Virus and Spyware Removal Guides, uninstall instructions

What is CoordinatorLinks?

The CoordinatorLinks app supposedly enhances the browsing experience by helping users to search, providing accurate search results, and so on.

In fact, this is an adware-type app that deploys various advertisements. Apps of this type are categorized as potentially unwanted applications (PUAs), since people usually download and install them unintentionally. PUAs such as CoordinatorLinks often record information relating to users.

What is youtubeconverter[.]io?

The youtubeconverter[.]io website allows visitors to download YouTube videos and convert them to MP3, MP4, and other formats. Note that it is illegal to download videos from YouTube. Furthermore, youtubeconverter[.]io employs rogue advertising networks and redirects users to dubious, deceptive websites. Do not visit or use this website.

What is EasyConvert?

EasyConvert supposedly allows users to convert various files to PDF documents directly from their browsers, however, this app is a hijacker that changes browser settings to promote srchbar.com (the address of a fake search engine). Furthermore, most browser hijackers gather user information.

Few people download and install apps of this type intentionally and, for this reason, they are categorized as potentially unwanted applications (PUAs).

What is System Cleanup?

System Cleanup is software promoted as a system cleaner and optimizer. It is supposedly capable of scanning systems and removing "junk" and temporary files, and other unnecessary data.

This program has an official web page from which it can be downloaded free of charge (or users can purchase the "premium" version), however, System Cleanup can also be installed together with other software. This deceptive marketing method of packing regular programs with unwanted content is called "bundling".

Rushed download/installation processes also increase the risk of device infiltration. Due to its dubious mode of distribution, System Cleanup is classed as a PUA (Potentially Unwanted Application).

What is "Afdsola Email Virus"?

Criminals present this scam as an email from a company that owns the afdsola.com website. The company is legitimate and has nothing to do with this scam. To make their email seem even more credible, scammers use a spoofing technique by forging the sender's email address (in our example, they use the vginer@afdsola.com address).

Some of these emails, however, are sent from a potentially hijacked Iraq Government Site (mail.cosqc.gov[.]iq). Scammers proliferate this spam campaign to trick people into installing Agent Tesla, a remote access tool (RAT).

What is notabenemessage[.]com?

leadnote.me, joophesh.com, and beeaimaid.com are just some examples of rogue sites similar to notabenemessage[.]com. This website operates by delivering dubious content and redirecting visitors to other untrustworthy/malicious sites.

Most users access notabenemessage[.]com through redirects caused by intrusive ads or Potentially Unwanted Applications (PUAs) already present on the system. These apps do not require explicit permission to infiltrate devices. They also generate redirects, run ad campaigns, and record browsing activity.

What is PAY IT OR LOST IT?

Discovered by MalwareHunterTeam, PAY IT OR LOST IT is the name of ransomware - software that prevents victims from accessing their files by encoding them with an encryption algorithm. In this case, the 'ransomware' does not encrypt any files, any yet the developers demand to be paid anyway. 

PAY IT OR LOST IT displays a pop-up window and stores the "y0uR_D@ta.txt.AES" file on the desktop.

What is untotlowith[.]info?

untotlowith[.]info is a rogue website, sharing many similarities with noorotin.biz, fres-news.com, donaldredpage.icu, and countless others. It operates by presenting users with dubious content and causing redirects to other untrustworthy/malicious sites.

Few users access untotlowith[.]info intentionally - most are redirected by intrusive advertisements or Potentially Unwanted Applications (PUAs) already present on the device. Note that these apps do not require explicit permission to be installed onto systems. Once successfully infiltrated, PUAs generate redirects, deliver intrusive ad campaigns, and some can even track data.

What is Sill@tuta.io?

Discovered by Alex Svirid, Sill@tuta.io is malicious software belonging to the GlobeImposter ransomware family. This program operates by encrypting data and demanding a ransom for decryption. I.e., decryption software/tools must be purchased to recover the encrypted data.

As encryption is in progress, all files are renamed with the ".[sill@tuta.io]" extension, which is also the email address of the Sill@tuta.io developers. For example, "1.jpg" appears as "1.jpg.[sill@tuta.io]". Once this process is complete, a text file named "help you.txt" is created and stored on the victim's desktop.

What is Bora?

Bora is malicious software designed to encrypt files and create a ransom message ("_readme.txt") that contains information about how to decrypt data. Software of this type is called ransomware. This particular ransomware infection was discovered by Michael Gillespie and is part of Djvu, a family of ransomware-type programs.

Like most programs of this type, Bora renames encrypted files by adding an extension to filenames. In this case, it adds the ".bora" extension. For example, "1.jpg" becomes "1.jpg.bora".