Virus and Spyware Removal Guides, uninstall instructions

TV Fans Online Tab Browser Bijacker

What is TV Fans Online Tab?

TV Fans Online Tab is endorsed as a tool for quick access to TV-related content. In fact, this is a rogue app, a browser hijacker designed to modify browsers to promote a fake search engine (search.htvfansonline.com). Additionally, it has data tracking capabilities and gathers browsing-related information.

Due to its dubious proliferation methods, TV Fans Online Tab is also classified as a Potentially Unwanted Application (PUA). Note that this app is often distributed together with another PUA called Hide My Searches.

   
2conv.com Suspicious Website

What is 2conv[.]com?

The 2conv[.]com website provides an online service to convert YouTube videos to MP3 and other formats. It also promotes a desktop downloader and converter called Flvto Youtube Downloader.

Note that it is illegal to download videos from YouTube. Furthermore, the 2conv[.]com web page contains dubious ads and, if allowed, shows notifications that lead to other dubious web pages.

   
ZLoader Malware

What is ZLoader?

ZLoader (also known as DELoader and Terdot) is a malicious program distributed through malicious web pages that display a fake error notification (e.g., "The 'Roboto Condensed' font was not found").

Research shows that ZLoader infects systems with another malicious program, a banking Trojan called Zeus. We strongly advise against opening files downloaded from web pages that display this error message, or similar.

   
Afrodita Ransomware

What is Afrodita?

Discovered by S!Ri, Afrodita is a part of the LockerGoga ransomware family. It encrypts data with the AES-256 and RSA-2048 encryption algorithms. 

Afrodita also creates a ransom message within the "__README_RECOVERY_.txt" text file, which contains instructions about how to contact cyber criminals for information to pay a ransom (purchase the decryption tool and key).

   
Y2meta.com Suspicious Website

What is y2meta[.]com?

Avoid the y2meta[.]com website, since it employs dubious advertising networks and provides an illegal video downloading service. Note that it is illegal to download videos from YouTube. Furthermore, y2meta[.]com contains various ads that redirect visitors to other untrustworthy websites. These are the two main reasons why this and other similar websites should not be used.

   
Checkmail7@protonmail.com Ransomware

What is checkmail7@protonmail.com?

Discovered by S!Ri and further researched by Raby, checkmail7@protonmail.com (or simply CheckMail) is a malicious program categorized as ransomware. It operates by encrypting data and demanding ransom payments for decryption.

During the encryption process, this malware appends files with an extension consisting of the developer's email address (".checkmail7@protonmail"). For example, a file called "1.jpg" would become "1.jpg.checkmail7@protonmail". After this process is finished, a text file ("warning.txt") is stored in each compromised folder.

   
Bo3news.biz Redirect

What is bo3news[.]biz?

bo3news[.]biz redirects visitors to a variety or untrustworthy, potentially malicious websites. Browsers are often forced to open sites such as bo3news[.]biz by potentially unwanted applications (PUAs) installed on browsers or operating systems. In any case, people do not open them intentionally. PUAs also gather browsing data and display unwanted advertisements.

   
Dever Ransomware

What is Dever?

Belonging to the Phobos malware family, Dever is a ransomware-type malicious program. Infected devices have their data encrypted and a ransom is demanded from the victims for decryption software/tools.

When Dever encrypts files, it renames them according to the following pattern: unique ID, developer's email address (there are several addresses used the cyber criminals behind this infection, and thus there is more than one variant in the altered filenames), and appends them with the ".Dever" extension.

For example, a file like "1.jpg" might appear as something similar to "1.jpg.id[1E857D00-2544].[lizethroyal@aol.com].Dever" following encryption. Once this process is complete, a text file ("info.txt") and an HTML application ("info.hta") are created on the desktop.

   
This Is A VIRUS. You Computer Is Blocked (File) Scam

What is "This is a VIRUS. You computer is blocked"?

"This is a VIRUS. You computer is blocked" is another technical support scam used by cyber criminals who claim to offer legitimate 'technical support'. They attempt to trick people into believing that their computers are infected/blocked and to make contact via the telephone number provided.

Most people do not open websites of this type intentionally - they are forced to visit them by potentially unwanted apps (PUAs) installed on their systems. These apps usually cause unwanted redirects, deliver advertisements, and record information.

   
Olaldo.com Ads

What is olaldo[.]com?

When visited, olaldo[.]com opens a number of untrustworthy, deceptive websites including those that attempt to trick people into installing unwanted, potentially malicious software, participate in fake lotteries, and so on. Typically, browsers open websites such as olaldo[.]com automatically when potentially unwanted applications (PUAs) are installed.

I.e., people do not usually visit these pages intentionally. Redirects to rogue sites such as olaldo[.]com can be caused by clicking deceptive ads and through other dubious web pages.

   

Page 1462 of 2329

<< Start < Prev 1461 1462 1463 1464 1465 1466 1467 1468 1469 1470 Next > End >>
About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal