Virus and Spyware Removal Guides, uninstall instructions

What is "Funnymonday"?

Funnymonday is a family of websites, which operate by endorsing untrustworthy applications. This variant promotes Smart Mac Booster, which is classified as a Potentially Unwanted Application (PUA). Using scare tactics, Funnymonday urges people into downloading/installing the dubious software it advertises.

Visitors are alerted about fake threats/issues the site has supposedly detected and offers Smart Mac Booster as an app capable of eliminating these problems.

Note that no website can detect such issues. You are strongly advised against downloading/installing any applications that Funnymonday promotes - they are often bogus and nonfunctional. Web pages such as Funnymonday are generally opened by PUAs already present on the system.

What is mirox22[.]biz?

mirox22[.]biz is the address of a rogue web page which, once opened, redirects visitors to other untrustworthy websites or displays dubious content. Many other websites have similar operation to mirox22[.]biz including, for example, piedppienews[.]com, newsapp[.]biz, and trementrecially[.]pro.

In most cases, browsers open these websites due to potentially unwanted apps (PUAs) that are installed on them. Few people download or install these apps intentionally. In addition to forcing browsers to open dubious web pages, PUAs gather browsing related (and other details) and display intrusive ads.

What is push-tools-system[.]com?

Similar to best2019-games-web1.com, piedppienews.com, trementrecially.pro, and many others, push-tools-system[.]com is a rogue website. It operates by delivering dubious content and generating redirects to other untrustworthy and malicious websites.

Few visitors access push-tools-system[.]com intentionally - most are redirected by clicking intrusive advertisements or Potentially Unwanted Applications (PUAs) already present on the system. Note that these apps do not need express permission to infiltrate devices. Once installed, PUAs cause redirects, run ad campaigns, and track data.

What is Wiki?

Discovered by Jakub Kroustek and belonging to the Crysis/Dharma malware family, Wiki is malicious software classified as ransomware. It is designed to encrypt data and keep it locked until a ransom is paid (i.e., decryption software/tool is purchased).

When this malicious program encrypts data, it renames files with a unique ID number (generated for each victim), the developer's email address, and the ".wiki" extension. For example, "1.jpg" might be renamed to a filename such as "1.jpg.id-1E857D00.[bitlocker@foxmail.com ].wiki".

After this process is complete, Wiki stores a file named "FILES ENCRYPTED.txt" on the desktop and displays a pop-up window.

What is Nols?

Belonging to the Djvu ransomware family, Nols is malicious software designed to encrypt data and demand ransom payments for decryption (i.e., purchase of a decryption tool and unique key).

During the encryption process, all files are renamed with the ".nols" extension. Therefore, "1.jpg" becomes "1.jpg.nols" and so on for all affected files. After this process is complete, Nols creates a text file ("_readme.txt"), which it stores in all folders.

What is Werd?

Werd ransomware is part of the Djvu ransomware family and distributed to encrypt files and force victims to pay ransoms. Werd appends the ".werd" extension to each encrypted file. For example, "1.jpg" becomes "1.jpg.werd". Like most programs of this type, it creates a ransom message within a text file named "_readme.txt".

This file contains information about how to purchase decryption software. Typically, ransomware victims cannot decrypt their files without these tools and are often tempted to pay ransoms to cyber criminals.

What is gunnepaa[.]xyz?

gunnepaa[.]xyz is one of thousands of rogue websites online and similar to best2019-games-web1.com, piedppienews.com, and trementrecially.pro. This site operates by presenting users with dubious content and generating redirects to untrustworthy, malicious web pages.

Most visitors to gunnepaa[.]xyz access it through redirects caused by intrusive advertisements or Potentially Unwanted Applications (PUAs) already present on the system. These apps do not need explicit user permission to infiltrate devices. Once successfully installed, they generate redirects, run ad campaigns, and monitor users' browsing habits.

What is stremanp[.]com?

stremanp[.]com is virtually identical to many other websites of this type including, for example, best2019-games-web1[.]com, piedppienews[.]com, and newsapp[.]biz. When opened, these sites redirect visitors to other rogue websites or display dubious content.

Note that stremanp[.]com redirects visitors to potentially malicious sites. Typically, browsers open these websites due to potentially unwanted applications (PUAs) that are installed on them.

Therefore, most people do not visit them intentionally. Furthermore, PUAs often gather browsing-related data and display intrusive ads. Many people download and install apps of this type unintentionally.

What is bigdater[.]me?

bigdater[.]me is the address of a website that most people visit inadvertently. The site opens other untrustworthy web pages or displays dubious content. Note that bigdater[.]me functions as many other websites of this type including, for example, carbamylife[.]info, talkreply[.]com, and track.nuxues[.]com. 

Typically, people arrive at these sites due to potentially unwanted apps (PUAs) installed on their browsers or computers. These apps usually collect users' details and feed them with unwanted ads.

What is Masked?

Masked ransomware is a new variant of Aurora, and like most programs of this type, is designed to prevent victims from accessing their files by encryption. To recover them, victims are encouraged to purchase a decryption key (i.e., pay a ransom). Masked renames all encrypted files by appending the ".masked" extension to filenames.

For example, "1.jpg" becomes "1.jpg.masked". It also creates the "@@_Открыть_В_Браузере_TOR_@@.html" and "@@_OpenTheBrowserTOR_@@.html" HTML files, both of which are designed to open a Tor website. This website contains instructions about how to obtain a decryption key.