Virus and Spyware Removal Guides, uninstall instructions

What is apple-vpn-pro[.]com?

apple-vpn-pro[.]com is a deceptive website that displays fake virus messages and encourages visitors to remove the 'detected viruses' with a specific application. At time of the research, apple-vpn-pro[.]com promoted the Web Security Checker application. Do not trust sites such as apple-vpn-pro[.]com or apps that are advertised through them.

Note that apple-vpn-pro[.]com mostly targets iPad and iPhone users, however, Mac users are also being targeted. In any case, most people arrive at apple-vpn-pro[.]com unintentionally - they are usually redirected to websites of this type by potentially unwanted apps (PUAs) installed on their browsers or devices.

What is bestappsecurity[.]com?

bestappsecurity[.]com is usually opened on iPad or iPhone devices, however, this deceptive website also targets desktop (Mac) users. The site is used to trick people into downloading the Web Security Checker app.

Furthermore, bestappsecurity[.]com displays fake notifications about supposedly 'detected viruses' and encourages visitors to remove them with the aforementioned app. Typically, people do not visit websites such as bestappsecurity[.]com intentionally - they are redirected to them by potentially unwanted applications (PUAs) installed on their browsers or computers.

What is TFlower?

Discovered by GrujaRS, TFlower is software categorized as ransomware. Unlike most ransomware-type programs, it does not change extensions of encrypted files. It does, however, create a ransom message (within a text file named "!_Notice_!.txt") that contains instructions about how to purchase a decryption tool.

Typically, programs such as TFlower encrypt (lock) files, which then cannot be accessed unless they are decoded with a decryption tool (that cyber criminals encourage victims to purchase).

What is Ebola?

Discovered by Jakub Kroustek and belonging to the Dharma family, Ebola is malicious software categorized as ransomware. It renames all files by adding an ID number, email address, and the ".ebola" extension to filenames. For example, "1.jpg" might become "1.jpg.id-1E857D00.[newebola@aol.com].ebola".

Ebola also displays a ransom message in a pop-up window and creates a text file named "FILES ENCRYPTED.txt".

What is Domn?

Discovered by Michael Gillespie, Domn is a malicious program and part of the Djvu ransomware family. Like most programs of this type, Domn is designed to prevent victims from accessing their data by encrypting files with strong encryption algorithms. To regain access to their files, victims are encouraged to purchase a decryption tool and key.

Domn adds the ".domn" extension to the filenames of encrypted files. For example, "1.jpg" becomes "1.jpg.domn". It also creates a ransom message within the "_readme.txt" file.

What is IOByte System Care?

IOByte System Care is advertised as system optimizer software, which supposedly cleans systems, fixes errors, uninstalls unwanted programs, and removes threats (malicious software).

In fact, the developers distribute it using dubious methods. They include it within the set-ups of other software, and thus most people download and install programs of this type unintentionally. For this reason, IOByte System Care is categorized as a potentially unwanted application (PUA).

What is "Transcoal Pacific Email Virus"?

"Transcoal Pacific Email Virus" is a spam campaign, used to proliferate the LokiBot malware. One of spreading methods for such malicious software are large scale email spam campaigns. These emails contain executable files (or similar attachments), which download and install specific malware.

It should be known, that email letters of this kind are often marked as important, urgent, starred or otherwise highlighted as top priority mail. It is not recommended to open suspicious emails and it is expressly advised against opening any attachments and/or web links found therein. The "Transcoal Pacific Email Virus" spam campaign was discovered by My Online Security.

What is RSA?

RSA malware was discovered by Jakub Kroustek and is part of the Dharma ransomware family. This type of software is usually designed to encrypt files so that victims cannot use them unless they pay a ransom (purchase a decryption tool from cyber criminals).

This particular ransomware renames encrypted files by adding a personal ID, email address, and the ".RSA" extension to filenames.

For example, "1.jpg" might become "1.jpg.id-1E857D00.[rsa1024@tutanota.com].RSA". Other variants of this ransomware use ".[rsacrypt@aol.com].rsa" extension for encrypted files. It also creates/displays ransom messages within the "FILES ENCRYPTED.txt" text file and a pop-up window.

What is SourceAdd?

SourceAdd is the name of an app that supposedly makes internet browsing easier. In fact, it is classified as adware. Adware-type apps display intrusive, unwanted ads.

In some cases, they gather various details relating to users. In any case, many people download and install apps of this type inadvertently and, therefore, SourceAdd is known as potentially unwanted application (PUA).

What is Earth & Satellite View?

Earth & Satellite View is a browser hijacker, endorsed as a tool pack, containing quick access to maps and a web searcher (search.earthandsatelliteviewtab.com).

It is supposedly designed to provide easy access to various maps, driving directions and local traffic data. In all actuality, it changes browser settings to promote the aforementioned fake search engine - search.earthandsatelliteviewtab.com. Earth & Satellite View also spies on users' browsing activities, thereby gathering their personal information.

Since most users install this rogue app onto their systems inadvertently, it is classified as a PUA (potentially unwanted application).