Virus and Spyware Removal Guides, uninstall instructions

What is advisurf.com?

advisurf.com is one of many fake search engines. Some examples of other similar or identical search engines are web-explore.com, navig-gg.com, and maxsearch.live. These sites and advisurf.com may seem legitimate, since their appearance is similar to popular search engines such as Google.

In fact, developers promote advisurf.com using browser-hijacking installation/download set-ups that modify browser settings without direct user permission. This fake search engine also collects various data relating to users' browsing habits.

What is organicalews.info?

organicalews.info is a deceptive website virtually identical to notify-lastnews.online, strialdeather.info, go.oclaserver.com, and many others. It redirects users to various other dubious sites. Research shows that visitors usually arrive at organicalews.info inadvertently - they are redirected by potentially unwanted applications (PUAs) or intrusive ads displayed on other rogue sites.

PUAs typically infiltrate systems without permission and, as well as causing redirects, deliver intrusive advertisements and gather information.

What is feed.prospeedcheck.com?

feed.prospeedcheck.com is a fake search engine (similar or identical to search.hyourtelevisionnow.com, searcholive.com, findprivate.online, and many others). Like most search engines of this type, feed.prospeedcheck.com is promoted using a browser hijacker (a potentially unwanted application or PUA) called Pro Speed Check.

Developers state that this app allows users to test connection performance and offers an improved browsing experience and search results. In fact, most users install PUAs inadvertently. Furthermore, this app and its associated fake search engine record information relating to browsing activity.

What is INFOWAIT?

INFOWAIT is a virus, a high-risk ransomware-type computer infection that was discovered by Emmanuel_ADC-Soft. It belongs to the DATASTOP ransomware family (a new variant). INFOWAIT is designed to encrypt (lock) files and rename them by adding the ".INFOWAIT" extension.

For example, once encrypted, it renames "1.jpg" to "1.jpg.INFOWAIT", and so on. It also creates a ransom note, a text file called "!readme.txt". During encryption, this virus also displays a fake Windows update pop-up window.

What kind of software is Remcos?

Remcos (Remote Control and Surveillance) is a Remote Access Tool (RAT) that anyone can purchase and use for whatever purpose they wish. The tool itself is is presented as legitimate, however, although Remcos's developers strictly forbid misuse, some cyber criminals use this tool to generate revenue by various malicious means.

Research shows that many cyber criminals proliferate these infections using spam email campaigns. Some examples include "DHL Email Virus" and "Arrival Notice Email Virus".

What is "Dirty secrets of your life"?

"Dirty secrets of your life" is just one of many spam email campaigns used by scammers who threaten people by claiming that they have obtained compromising material, which they will proliferate unless ransoms are paid. In fact, this is a scam. Emails sent by spam campaigns should never be trusted.

What is Ghost?

Cyber criminals use the Ghost ransomware-type virus to infect systems and encrypt data, thereby making it unusable until the ransom demands are met. Ghost was discovered by MalwareHunterTeam. Once a computer is infected, this virus renames all encrypted files by adding the ".Ghost" extension.

For example, "1.jpg" becomes "1.jpg.Ghost", and so on. Ghost is designed to display a ransom note in a pop-up window.

What is ARGUS?

ARGUS is a ransomware-type virus discovered by Amigo-A. Following successful infiltration, ARGUS compromises (encrypts) most stored data using an RSA-2048 encryption algorithm. It also appends filenames with the ".ARGUS" extension (e.g., "sample.jpg" is renamed to "sample.jpg.ARGUS").

Encrypted data instantly becomes unusable. In addition to locking files, ARGUS changes the desktop wallpaper and creates an HTML file ("ARGUS-DECRYPT.html"), placing a copy in every existing folder.

What is Vapor?

Vapor is a ransomware virus designed to encrypt victims' files and make ransom demands. Vapor developers use an AES cryptography algorithm to encrypt files. Once files are locked, they become unusable. Vapor renames each encrypted file by adding the ".Vapor" extension.

For example, "1.jpg" becomes "1.jpg.Vapor", and so on. This virus is also designed to display a ransom demand pop-up window with a timer.

What is Fire?

Fire (a new variant of Dharma) is a high-risk virus that is categorized as ransomware. This infection was discovered by Jakub Kroustek and is designed to infect operating systems and lock all files by encryption. All encrypted files are renamed by adding the ".fire" extension plus an ID and email address.

For example, "1.jpg" might be renamed to a filename such as ".1jp.id-1E857D00.[suppfirecrypt@qq.com].fire". Fire ransomware also creates a text file, a ransom note within a file called "FILES ENCRYPTED.txt", and displays a ransom-demand pop-up window.