malware. After the encryption process is complete, they drop a ransom message ("TRY_TO_READ.html") on the desktop and change the wallpaper. The text presented in the messages is identical in both variants, the only difference being the email addresses presented.

Updated variants of this ransomware use the ".Ad_finem@tutanotam.com.ONIX" extension for encrypted files.

What is "AOL Winner Email Scam"?

This email scam delivers messages that appear to be emails from AOL, an online service provider company. The scammers behind the scheme attempt to trick unsuspecting recipients into providing various information. Typically, scammers misuse provided details to generate revenue in various ways.

Trusting these emails exposes recipients to risk of a number of problems. Therefore, ignore these emails.

What is SystemNotes?

SystemNotes is software categorized as adware. As with most applications within this category, it is promoted as a tool for improving the browsing experience by providing fast searchers, accurate search results, etc. In fact, this rogue app diminishes the browsing experience by running intrusive advertisement campaigns.

Due to the dubious proliferation methods used to promote SystemNotes (most users download/install it inadvertently), it is also classified as a Potentially Unwanted Application (PUA). Furthermore, most PUAs (including adware) monitor users' browsing habits and gather information derived from it.

What is biglocateriod[.]pro?

biglocateriod[.]pro is a rogue website, and one of many similar pages on the internet. Some other examples include yaarileads[.]com, norobotcapcha2020[.]info and topoffers4all[.]com. Browsers are commonly forced to open these pages by installed potentially unwanted applications (PUAs).

Therefore, most people do not visit them intentionally. When opened, web pages such as biglocateriod[.]pro load dubious content or redirect visitors to other untrusted websites. PUAs also gather browsing data and display intrusive advertisements.

What is BenefitSites?

BenefitSites is an app supposedly designed to improve the browsing experience, however, it is categorized as adware, a potentially unwanted application (PUA). Adware-type apps such as BenefitSites serve various advertisements and gather information relating to users' browsing habits.

In most cases, people download and install PUAs such as BenefitSites inadvertently.