Virus and Spyware Removal Guides, uninstall instructions

What is Inbox Manager?

Inbox Manager is yet another deceptive application that falsely claims to allow users to access their email inboxes. Its appearance suggests that Inbox Manager is a legitimate and useful app, however, it is categorized as a browser hijacker and a potentially unwanted application (PUA).

This application promotes a fake search engine, tracks browsing activity, and often infiltrates computers without users’ permission. In addition, this application is usually deployed with another browser hijacker called Hide My Searches.

What is "apple.com-shielding-devices[.]live"?

Apple.com-shielding-devices[.]live is a scam website, designed to promote the Cleanup My Mac application, by scaring users into removing viruses the site has detected. It must be stated, that all virus alerts this websites displays are fraudulent, i.e. detected threats are not actually present.

It is expressly advised against downloading and installing any apps suggested by such scam websites, as any dangers they claim to have found are imaginary.

Additionally, the cleaners and other similar apps they suggest - are likely to be nonfunctional. Usually, browsers open apple.com-shielding-devices[.]live and others akin to it, due to PUAs (potentially unwanted applications) already present in their Mac operating systems. Therefore, in most cases, access to such pages is unintentional.

What kind of malware is Torpig?

Torpig is the name of trojan-type malware that targets Microsoft Windows users. Research shows that this malicious program injects a component which operates as a keystroke logger (records key presses). Additionally, it can be used to download and execute various files that infect computers with other malware.

Torpig can cause serious damage and should therefore be removed from the operating system immediately.

What is "I Do Know Your Passwords"?

"I Do Know Your Passwords" is one of many email scams used to obtain money from recipients by deception. In this particular, email scammers claim that they have recorded a compromising video, which they will proliferate unless recipients pay $1000 in Bitcoins.

Note, all claims in emails of this kind are false and should not be taken seriously. We strongly recommend that you ignore these emails and delete them from the Inbox immediately.

What is Erenahen?

Discovered by GrujaRS, Erenahen is malicious software categorized as ransomware. Typically, when computers are infiltrated with programs like Erenahen, people cannot access their files since these programs encode them with strong encryption algorithms.

To regain access to their files, victims are encouraged to pay ransoms. I.e., purchase tools and/or keys from the cyber criminals who designed the ransomware. Erenahen renames all encrypted files by adding the ".Erenahen" extension. For example, "1.jpg" becomes "1.jpg.Erenahen". 

It also creates a ransom message within the "How_to_open_files.html" file, which contains instructions about how to pay the ransom.

What is Krypton Stealer?

Krypton is the name of a malicious software, it is designed to steal sensitive details (credentials) from people who have their computers infected with it.

Cyber criminals can purchase this tool from foreign (darkweb) forums and spread it in various ways. Krypton Stealer can cause serious problems, for this reason it should be removed from the operating system as soon as possible.

What is HSBC Email Virus?

"HSBC Email Virus" is another spam email campaign similar to ADP Invoice, Barclays Secured Message, Sage Invoice, and many others.

This campaign is designed to distribute a trojan-type virus called TrickBot. The emails essentially state that the a money payment has not been processed and encourages users to open an attached MS Word document for more information. This is a scam - once opened, the attachment stealthily downloads and installs malware.

What is noorotin[.]biz?

There are thousands of rogue websites out there, and noorotin[.]biz is one of them. These sites share many common traits, for example: push4free.com, newsredir.com, dreamteammyfriend.com and etc. are all very similar. They are designed to redirect to untrustworthy and/or malicious sites, as well as present users with questionable content (including click-bait). Visitors to noorotin[.]biz rarely access it willingly; they mostly enter it by being redirected.

Such redirects are caused by either clicking on intrusive advertisements (usually hosted by compromised websites) or by PUAs (potentially unwanted applications) already present in the device. It must be noted that these undesirable applications do not need explicit user consent to be installed onto their systems.

Once successfully installed, they generate unauthorized redirects to dubious/hazardous sites, deliver invasive advertisement campaigns (e.g. pop-ups, banners, coupons, etc.) and some can even track data.

What is Carambis Driver Updater?

Carambis Driver Updater is an application, allegedly able to manage drivers (find relevant new/missing ones, update existing ones and so on). It is spread through its official site and can be inadvertently downloaded/installed as an addition to other software.

In other words, it is packed into the download/installation setups of regular programs. The latter mode of proliferation is termed "bundling" and due to user haste and inexperience can often lead to various system invasions. As users mostly have Carambis Driver Updater installed onto their devices unwillingly, it is categorized as a PUA (potentially unwanted application).

What is b00m?

Belonging to the CryptoJoker ransomware family and discovered by Raby, b00m is one of many different ransomware-type programs. Ransomware is malicious software usually designed to encrypt files. Cyber criminals distribute these programs so they are able to extort money from people by forcing them to pay a ransom (in effect, purchase a decryption tool and/or key).

Like most programs of this type, b00m renames all encrypted files. In this case, it adds an email address and a new extension (".b00m"). For example, "1.jpg" becomes "1.jpg.[rans0me@protonmail.com].b00m". It also creates a text file called "HACKED.txt" containing a ransom message and instructions about how to pay the ransom.