Virus and Spyware Removal Guides, uninstall instructions

What is creasonsau[.]info?

Sharing considerable similarities with wbamedia.net, sawhitpew.site, zahkit.pro and countless others, creasonsau[.]info is a rogue website, which operates by presenting visitors with dubious content and/or redirecting them to other untrusted or malicious sites.

In most cases, web pages such as creasonsau[.]info are accessed through redirects generated by intrusive advertisements and/or Potentially Unwanted Applications (PUAs) already installed on the device.

These apps can infiltrate systems without users' consent and, following successful installation, cause redirects, deliver intrusive ads and track data relating to browsing activity.

What is allow2continue[.]com?

allow2continue[.]com is one of many rogue websites that are usually opened via other untrusted pages, deceptive ads or potentially unwanted applications (PUAs) that are installed on browsers and/or operating systems. When opened, sites such as allow2continue[.]com redirect visitors to a number of other dubious pages or load unwanted content.

Note that usinesmycete[.]info, younwild[.]com and pushbestdevice[.]com are examples of other pages that operate in a similar way to allow2continue[.]com. Unfortunately, there are many other websites of this type. PUAs usually gather information and display intrusive advertisements.

What is CryptoPatronum?

CryptoPatronum was discovered by Amigo-A. Like most programs of this type, this ransomware is designed to block access to data by encryption. The program also changes names of all encrypted files by adding the "cryptopatronum@protonmail.com" email address and appending the ".enc" extension.

For example, CryptoPatronum renames "1.jpg" to "1.jpg.cryptopatronum@protonmail.com.enc", and so on. Additionally, it creates a text file (containing the ransom message) named "HOW TO RECOVER ENCRYPTED FILES.txt".

What is cocketexercine[.]info?

Similar to younwild.com, zahkit.pro, pushbestdevice.com and many others, cocketexercine[.]info is a rogue website. When opened, it presents visitors with dubious content and/or redirects them to other untrusted, malicious web pages.

Most users access cocketexercine[.]info and similar websites via redirects caused by intrusive ads or Potentially Unwanted Applications (PUAs) already installed on the system. Note that these apps stealthily infiltrate devices without users' knowledge. PUAs cause redirects, deliver intrusive ads (pop-ups, banners, surveys, etc.) and can track browsing-related information.

What kind of malware is EnCiPhErEd?

EnCiPhErEd is malicious software and part of the Xorist ransomware family. This malware is designed to encrypt data and demand payment for decryption. During the encryption process, all affected files are converted into executables and their filenames are appended with the ".EnCiPhErEd" extension.

For example, a file originally named "1.jpg" would appear as "1.jpg.EnCiPhErEd". When any of the compromised files are opened (i.e., double-clicked), a pop-up window is opened, which contains the ransom demand message.

Additionally, an identical ransom message in the form of a text file ("HOW TO DECRYPT FILES.txt") is dropped onto the desktop, the wallpaper of which is changed and also contains part of the message.

What is .com (Phobos)?

Discovered by Karsten Hahn, .com (Phobos) is a part of the Phobos ransomware family. Like many other programs of this type, .com (Phobos) encrypts victims' files, changes filenames and provides instructions about how to contact the developers (and other details) in a ransom message.

It renames all encrypted files by adding the victim's ID, email address of the developers, and appending the ".com" extension to filenames.

For example, a file called "1.jpg" might be renamed to something similar to "1.jpg.id[1E857D00-1127].[MerlinWebster@aol.com].com", and so on. It also displays a ransom message in a pop-up window ("info.hta") and creates another in a text file named "info.txt".

What is "IFC Global Development Funding Program Email Scam"?

This email scam is disguised as a message regarding fund approval, supposedly by "IFC Global Development Funding Program". Scammers behind this email claim that recipients can receive a specific sum of money by sending various personal details.

We strongly advise against replying to this email or providing any information to scammers - they are likely to misuse the details to generate revenue, which would lead to a number of problems. Ignore this and other, similar emails and do not believe the statements.

What is twok[.]pro?

twok[.]pro is a rogue website that shares many similarities with zahkit.pro, scuseami.net, showeverig.info and countless others. Visitors to this page are presented with dubious content and/or are redirected to other untrusted, even malicious sites.

Typically, users do not access these web pages intentionally - they are redirected by intrusive ads or Potentially Unwanted Applications (PUAs) already infiltrated into the system. Note that these apps do not require explicit consent to be installed onto users' devices. PUAs generate redirects, deliver intrusive advertisement campaigns and gather browsing-related information.

What is younwild[.]com?

younwild[.]com has similar behavior to zahkit[.]pro, usinesmycete[.]info, scuseami[.]net and many other rogue websites. When visited, it opens a number of other untrusted pages or loads dubious content.

Typically, websites such as younwild[.]com are opened through various dubious web pages, deceptive ads or by potentially unwanted applications (PUAs) installed on the system. Apps of this type usually gather browsing-related details and/or display advertisements.

What is yourday-winprize[.]life?

yourday-winprize[.]life redirects visitors to various other potentially malicious, deceptive and untrusted websites.

Typically, people do not arrive at websites such as yourday-winprize[.]life intentionally - in most cases, they are opened through other untrusted websites, dubious advertisements or potentially unwanted applications (PUAs) installed on the browser and/or operating system. No websites opened through yourday-winprize[.]life can be trusted.