Virus and Spyware Removal Guides, uninstall instructions

What is "AOL Email Scam"?

"AOL Email Scam" is another spam email campaign used by cyber criminals. Unlike most of these campaigns, which attempt to trick users into downloading/installing malware or sending money to cyber criminals, "AOL Email Scam" attempts to trick them into entering AOL email account credentials.

This method is called phishing. Criminals send thousands of deceptive email messages stating that users' accounts are about to be "shutdown" and encourage them to cancel the process. This is all simply a scam.

What is Ppam?

Discovered by Petrovic, Ppam is a high-risk computer infection classified as ransomware. Most ransomware-type programs are designed to encrypt data (blocking access to it) and display ransom-demand messages. In this case, Ppam creates a ransom message within the "Restore-My-Files.txt" file, placing it in all folders.

This ransomware renames all encrypted files by adding the ".ppam" extension. For example, "1.jpg" becomes "1.jpg.ppam". At time of research, Ppam also ran the "font.exe (32-bit)" process in Task Manager.

What is jundmd@cock.li?

jundmd@cock.li is another ransomware-type virus discovered by malware security researcher, Petrovic. Once infiltrated, jundmd@cock.li encrypts most stored data and appends filenames with the ".jundmd@cock.li!!" extension.

For example, "sample.jpg" becomes "sample.jpg.jundmd@cock.li!!". Following successful encryption, jundmd@cock.li generates a text file ("Help to decrypt.txt") and places a copy in each existing folder.

What is GootKit?

GootKit (also known as talalpek, Trojan.GootKit or Xswkit) is a trojan-type malicious computer program. Like many other trojans, GootKit steals various personal, confidential information.

Once installed, it also acts as a 'backdoor' allowing cyber criminals to access and control a computer remotely (e.g. to download additional files to an infected computer). GootKit is often distributed using another trojan-type program called Emotet.

What is "Error Code XLMR01F7985"?

Scammers use "Error Code # XLMR01F7985" to deceive people into believing that an error has occurred on the Windows Operating System and they should contact Microsoft technical support. This is simply a scam, a fake error message that is displayed on an untrustworthy, deceptive website.

Typically, people do not visit websites of this type intentionally - they are redirected to them by potentially unwanted applications (PUAs) that are installed on computers or web browsers.

Many users install these apps inadvertently without their knowledge. As well as unwanted redirects, PUAs record data (relating to browsing activity and other details) and serve users with various intrusive advertisements.

What is search.tapufind.com?

search.tapufind.com (also known as feed.tapufind.com) is a fake search engine (virtually identical to search-me.club, search.hogwarin.com, miksearch.club, and many others) that is promoted using the TapuFind browser hijacker.

This app is supposedly capable of delivering improved search results, however, it is also categorized as an unwanted app that most users install unintentionally. Once installed, TapuFind modifies browser settings and gathers browsing-related information.

What is ind1cate.com?

ind1cate.com is a rogue website similar to click-on-this.today, cpi-offers.com, bluegrated.com, and many others. This website delivers dubious content and causes redirects to other sites. Most visitors arrive at ind1cate.com inadvertently - they are redirected by potentially unwanted applications (PUAs) or intrusive advertisements displayed on other dubious sites.

Research shows that PUAs typically infiltrate systems without users’ permission. As well as causing redirects, these apps deliver intrusive advertisements and record user-system information relating to browsing activity.

What is Mdk4y?

Mdk4y is a computer infection classified as ransomware. Ransomware-type viruses are malicious programs that cyber criminals use to encrypt data stored on victims' computers. To regain access to their data, users are encouraged to pay a ransom. This particular computer infection was discovered by Leo.

Mdk4y renames each encrypted file by adding the ".mdk4y" extension. For example, "1.jpg" becomes "1.jpg.mdk4y". It also places the "HOW_TO_RETURN_FILES.txt" ransom message in all folders on infected computers and runs a process in Task Manager (the name of which is a random string).

What is defendsearch.com?

There are many fake search engines that are virtually identical to defendsearch.com, for example: resultsinquire.com, trackpackage.world and advisurf.com. It might look very similar to other well known search engines such as Google, Yahoo and so on.

However, this one is being promoted using rogue download and/or installation set-ups that are designed to modify browser's settings without user's consent. Besides, it also collects information related to its users browsing habits and causes redirects to questionable, untrustworthy web pages.

What is "Comcast Cable Communications congratulations"?

Comcast Cable Communications is a legitimate provider of cable operator services in the US. Note, however, that Cable Communications has nothing to do with the "Comcast Cable Communications congratulations" scam. Scammers promote this pop-up scam as a lottery, an offer to win a Walmart Gift Card.

Generally, these fraudulent pop-ups scams, and others, are promoted through dubious, deceptive websites. Few users arrive at these websites intentionally - most people are forced to visit them by unwanted applications installed on the system.

These apps are often installed stealthily, or users install them inadvertently. They go on to cause unwanted redirects, serve users with intrusive advertisements, and collect information relating to browsing habits (and other data).