Virus and Spyware Removal Guides, uninstall instructions

What is "Error #31(0x1F)"?

"Error #31(0x1F)" is a fake (error/virus) alert message displayed only on deceptive, untrustworthy websites. According to this fraudulent alert, an unknown system failure has occurred. It also states that the computer is infected with malicious program/s.

These claims are common to websites of this type, however, another problem is that most people arrive at these websites inadvertently, since they are redirected by potentially unwanted applications (PUAs) installed on their systems. These apps are installed on browsers or within operating systems, often unintentionally.

They go on to feed users with advertisements and record various data relating to browsing activities.

What is Adwind?

Adwind is trojan-type malware that has many other names including (but not limiting to) AlienSpy, Frutas, JSocket, Sockrat, Unrecom, jRAT.

Criminals proliferate this malware in various ways such as spam emails and fake Adobe Flash Player updates. We can also assume that Adwind infiltrates systems with various adware-type programs (via the so-called "bundling" method) that feed users with intrusive advertisements and gather sensitive data.

What is .vaca?

Discovered by Petrovic, .vaca is a ransomware-type program that belongs to the Xorist ransomware family and is designed to jeopardize computers and their users.

Cyber criminals use it to encrypt data and demand ransom payments. Once encrypted, all files are renamed by adding the new ".vaca" extension. For example, "1.jpg" becomes "1.jpg.vaca", and so on. The program displays an identical ransom demand message in the "HOW TO DECRYPT FILES.txt" text file and the "Error" pop-up window.

What is Cobalt Strike?

The Cobalt Strike tool is used to detect system penetration vulnerabilities. The tool itself is supposedly used for software testing to find bugs and flaws, however, cyber criminals often take advantage of such tools, and Cobalt Strike is no exception.

Research shows that these people send hundreds of thousands of spam emails that contain malicious Microsoft Word attachments designed to inject Cobalt Strike into systems.

What kind of malware is FormBook?

FormBook is a virus designed to steal personal data from victims' computers. Research shows that this malware is distributed using spam emails that contain malicious attachments. In addition, developers provide this virus as a 'service' - any aspiring cyber criminal can pay a subscription and gain access to the FormBook tool.

The list of victims is large, however, most FormBook infections have been detected in USA and South Korea.

What is Maps2Go?

The Maps2Go app provides driving directions and is promoted as a map search application for MacOS. In fact, it is categorized as a potentially unwanted application (PUA), since developers promote it using a deceptive marketing method called "bundling". Therefore, some users install this PUA unintentionally.

What is nsandreskethep.club?

nsandreskethep.club is one of many untrustworthy, rogue websites online that include butfirecrangu.club, notify-service.com, and bohemuchnehe.club. This website redirects visitors to other dubious, deceptive sites or displays untrustworthy content. Most people end up visiting this website due to potentially unwanted apps (PUAs) unintentionally installed on their systems.

Furthermore, if installed, these apps cause unwanted redirects, serve users with intrusive ads, and gather browsing-related information.

What kind of malware is Hancitor?

Hancitor is a high-risk trojan-type virus. Developers proliferate this malware using various spam email campaigns such as Here Is Your Fax Email Virus, AT&T Invoice Email Virus, and many others.

After successful infiltration, Hancitor introduces other malware to infect the system. Therefore, this malware opens 'backdoors' for other viruses to infiltrate.

What is "UniCredit Bank Email Virus"?

Cyber criminals use the "UniCredit Bank Email Virus" scam to trick recipients of bogus emails into infecting their computers with a malicious program called FormBook. They proliferate an email that contains a malicious attachment that, once opened, causes the computer infection.

This email is presented as a notification from UniCredit Bank, however, this is simply a scam and it should not be trusted or taken seriously. We strongly recommend that you ignore it.

What is Healforyou?

Healforyou is a new variant of GlobeImposter. This malicious program is categorized as ransomware: a program that encrypts data and allows its developers to make ransom demands. Healforyou adds the ".healforyou" extension to every encrypted file. It renames "1.jpg" to "1.jpg.healforyou", and so on.

It also generates a "how_to_back_files.html" file and places a copy in each folder that contains encrypted data.