Virus and Spyware Removal Guides, uninstall instructions

What is Chistilka?

Chistilka (Чистилка) is a piece of software requiring no installation and endorsed as a system cleaner. It is supposedly capable of removing undesirable advertisements (pop-ups and similar), as well as boosting the speed of the Windows OS (operating system).

It is promoted through its official website and can be inadvertently downloaded as a supplement to other software. This mode of proliferation, through the download/install setups of ordinary programs is called "bundling".

Said deceptive marketing method is prominent amongst PUA (potentially unwanted application) developers, who are well aware of user tendency to rush through aforementioned setups - thereby unwillingly exposing their devices to various invasions. Due to its stealthy infiltration, Chistilka is classified as a PUA.

What is NextPharma?

NextPharma ransomware was discovered by Raby and designed to lock files by encrypting them with a cryptographic algorithm. Therefore, people with computers infected by NextPharma cannot access their files unless they purchase specific software (decryption tool).

This malicious program renames all encrypted files by adding the ".n3xtpharma" extension to the filenames. For example, "sample.jpg" becomes "sample.jpg.n3xtpharma". The number of ransom messages (.txt) files is equivalent to the number of encrypted files.

Each ransom message is named after the associated encrypted file. For example, "sample.jpg.n3xtpharma_readme". NextPharma stores these ransom messages in folders that contain encrypted files.

What is Auto PC Cleaner 2019?

Auto PC Cleaner 2019 is a piece of software, allegedly capable of optimizing and speeding up systems. It is also advertised as able to remove various systems threats and making various enhancements. This application is often distributed as an addition within download/installation setups of other programs, in other words - it is "bundled".

Deceptive marketing tactics, such as "bundling", are designed to proliferate undesirable and often illegitimate content. Due to most users installing Auto PC Cleaner 2019 inadvertently it is classified as a PUA (potentially unwanted application). Furthermore, this app is employed as promotional grounds for another PUA - Driver Updater.

What is Apex Legends?

The Aurora Cheat tool is presented as an "injector" for the Apex Legends video game. It supposedly allows users to enable features such as player movement prediction, distance control, aimbot, and so on. In fact, it infects computers with a Remote Access Trojan (RAT).

What is bitscleanutil.xyz?

bitscleanutil.xyz is a dubious website that is usually opened through other scam and untrustworthy sites. Most people do not visit bitscleanutil.xyz intentionally.

Currently, this page promotes a potentially unwanted application (PUA) called Super Mac Cleaner. Do trust apps advertised on dubious websites. Furthermore, if the browser opens untrustworthy web pages (various scam sites) that lead to bitscleanutil.xyz, it is likely that a PUA is already installed.

What is File Converter Hub?

File Converter Hub is but one of many browser hijackers. It is advertised as a tool for easy and quick access to file converters, accompanied by a fake search engine (search.fileconverterhubtab.com). Due to most users installing this rogue app inadvertently, it is categorized as a PUA (potentially unwanted application).

File Converter Hub operates by changing browser settings and promoting its fake search engine, it also has data tracking capabilities.

What is "Flight Booking Email Virus"?

"Flight Booking" is the name of a spam campaign, used to spread the Agent Tesla malware (malicious software). This spam campaign was discovered by My Online Security. To spread such malignant programs, massive scale spam campaigns are used; huge numbers of emails are sent, containing executable files.

If the files are opened, the downloading and installation processes of aforementioned malware begin.

It must be noted, that emails of this type are always marked as "official" and "important" ("starred" or otherwise highlighted, depending on specific email service design terminology). It must be stressed, that suspicious emails should never be trusted nor files attached to them opened.

What is "Randomly selected to test the new iPhone"?

"Randomly selected to test the new iPhone" is a phrase from a scam website that invites visitors to claim a prize. Note, this is a deceptive website and should not be trusted.

Typically, these sites are opened by potentially unwanted applications (PUAs) installed on the browser or computer. Few people download or install apps of this type intentionally. When installed, PUAs open dubious web pages, feed users with unwanted ads, and/or gather various information.

What kind of malware is Amadey?

Amadey is malicious software categorized as a trojan. Cyber criminals can purchase Amadey on a Russian dark web forum and then use it to perform various malicious tasks: download and install (execute) other malware, steal personal information, log keystrokes, send spam from a victim's computer, and add an infected computer to a botnet.

If your system is infected with Amadey, we strongly recommend that you remove this malware immediately.

What kind of scam is Norton subscription has expired today?

It is a fraudulent pop-up alert, claiming that (in this case, Norton) antivirus suite subscription has expired and requires renewal. Such scam messages are displayed by various deceptive websites. These sites are rarely visited willingly, most visitors access it through unauthorized redirects.

Usually via clicking on intrusive advertisements (likely hosted by compromised websites) or force-opened by PUAs (potentially unwanted applications). It should be known, that PUAs do not need express user permission to invade their devices. Aside from causing redirects, they also run invasive ad campaigns and some can track data.