Virus and Spyware Removal Guides, uninstall instructions

What is "CVE-2018-10562" email scam?

"CVE-2018-10562" is the code name of a vulnerability discovered in a variety of Dasan GPON home routers. Cyber criminals have recently started a new spam campaign naming it after this vulnerability. It is designed to extort money by threatening to expose evidence of users' sexual activity.

The cyber criminals behind this email claim to have hacked the addressee's OS (Operating System) and gained access to the device's camera.

I.e., they have recorded the victim apparently visiting adult websites. Unless a certain sum is paid, this content will supposedly be sent to all of the addressee's contacts. Note that these alleged videos do not exist and the device's integrity has not been compromised.

What is ANTEFRIGUS?

ANTEFRIGUS is the name of a ransomware infection. Generally, malware of this type is designed to encrypt files with a strong encryption algorithm that can only be decoded with specific decryption software and/or key. In fact, this particular ransomware does not encrypt files stored on the C (C:) drive.

It does, however, encrypt data stored on other drives such as D, E, F, F, H and I. It appends a random extension to each encrypted file. For example, "1.jpg" might become "1.jpg.mewqsm", and so on for all affected files.

Furthermore, ANTEFRIGUS creates a ransom message within a text file called "mewqsm-readme.txt" (its name is associated with the appended random extension).

What is streampoint[.]live?

streampoint[.]live is a rogue website, sharing similarities with notification-centar.com, windowsguidenews.com, robotornotcheckonline.club, and many others. It operates by presenting visitors with dubious content and/or redirecting them to other untrustworthy/malicious web pages.

Few users access the site intentionally, since most are redirected to streampoint[.]live by intrusive ads or Potentially Unwanted Applications (PUAs) already infiltrated into the system. PUAs generate redirects, run intrusive advertisement campaigns, and track browsing-related data.

What is routgveriprt[.]com?

routgveriprt[.]com is one of many rogue websites online. Sites of this type share certain similarities. Relevant examples include highertpushs.com, mirox25.biz, windowsguidenews.com, etc. These web pages present visitors with dubious content and generate redirects to other untrustworthy/malicious websites.

Few users access routgveriprt[.]com intentionally, since most are redirected by intrusive advertisements or Potentially Unwanted Applications (PUAs) already present on the system. Once successfully infiltrated, PUAs cause redirects, run intrusive ad campaigns, and track sensitive data.

What is "Nonamenba"?

Nonamenba is a scam website group designed to promote dubious software. This variant endorses the Smart Mac Booster Potentially Unwanted Application (PUA). Users, who access these sites are presented with alarms about an alleged threat present on their device.

For removal of this fake virus, Nonamenba offers Smart Mac Booster. Note that no web page can detect threats/issues present on the system, and any claims to this effect cannot be trusted. Furthermore, apps promoted by these sites are often rogue and nonfunctional.

Deceptive/scam sites are commonly opened via redirects caused by intrusive advertisements or PUAs already infiltrated into the device.

What is AdLoad?

AdLoad is malicious software that targets macOS operating systems. It is capable of avoiding detection by built-in macOS security tools and a number of third party antivirus programs and other security suites of this type. Furthermore, it prevents victims from removing the software from operating systems.

AdLoad is adware-type malware that hijacks browsers and forces users to visit potentially malicious websites. This enables cyber criminals to generate revenue.

What kind of malware is Ninja?

Discovered by Jakub Kroustek and belonging to the Dharma/Crysis malware family, Ninja is a malicious program classified as ransomware. Ninja operates by encrypting data and demanding ransom payments for decryption.

During the encryption process, all files are appended with a unique ID (generated individually for each victim), the developer's email address, and the ".ninja" extension.

Therefore, "1.jpg" might appear as a filename similar to "1.jpg.id-1E857D00.[ninja777@cock.li].ninja" and so on for all compromised files. Once this process is finished, a text file ("FILES ENCRYPTED.txt") is created on the desktop and a pop-up window is displayed.

What is LogicalSearch?

LogicalSearch is endorsed as an application for enhancing the browsing experience. It is supposedly capable of providing fast searches, improved search results and similar. In fact, it acts as adware and runs advertisement campaigns - delivering intrusive, unwanted, and even harmful ads.

Adware-type apps commonly have data tracking abilities, which they use to monitor and gather browsing-related information. Due to the dubious methods used to distribute LogicalSearch, it is classified as a Potentially Unwanted Application (PUA).

What is DoppelPaymer?

DoppelPaymer is ransomware-type malware designed to prevent victims from accessing their files by encryption. To regain access, victims are encouraged to pay cyber criminals a ransom. Research shows that criminals use DoppelPaymer in targeted attacks.

I.e., they target specific companies and/or industries. Criminals who have a specific target often seek to infiltrate (infect) the whole network (for example, all computers used within a particular company). This ransomware appends the ".locked" extension to the filename of each encrypted file.

For example, "1.jpg" becomes "1.jpg.locked". Each encrypted file receives an associated ransom message within a .txt file. For instance, the message for "1.jpg.locked" is contained within "1.jpg.readme2unlock.txt", and so on. Updated variants of this ransomware use ".doppeled" extension for encrypted files.

What is Free Bitcoin Private Key Tool?

Discovered by Frost, "Free Bitcoin Private Key Tool" is a scam application used to proliferate Predator the Thief trojan-type malware.

It is promoted as a tool that supposedly grants users access to Bitcoin cryptocurrency stored in a Bitcoin wallet address. It allegedly does so by generating a private key to the Bitcoin address, thereby allowing entry and full control over it. Instead of producing easy profit, however, this scam infects systems with a high-risk, information-stealing trojan.