Virus and Spyware Removal Guides, uninstall instructions

What is .pptx?

.pptx is one of many ransomware-type viruses that is designed to infect computers and lock/encrypt stored files.

The virus belongs to the GlobeImposter ransomware family and changes the extension of all encrypted files by adding ".PPTX". For example, "sample.jpg" becomes "sample.jpg.PPTX", "1.jpg" becomes "1.jpg.PPTX", and so on. It also creates a "READ_ME.txt" text file and places a copy in every folder that contains encrypted files.

What is DataWait?

DataWait is high-risk ransomware-type virus designed to infiltrate computers by encrypting stored data. This virus was discovered by MalwareHunterTeam and is a variant of SAVEfiles ransomware. Once a computer is infected with DataWait, it locks files and renames them by adding the ".DATAWAIT" extension.

For example, "sample.jpg" becomes "sample.jpg.DATAWAIT" after encryption. It also creates a "!readme.txt" text file containing a ransom-demand message.

What is "AdSafeProtected"?

Adsafeprotected.com is a legitimate domain owned by the Integral Ad Science company. This domain is used by various companies that deliver advertisements on legitimate websites, such as YouTube, Yahoo, Google, and so on. Some users encounter certain error messages relating to this domain, however, these are not indicators of serious problems.

What is "hello, sacrifice. This is my last warning!!!"?

Scammers use the "hello, sacrifice. This is my last warning!!!" spam email campaign to threaten people by claiming that they have obtained a compromising video of the recipient, which they will proliferate if their demands are not met. Typically, they urge people to pay a ransom in Bitcoins.

What is news-notification.tools?

news-notification.tools is another rogue site identical to lcontentdelivery.info, global-newws.site, filezog.com, and many others. This website causes redirects to other dubious sites.

Research shows that many visitors arrive at news-notification.tools inadvertently - they are redirected by potentially unwanted applications (PUAs) or intrusive ads displayed on other rogue sites. As well as causing redirects, PUAs generate intrusive advertisements and record user-system information.

What is navig-gg.com?

navig-gg.com is a fake search engine that is very similar (or even identical) to maxsearch.live, search-story.com, bestsearch.live, and many others. Its appearance barely differs from legitimate search engines such as Google or Yahoo. Therefore, many users believe that navig-gg.com is also legitimate.

In fact, developers promote this search engine using browser-hijacking download/installation set-ups that modify browser settings without direct user permission. Furthermore, navig-gg.com records browsing-related data.

What is NanoCore?

NanoCore is high-risk trojan, a remote access tool (RAT). In most cases, this malware is proliferated using spam email campaigns. Criminals send thousands of deceptive emails that contain malicious attachments. Once opened, these files immediately infect computers with viruses such as NanoCore.

The presence of this malware can cause serious issues, since the malware distributor gains remote access to the infected system.

What is ZU-Coupon?

According to its developers, the ZU-Coupon application allows users to find various deals, shops, ratings, and other information relating to shopping and coupons. This may seem to be a legitimate app, however, it is categorized as a potentially unwanted application (PUA) and adware.

In most cases, people install these applications unintentionally without direct user permission. Adware apps deliver ads and record information relating to browsing activity or even personal/sensitive data.

What is lcontentdelivery.info?

lcontentdelivery.info is one of many rogue websites that causes redirects to other dubious sites. It is virtually identical to filezog.com, amousinded.info, frash-news.club, and dozens of others.

Research shows that visitors often arrive at lcontentdelivery.info inadvertently - they are redirected by intrusive advertisements (displayed on other rogue sites) or potentially unwanted applications (PUAs). Most unwanted apps infiltrate systems without users' consent, cause redirects, deliver intrusive advertisements, and record information.

What is XUY?

Discovered by MalwareHunterTeam, the XUY virus is categorized as ransomware and likely to be based on another ransomware virus called Thron, which is essentially an updated version of Tron. Once installed, this virus encrypts files and blocks access to certain system tools such as Task Manager.

It renames encrypted files by adding the ".xuy" extension. For example, "sample.jpg" becomes "sample.jpg.xuy". XUY also displays a pop-up window that contains a ransom demand message.