Virus and Spyware Removal Guides, uninstall instructions

What is ApplicationEvents?

ApplicationEvents is an application designed to help users browse more efficiently by providing fast searches, accurate search results, and so on. In fact, this software is categorized as adware. Adware-type apps usually display unwanted, intrusive ads and often collect details relating to users. Generally, people download and install apps of this type unintentionally.

What is talkreply[.]com?

talkreply[.]com (also known as replyalert.net) is a dubious website that opens other sites of this kind or displays dubious content. In any case, people usually do not open websites such as talkreply[.]com intentionally - they are opened by potentially unwanted apps (PUAs) installed on the browser or operating system.

Furthermore, people do not generally download or install apps of this type intentionally. As well as opening untrustworthy websites, PUAs gather user information and feed people with intrusive, unwanted advertisements.

What is search.bannabell.com?

Search.bannabell.com is a fake search engine, supposedly capable of optimizing download/installation processes and generating improved search results. Judging by appearances alone, search.bannabell.com is very similar to Google, Yahoo, Bing and other legitimate search engines.

Therefore, it arouses no immediate suspicions and uses often believe it be legitimate and functional. However, developers of this website promote it through download/installation setups of browser-hijacking applications. These apps modify browser settings without users consent.

Additionally, search.bannabell.com spies on users' browsing activity, thereby gathering their personal information.

What is Qbit Mac Optimizer?

Qbit Mac Optimizer can be downloaded from a download website. Here, it is advertised as an application that supposedly enables Mac computers to run smoother, faster, and without errors. In fact, developers distribute this app by including it in the set-ups of other software.

Typically, people download and/or install these additional apps unintentionally. Therefore, Qbit Mac Optimizer is categorized as a potentially unwanted application (PUA). Do not trust or use applications classified as PUAs.

What kind of malware is Nesa?

Nesa is malicious software discovered by Michael Gillespie and belonging to the Djvu ransomware family. Cyber criminals create programs of this type to extort money from victims by forcing them to pay ransoms for decryption tools and/or keys. Typically, it is impossible to decrypt files encrypted with ransomware without these tools/keys.

Nesa creates a ransom message within the "_readme.txt" file and renames encrypted files by adding the ".nesa" extension. For example, "1.jpg" becomes "1.jpg.nesa", "2.jpg" – "2.jpg.nesa", and so on.

What is your-mac-security-analysis[.]net?

your-mac-security-analysis[.]net is an untrustworthy, deceptive website designed to trick people into installing a rogue app called Cleanup My Mac. To achieve this, your-mac-security-analysis[.]net displays a fake message/notification stating that the computer is infected with viruses and that the aforementioned app can remove them.

Do not download or install apps that are promoted through deceptive web pages. Some are used to trick people into installing malware. Few people visit websites such as your-mac-security-analysis[.]net intentionally - they are usually redirected to them by potentially unwanted apps (PUAs) already installed on the browser or operating system.

What is Gmera?

GMERA (also known as Kassi trojan) is malicious software that disguises itself as Stockfolio, a legitimate trading app created for Mac users.

Research shows that there are two variants of this malware, one detected as Trojan.MacOS.GMERA.A and the other as Trojan.MacOS.GMERA.B. Cyber criminals proliferate GMERA to steal various information and upload it to a website under their control. To avoid damage caused by this malware, remove GMERA immediately.

What is Banks?

Banks is a piece of malicious software, classified as ransomware. It is part of the Phobos ransomware family. Credit for discovering Banks belongs to GrujaRS. This malignant program encrypts files and keeps them on lockdown, unless the victim pays a ransom (i.e. purchases the decryption tool/software).

As it encrypts data, it renames files with the user's unique ID number, developer's email address and the ".Banks" extension. For instance, it would rename "1.jpg" into something like "1.jpg.id[1E857D00-2315].[decrypt@files.mn].Banks", and so on. Following the encryption, Banks creates two files ("info.txt" and "info.hta") on victim's desktop.

What is apple.com-clean-mac[.]website?

apple.com-clean-mac[.]website is one of many deceptive websites that informs victims of viruses that they have supposedly detected on visitors' computers. The main goal of these sites is to trick people into installing a dubious app that will apparently remove the viruses.

In this case, visitors are invited to download and install an app called Cleanup My Mac. Do not trust apple.com-clean-mac[.]website (or similar sites) or apps that are advertised through them.

People do not generally visit pages like apple.com-clean-mac[.]website intentionally - browsers often open these deceptive websites when potentially unwanted applications (PUAs) are installed on them.

What is the "Indofuels Email Virus"?

Indofuels is a legitimate company, however, some cyber criminals use the name to make their scams seem official. In many cases, criminals use the names of legitimate companies to trick recipients into believing that they have received an official email.

Neither Indofuels nor other legitimate companies have anything to do with these emails, which are delivered by scam campaigns. In this case, scammers seek to trick recipients into installing the KeyBase keylogger through a malicious attachment disguised as an invoice from Indofuels.

In fact, they might also use this scam to spread other malware (e.g. ransomware). Do not trust this email or open files attached to it.