Virus and Spyware Removal Guides, uninstall instructions

What is YTLoader?

The YTLoader application is used to download videos from YouTube. Many apps offer video download features, but YTLoader is categorized as an adware-type, potentially unwanted app (PUA). Most users install this software inadvertently. It also delivers advertisements and records browsing-related (and other) data.

What is IEncrypt?

First discovered by S!Ri, IEncrypt is another ransomware-type virus designed to encrypt files using AES cryptography. During encryption, IEncrypt appends filenames with the "PCname_of_company" extension. This ransomware typically targets companies, rather than individual users.

We examined a variant of IEncrypt that exploited the name of a German company called Krauss-Maffei and, thus, the extension was ".kraussmfz". Other known extensions used by this ransomware are ".midwestsurinc", ".0riz0n", ".n3xtpharma", ".grupothermot3k" and ".cmsnwned".

This ransomware also generates an identical text file for each encrypted file. Each has a unique name associated with the encrypted file (e.g., "1.jpg.kraussmfz_readme.txt"). All text files contain an identical ransom-demand message.

What kind of scam is "I have bad news for you"?

The "I have bad news for you Email Scam" email is categorized as being part of a spam campaign used by cyber criminals (scammers) who attempt to threaten and trick people into paying money.

In most cases, scammers send an email stating that they have recorded a compromising video or image of the recipient and, if their demands are not met, they will proliferate the material to everyone on the user's contacts list.

What is servedbytrackingdesk.com?

servedbytrackingdesk.com is just one of many rogue websites very similar to maroopush.com, lepnta.com, pushmeandtouchme.info, and many others. The site designed to redirect visitors to other dubious (potentially malicious) websites. 

Typically, users visit this website unintentionally - they are redirected to it by potentially unwanted apps (PUAs). In some cases, unwanted redirects are caused by intrusive advertisements displayed on other dubious sites. Users often install PUAs inadvertently - these apps deliver intrusive ads and record data relating to browsing habits.

What is maroopush.com?

The internet is full of rogue websites similar to maroopush.com. Examples include lepnta.com, pushmeandtouchme.info, bnewsb.com, and many others. These websites redirect visitors to other untrustworthy, dubious sites. Generally, people do not visit maroopush.com intentionally - they are redirected to it by potentially unwanted applications (PUAs).

Most people install PUAs inadvertently. These apps cause redirects, deploy intrusive ads, and record data relating to browsing activity.

What is Delphimorix?

Delphimorix is high-risk computer infection categorized as a ransomware-type virus. It is based on InducVirus and designed to encrypt data stored on a computer. Once encrypted, files become unusable and cannot be decrypted without a specific decryption tool or key.

Delphimorix renames each encrypted file by adding the ".449043" extension. For example, "1.jpg" becomes "1.jpg.449043". Once a computer is infected with this ransomware virus, it displays a ransom note in a pop-up window.

What is lepnta.com?

lepnta.com is a rogue website, which is similar or identical to many others of this type, including apushnotification.com, acadestypicallic.info, and funnwebs.com. Users who visit lepnta.com are redirected to other untrustworthy sites. Most users do not arrive at lepnta.com site willingly - potentially unwanted applications (PUAs) force redirects to it.

PUAs not only infiltrate systems without a direct-permission, but also deliver intrusive ads and record browsing-related data.

What is "TNT Email Virus"?

"TNT Email Virus" is one of many spam email campaigns that is used by scammers to trick people (email recipients) into opening malicious attachments. Cyber criminals use email attachments (or web links) to proliferate high-risk viruses - in this case, the LokiBot virus.

The main purpose of these spam campaigns is to trick people into opening the link (and downloading the attachment) by presenting it as a legitimate message. Some examples of other similar email campaigns include Thanksgiving Email Virus, CitiBank Email Virus, and IRS Online Email Virus.

What is pushmeandtouchme.info?

pushmeandtouchme.info is another rogue site identical to bnewsb.com, apushnotification.com, acadestypicallic.info, and many others. This site is designed to cause redirects to a number of other dubious sites. Most visitors arrive at pushmeandtouchme.info inadvertently - they are redirected by potentially unwanted applications (PUAs) or intrusive advertisements displayed on other rogue sites.

Research shows that potentially unwanted applications typically infiltrate systems without permission. In addition to causing redirects, they deliver intrusive advertisements and gather information relating to browsing activity.

What is bnewsb.com?

There are hundreds rogue websites similar to bnewsb.com (including acadestypicallic.info, funnwebs.com, and pokolex.com) that redirect visitors to other deceptive, untrustworthy web pages. Most users do not visit bnewsb.com willingly - they are redirected by potentially unwanted applications (PUAs).

Typically, these unwanted apps infiltrate computers without permission, deliver advertisements, and gather browsing-related data.