Virus and Spyware Removal Guides, uninstall instructions

What is notification-list[.]com?

notification-list[.]com is one of many rogue websites that forces visitors to open other dubious sites or displays dubious content. Other examples of websites of this kind are tencecatche[.]info, robotornotchecks[.]online, and zwenews[.]biz. Typically, browsers open these sites due to potentially unwanted applications (PUAs) installed on them.

Therefore, people usually do not generally open websites such as notification-list[.]com intentionally. Furthermore, most PUAs display advertisements and gather user information.

What is system-sms[.]com?

Similar to vikolidoskopinsk.info, tencecatche.info, muchinspardorop.info, and thousands of others, system-sms[.]com is a rogue website. It presents users with dubious content and causes redirects to other untrustworthy and malicious web pages.

Most visitors to system-sms[.]com enter it unintentionally - they are redirected by intrusive ads or Potentially Unwanted Applications (PUAs) already present on the system. Note that these apps do not need express user permission to infiltrate devices. Once successfully installed, they generate redirects, deliver intrusive advertisement campaigns, and track data.

What is facebook-info[.]com?

facebook-info[.]com is one of many rogue websites online. It shares similarities with robotornotchecks.online, tencecatche.info, lurunews.biz, and countless others. The site operates by presenting visitors with dubious and potentially harmful content. It also generates redirects to other untrustworthy and malicious sites.

Most users enter facebook-info[.]com through redirects caused by intrusive advertisements, or by Potentially Unwanted Applications (PUAs) already present on the device. Therefore, access to facebook-info[.]com and similar web pages is rarely intentional.

Note that PUAs do not need explicit user permission to infiltrate systems. They generate redirects, run ad campaigns, and track browsing related information.

What is carlbendergogo[.]com?

carlbendergogo[.]com is the address of a website that should be avoided. If opened, it redirects people to various other untrustworthy, deceptive websites.

Generally, people do not open websites such as carlbendergogo[.]com intentionally - they are redirected to them by potentially unwanted applications (PUAs) installed on their browsers and/or operating systems. PUAs often display ads and gather information. These apps are termed PUAs, since most people download and install them unintentionally.

What is "Stydbui"?

Stydbui is a family of scam websites, which operate by deceiving visitors into downloading/installing untrustworthy applications. This variation endorses the Smart Mac Booster Potentially Unwanted Application (PUA). Stydbui warns users of a virus, which it has supposedly detected on the MacOS (Mac Operating System).

Note, however, that no site can find issues/threats on users' devices: all such claims and problems detected are false. Software advertised on these web pages cannot be trusted - it is often bogus and nonoperational. Few visitors to Stydbui access it intentionally, most are redirected by PUAs already present on the system.

What is MetroPremium?

MetroPremium is adware, which is promoted as legitimate software that supposedly makes everyday web browsing easier.

In fact, it deploys advertisements and gathers information relating to web browsing activity. In most cases, people download and install apps such as MetroPremium inadvertently and, for this reason, they are classified as potentially unwanted applications (PUAs).

What is JayTHL?

Discovered by GrujaRS, JayTHL is malicious software classified as ransomware. It derives its name from malware researcher, JayTHL - this is an attempt at defamation and a personal attack from the developers of this ransomware.

Note that this researcher is not associated with this ransomware infection, however, his work in malware research has made him undesirable to cyber criminals. The JayTHL malicious program is designed to encrypt data and demand ransom payments for decryption.

During the encryption process, all files are renamed with the ".JayTHL" extension. For example, a file named "1.jpg" appears as "1.jpg.JayTHL", and so on for all affected files. Once this process is complete, many identical text files are created on the victim's desktop and in the encrypted folders.

Their filenames are variations of "F*ckYouJayTHL_HELP_ENCRYPTED_FILES.TXT" (without the * symbol), differentiated with numbers at the end of the titles (0, 1, 2, 3, 4, 5, etc.).

What is Nakw?

Nakw is one of many ransomware-type programs that belongs to the Djvu ransomware family. Its victims cannot access/use their files, since Nakw encrypts them with a strong encryption algorithm. Typically, people who have computers infiltrated by ransomware can only regain access to their files with decryption software and/or keys.

To obtain these, they must pay ransoms to cyber criminals. Nakw creates the "_readme.txt" file, which contains instructions about how to recover encrypted data. This ransomware also renames files by changing extensions to ".nakw". For example, "1.jpg" becomes "1.jpg.nakw".

What is a website sextortion scam?

Typically, scammers proliferate sextortion scams via email, however, in this case, they are implemented through hacked WordPress and Blogger accounts, which post scam messages on the homepages of various websites.

Once opened, the sites display posts stating that the visitor's computer is hacked and the camera was used to record a video, whereby the visitor can be seen watching a video on an adult website. Scammers behind these posts attempt to trick people by stating that they will distribute recorded videos unless victims pay the ransoms.

Never trust these scams, even if they are posted on legitimate blogging websites (such as hacked WebPress, Blogger pages) or elsewhere.

What is Worm?

Discovered by Michael Gillespie, Worm is a new variant of Paradise ransomware. It is designed to encrypt data and demand ransom payments for decryption. During the encryption process, all affected files are appended with a unique ID number, developer's email address, and the ".worm" extension ("[id-[victim's_ID]].[corpseworm@protonmail.com].worm").

For example, "1.jpg" might appear similar to "1.jpg[id-SSJXbLaK].[corpseworm@protonmail.com].worm". After encryption is complete, Worm creates an HTML file ("$%~-#_ABOUT_YOUR_FILES_#$=$$.html") and stores it on the desktop.