Virus and Spyware Removal Guides, uninstall instructions

What is Mosk?

Discovered by Michael Gillespie, Mosk is a malicious program and part of the STOP/Djvu ransomware family. It is designed to encrypt data and keep it inaccessible, until a ransom is paid. When Mosk encrypts data, it renames all files with the ".mosk" extension.

Therefore, "1.jpg" becomes "1.jpg.mosk", and so on for all affected files. Once this process is complete, a text file ("_readme.txt") is created and stored on the victim's desktop.

What is buffstream[.]stream?

buffstream[.]stream is advertised as the best online sports streaming portal, however, this website uses rogue advertising networks.

Therefore, people who use its services are redirected to various untrustworthy, potentially malicious websites. Many websites operate in this way including, for example, keepvid[.]pro, converto[.]io, and convert2mp3[.]net. We advise against visiting buffstream[.]stream or using its services.

What is notify-system[.]com ?

notify-system[.]com is virtually identical to many other untrusted web pages including, for example, mediasvideo[.]live, notification-list[.]com, and system-sms[.]com. Generally, these rogue sites redirect people to other untrustworthy websites or display dubious content.

They are often opened by browsers due to installed potentially unwanted apps (PUA). Note that PUAs open dubious websites, display ads, and gather browsing-related details. Typically, people do not download or install PUAs intentionally - they are tricked into it.

What is M3g4c0rtx?

M3g4c0rtx is a new, significantly updated variant of MegaCortex ransomware. This variation was discovered by MalwareHunterTeam. It operates by encrypting victims' data, changing their Windows log-in passwords, and demanding ransom payments.

During the encryption process, all affected files are appended with the ".m3g4c0rtx" extension. For example, "1.jpg" appears as "1.jpg.m3g4c0rtx". After this process is complete, a Rich Text Format file ("!-!_README_!-!.rtf") is stored on the desktop. M3g4c0rtx also changes the user's Windows account password and, therefore, access is denied when the system is rebooted.

What is mybuzz[.]fun?

mybuzz[.]fun is a rogue website that leads visitors to other untrustworthy web pages or provides dubious content. It is one of many other web pages of this kind that include, for example, mediasvideo[.]live, notification-list[.]com, and system-sms[.]com.

Browsers generally open these web pages due to installed potentially unwanted applications (PUAs) that force-open the sites. Therefore, people do not visit websites such as mybuzz[.]fun intentionally or download/install PUAs willingly. Note that PUAs also display ads and gather data.

What is Trksmm?

Trksmm is a group of deceptive websites designed by scammers who seek to trick people into downloading and installing dubious apps. At the time of the research, one Trksmm web page was used to advertise the Smart Mac Booster application by encouraging visitors to remove a detected virus with it.

None of these deceptive websites or software advertised on them can be trusted. The notifications about so-called 'detected viruses' displayed on these sites are fake. Typically, people do not visit websites of this type intentionally - they are redirected to them by potentially unwanted apps (PUAs) already installed on their browsers and/or computers.

What is "Your Mac/iOS may be infected with 5 viruses!"?

"Your Mac/iOS may be infected with 5 viruses!" is a pop-up window displayed by deceptive/scam websites. It employs scare tactics to encourage visitors into taking certain actions, which result in them being redirected to various untrustworthy and malicious sites.

The pop-up alerts users of viruses it has supposedly detected on their devices and offers to update their antivirus software.

No web page can find threats/issues on systems, and any that make these claims cannot be trusted. Rogue websites are usually accessed inadvertently via redirects caused by intrusive advertisements or Potentially Unwanted Applications (PUAs) installed on the browser/system.

What is GodLock?

Ransomware is software that encrypts files and prevents victims from accessing them unless they pay ransoms to cyber criminals.

GodLock is one of these malicious programs and was discovered by GrujaRS. It changes the extension of each encrypted file to ".GodLock". For example, "1.jpg" becomes "1.jpg.GodLock", and so on. GodLock also creates a text file named ".GodLock.README.TXT", which contains instructions about how to recover files.

What is Forv?

Discovered by GrujaRS, Forv is malicious software belonging to the Paradise ransomware family. The program is designed to encrypt data and demand ransom payments for decryption.

During Forv encryption, all files are appended with the "_forv_{victim's ID}.for" extension (the identification code is individually generated and consists of a random string of characters). Therefore, "1.jpg" would appear as something similar to "1.jpg_forv_{6LHH0Q}.for", and so on for other affected files.

Once this process is complete, a text file called "---==%$$$OPEN_ME_UP$$$==---.txt" is stored on the desktop.

What is apple.com-mac-optimization[.]live?

apple.com-mac-optimization[.]live is designed to trick visitors into downloading and installing a dubious application called Cleanup My Mac. This app supposedly removes a virus that this web page has detected on the visitor's Mac.

Websites such as apple.com-mac-optimization[.]live should never be trusted - they notify visitors that their systems are infected when, in fact, they are not. Do not install or use anything that was downloaded from these web pages. People do not visit these deceptive sites intentionally - they are often redirected to them by installed potentially unwanted applications (PUAs).