Virus and Spyware Removal Guides, uninstall instructions

What is "Windows protected your PC"?

"Windows protected your PC" is the name of a tech-support scam promoted using a deceptive website. Like most of these scam websites, it often tricks people into believing that they need to contact scammers who pose as 'technicians', since the computers are supposedly infected and blocked. These websites cannot be trusted and the best option is to ignore and close them.

They are usually opened by potentially unwanted apps (PUAs) installed on browsers or computers. People do not generally visit these scam websites intentionally.

What is Hrosas?

Hrosas is a ransomware-type infection discovered by Michael Gillespie. This is yet another variant of high-risk ransomware called Djvu. Generally, Hrosas stealthily infiltrates the system and encrypts most stored data. Additionally, Hrosas appends each filename with the ".hrosas" extension.

For example, "sample.jpg" becomes "sample.jpg.hrosas". After successfully encrypting data, Hrosas places a text file in each existing folder.

What is ApplicationWork?

ApplicationWork (also known as Application.work) is one of many potentially unwanted applications (PUAs) that are distributed through other software (they are bundled into set-ups). This application is categorized as adware - software that serves users with intrusive advertisements. Furthermore, many PUAs of this type often gather user-system information.

What is IDP.Generic?

For people who use various anti-virus software, IDP.Generic is a common threat name. IDP is 'Identity Protection', so when a security application detects a threat called IDP.Generic, it indicates that it was detected by this component (Identity Protection), which generalized a detected file. This detection is often a 'false positive'.

What is youtubemp4[.]to?

The youtubemp4[.]to website can be used to download videos from YouTube by pasting a video link. The website itself is not malicious or harmful, however, it often causes redirects to other untrustworthy sites (it is used to promote dubious web pages). Another reason to avoid youtubemp4[.]to is that downloading videos from YouTube is illegal.

What is MixBuilder?

MixBuilder is a potentially unwanted app (PUA) classified as adware. If this app is installed, it indicates that there are more adware-type apps already installed on the system. MixBuilder app is installed through other ad-supportive software without users' consent.

Users with apps of this type installed on their systems are continually served with unwanted ads. Furthermore, PUAs often gather information relating to users' browsing habits.

What is y2mate[.]com?

Like many other websites of this type, y2mate[.]com offers a video and audio downloading service. It downloads video and audio files from the YouTube website. This is not a dangerous/malicious website, however, it contains various advertisements and it causes redirects to other dubious sites. Note that it is illegal to download videos from YouTube.

What is Verasto?

Verasto is high-risk ransomware discovered by Michael Gillespie. This malware belongs to yet another variant of a ransomware virus called Djvu.

As with its predecessor, Verasto encrypts stored data and renames each compromised file by adding the ".verasto" extension (e.g., "sample.jpg" is renamed to "sample.jpg.verasto"). Encrypted data instantly becomes unusable. Additionally, Verasto stores a text file called "READ_ME.txt" in every existing folder.

What is qdownloader[.]net?

qdownloader[.]net is an 'Online Video Downloader' for downloading videos from YouTube, Instagram, Twitter, Facebook, and other websites. Videos can be downloaded in several different formats. It is illegal to download videos from YouTube. Furthermore, qdownloader[.]net uses various advertising networks.

This does not indicate that the web page itself is harmful, however, using it can lead to unwanted redirects, download and installation of potentially unwanted apps (PUAs), and so on.

What is gwx.exe?

The gwx.exe file is a part of the Microsoft Windows operating system. Its purpose is to upgrade Windows operating systems from earlier versions to Windows 10. The gwx.exe file is placed in the "C:\Windows\System32\GWX" folder, however, like many legitimate processes, its name could be used to disguise a malicious file/process.