Virus and Spyware Removal Guides, uninstall instructions

What is "Transfast Email Virus"?

"Transfast Email Virus" is yet another spam email campaign used to spread the Ave Maria trojan. Cyber criminals send hundreds of thousands of deceptive emails encouraging recipients to open an attached "payment slip". In fact, the file is malicious, and opening it leads to a malware infection.

What is "advancemactools[.]live"?

advancemactools[.]live belongs to a network of websites that promote various potentially unwanted applications (PUAs) for Mac computers.

Users typically visit sites such as advancemactools[.]live inadvertently, as they are redirected by intrusive advertisements (displayed on other rogue sites) or potentially unwanted applications already present on the system. Apps that cause redirects usually infiltrate systems without users' consent, record data, and deliver intrusive advertisements.

What is foSTE?

Discovered by Michael Gillespie, foSTE is high-risk ransomware that belongs to the GlobeImposter ransomware family. As with most ransomware infections, foSTE encrypts stored data, thereby rendering it unusable. Additionally, foSTE appends each filename with the ".foSTE" extension (hence its name).

For example, "sample.jpg" is renamed to "sample.jpg.foSTE". As well as encrypting data, foSTE generates an HTML file ("how_to_back_files.html") and stores it on the desktop.

What kind of malware is HYDRA?

Belonging to the Jigsaw ransomware family, HYDRA is a high-risk ransomware infection discovered by Michael Gillespie. After successfully infiltrating the system, HYDRA encrypts most stored files, rendering them unusable. In addition, HYDRA adds the ".HYDRA" extension to each filename (e.g., "sample.jpg" becomes "sample.jpg.HYDRA").

Once files are completely compromised, HYDRA opens a pop-up window with a ransom-demand message.

What is PasteBoard?

PasteBoard (also known as PasteBoardHelper) is an ordinary adware-type application that usually infiltrates computers without users' consent.

It is very likely to install together with the Spotlight.app and Spaces.app unwanted apps, which are designed to redirect users to searchbaron.com. After successful infiltration, PasteBoard continually delivers intrusive advertisements and records information relating to users' browsing habits.

What is news-easy[.]com?

news-easy[.]com is a rogue website that shares many similarities with check-out-this.site, edchargina.pro, chainthorn.com, and dozens of other rogue sites. Note that news-easy[.]com feeds users with dubious content and redirects them to other dubious sites.

Research shows that users generally arrive at news-easy[.]com inadvertently - they are redirected by potentially unwanted applications (PUAs) or intrusive advertisements displayed on other dubious sites. PUAs typically infiltrate computers without users' consent. In addition to causing redirects, PUAs deliver advertisements and monitor users' internet browsing activity.

What is ZeroF*cks?

ZeroF*cks is one of many ransomware-type infections discovered by malware researcher Petrovic. This ransomware infiltrates computers and encrypts most stored files, appending filenames with the ".zerofcks" extension (e.g., "sample.jpg" becomes "sample.jpg.zerofcks").

Once encryption is complete, ZeroF*cks generates a text file called "Bitcoin_Address.txt" and stores it on the desktop. Additionally, ZeroF*cks opens a pop-up window.

What kind of page is adf.ly?

adf.ly is a legitimate website that provides a URL-shortening service. This website pays registered users for sharing shortened links, since visitors are presented with a five-second advertisement prior to being given access the chosen website.

The delivered advertisements, however, might redirect to other websites that promote unwanted applications or display deceptive browser notifications.

What is "kromtech[.]net"?

kromtech[.]net is a rogue domain used to promote MacKeeper, a potentially unwanted application (PUA). This domain redirects visitors to various landing pages that promote the MacKeeper PUA. Research shows that users typically visit kromtech[.]net inadvertently - they are redirected by PUAs already installed on the system.

What is Budak?

Budak is high-risk ransomware that belongs to the Djvu ransomware family. As with most ransomware infections, Budak stealthily infiltrates computers, encrypts most stored files, and appends each filename with the ".Budak" extension (hence the ransomware name).

For example, "sample.jpg" becomes "sample.jpg.Budak". Once data is encrypted, Budak generates a text file ("_readme.txt") and stores a copy in every existing folder.