Virus and Spyware Removal Guides, uninstall instructions

What is "Brexit Email Virus"?

These email scams are often used to trick recipients into downloading and opening an attachment. In this case, users are encouraged to click a link that leads to a malicious file. Scammers/cyber criminals use "Brexit Email Virus" to distribute Ursnif, a trojan-type computer infection used to record personal/sensitive details.

If you have received this email, we strongly recommend that you ignore it and certainly do not click/open any links.

What is Doubleoffset?

Doubleoffset is a computer infection that belongs to the Cryakl ransomware family. Typically, cyber criminals attempt to infect computers with ransomware for the purposes of blackmail - they demand ransom payments in return for decryption tools or keys.

Doubleoffset renames all encrypted files by prepending the "email-biger@x-mail.pro.ver-CL 1.5.1.0.id-[victim's_ID].fname-" string and adding the ".doubleoffset" extension. For example, "1.jpg" might be renamed to a filename such as "email-biger@x-mail.pro.ver-CL 1.5.1.0.id-512064768-82822172792612420478100.fname-1.jpg.doubleoffset". 

Doubleoffset also generates a "README.txt" text file and opens a pop-up window. Other variants of this ransomware use "email-coolguay@tutanota.com.ver-CL 1.5.1.0.id-512064768-82822172792612420478100.fname-1.jpg.doubleoffset" extension for encrypted files.

What is barbitinnovans.info?

The internet is full of untrustworthy, rogue websites including barbitinnovans.info. This site is very similar to many other dubious websites such as touchpushthen.info, googlo.co, and hotchedmothe.club. Its main purpose is to redirect users to other dubious/untrustworthy websites.

Users often visit barbitinnovans.info unintentionally, since they are redirected to it by potentially unwanted applications (PUAs). These apps are usually installed without users' knowledge, cause redirects, deliver advertisements, and collect browsing-related information.

What is "FORTUNADIGITAL Email Virus"?

"FORTUNADIGITAL Email Virus" is an email scam used by cyber criminals who attempt to trick recipients into downloading and installing Remcos RAT, a remote access tool. Like most spam email campaigns, this one contains an attachment presented as a legitimate document.

Once opened, however, it installs the remote access tool. Remcos RAT is a legitimate tool, however, it is often used by cyber criminals to generate revenue in malicious ways. Therefore, we strongly recommend that you ignore "FORTUNADIGITAL Email Virus" scam email messages.

What is Gerber?

Discovered by Emmanuel_ADC-Soft, Gerber is categorized as malicious software (ransomware) that blocks access to data by encryption. Once a computer is infected, it renames each locked file by adding the ".gerber5" extension (the extension contains a unique ID that is assigned to each victim individually).

For example, "1.jpg" might become "1.jpg.!!BVINO!!.MrAlex.gerber5", and so on. Gerber also generates a "Decrypt.TXT" text file, a pop-up window, and changes the desktop wallpaper, all of which present ransom messages.

What is Outsider?

Outsider is classified as a ransomware-type computer infection designed make files unusable by encryption. This virus was discovered by GrujaRS, and like most programs of this type, renames each encrypted file by adding a specific extension - in this case, ".protected".

For example, "1.jpg" becomes "1.jpg.protected". Outsider also generates a "HOW_TO_RESTORE_FILES.txt" ransom message and places it in every folder that contains locked files.

What is touchpushthen.info?

touchpushthen.info is a rogue website designed to cause redirects to other dubious sites. It is virtually identical to defpush.com, tweakingtools.info, and dozens of others. Research shows that many visitors arrive at this site inadvertently - they are redirected by potentially unwanted applications (PUAs) or intrusive ads displayed on other rogue sites.

Be aware that PUAs usually infiltrate systems without users' consent. As well as causing redirects, they deliver intrusive advertisements and gather information relating to web browsing activity.

What is googlo.co?

googlo.co is a rogue site identical to hotchedmothe.club, cliksource.cool, and many others. This site redirects users to other dubious websites. Generally, users visit googlo.co inadvertently - they are redirected by potentially unwanted applications (PUAs) or intrusive ads displayed on other rogue sites.

Research shows that potentially unwanted applications usually infiltrate systems without permission and, as well as causing redirects, deliver intrusive advertisements and gather sensitive data.

What is Santa?

Santa is a high risk virus categorized as ransomware and belonging to the Dharma family. Santa's purpose is to encrypt files stored on victims' computers, thus allowing ransomware developers to demand payments in return for decryption tools or keys. Santa generates a ransom demand pop-up window and a "FILES ENCRYPTED.txt" text file.

It also renames each encrypted file by adding the ".santa" extension, plus an email address and ID. For example, "1.jpg" might become "1.jpg.id-1E857D00.[newsantaclaus@aol.com].santa".

What is UNILEVER email virus?

"UNILEVER Email Virus" is categorized as a spam campaign. Scammers send email messages to hundreds (or even thousands) of people hoping that some will open the delivered attachment. There are many similar scams available, but this one is used to spread the LokiBot virus via the attachment. We strongly recommend that you ignore the message and do not open the attached file.