Virus and Spyware Removal Guides, uninstall instructions

What is "Outriger Email Virus"?

"Outriger Email Virus" is one of many spam campaigns used by scammers who send emails containing malicious attachments, or web links leading to them. In this case, cyber criminals proliferate an archive file (ZIP), which contains a malicious program called Adwind.

The main purpose of this email scam is to trick users into downloading and installing the virus. We strongly advise that you ignore this and other similar emails (do not open the attachments or web links).

What is BeeAware?

BeeAware (also known as BeAware) is an adware-type potentially unwanted application (PUA) that users often install unintentionally. These PUAs are designed to deliver various online advertisements and record information relating to browsing habits. Uninstall these applications immediately, since they can cause a number of issues.

What is Project57?

There are many ransomware-type programs available on the internet, including Project57, which was first discovered by Michael Gillespie. Like most infections of this type, it encrypts data (makes files unusable) and keeps them in this state until developers receive a ransom payment (in this case, in Bitcoins).

Project57 adds the ".[ti_kozel@lashbania.tv].костя баранин" extension to each encrypted file. For example, "1.jpg" becomes "1.jpg.[ti_kozel@lashbania.tv].костя баранин". Project57 also displays a ransom-demand message (in Russian) within an HTML file called "DECRYPT.HTML".

What is Nostro?

Discovered by Michael Gillespie, Nostro is a computer infection that belongs to the Garrantydecrypt ransomware family. Once a computer is infected, Nostro blocks access to files by encryption and displays a ransom-demand message within the "#RECOVERY_FILES#.txt" text file.

Encrypted files are renamed by adding the ".nostro" (or ".NOSTRO") extension. For instance, "1.jpg" becomes "1.jpg.nostro" (or "1.jpg.NOSTRO").

What is VACv2?

Belonging to Paradise ransomware family, VACv2 is a malicious program (ransomware) that was discovered by MalwareHunterTeam. Like most ransomware-type programs, it is designed to lock (encrypt) files stored on the system. Cyber criminals who design these infections generally demand ransom payments (in a cryptocurrency) to decrypt files.

In this case, VACv2 victims are presented with a ransom message in a "$%%! NOTE ABOUT FILES -=!-.html" file. All encrypted files are renamed by adding ".VACv2" plus the victim's ID and developer's email address to the extension. For example, "1.jpg" might become "1.jpg_Z4WAHYZjHWMot6yi_{pittt@prt-decrypt.xyz}.VACv2".

What is goto-searchitnow.global.ssl.fastly.net?

goto-searchitnow.global.ssl.fastly.net is another variant of a fake search engine called searchitnow.info. Developers claim that this site enhances the browsing experience by generating improved results.

Judging on appearance, goto-searchitnow.global.ssl.fastly.net may seem legitimate, but developers promote it using browser-hijacking downloaders/installers that modify browser options without permission. In addition, goto-searchitnow.global.ssl.fastly.net continually records information relating to browsing activity.

What is "Microsoft Authorised Device Care"?

"Microsoft Authorised Device Care" is a deceptive website that may seem to be a legitimate virus alert from Microsoft. In fact, Microsoft has nothing to do with this scam. Typically, users are redirected to these websites by potentially unwanted applications (PUAs).

These unwanted apps are often installed unintentionally without direct user permission. Once installed, they usually deliver intrusive ads and gather various data.

What kind of scam is "$1000 VISA Gift Card"?

"$1000 VISA Gift Card" is a scam message delivered by various deceptive websites. Research shows that many visitors arrive at these sites inadvertently - they are redirected by potentially unwanted applications (PUAs) or intrusive ads delivered by other rogue sites.

Be aware that unwanted apps typically infiltrate systems without permission and, as well as causing redirects, record sensitive information and deliver intrusive advertisements.

What is hesthenhepattont.club?

hesthenhepattont.club is categorized as a rogue website (similar to click.newsfeed.support, 1fuzz.com, 366security.site, and many others) that displays content and redirects visitors to other untrustworthy web pages. Users often arrive at this website unintentionally due to potentially unwanted apps (PUAs) installed on their systems.

In fact, many people also install PUAs inadvertently. When installed, they cause redirects, deliver intrusive ads, and collect browsing-related data.

What is resultsinquire.com?

resultsinquire.com is very similar to trackpackage.world, advisurf.com, web-explore.com, and many other sites. This fake search engine is presented as a legitimate site such as Google, Yahoo, and other well-known search engines.

In fact, resultsinquire.com is promoted using rogue download/installation set-ups that hijack browsers and modify settings. Be aware that it gathers data relating to users' browsing activity, provides no search results, and simply causes redirects to other random/dubious websites.