Virus and Spyware Removal Guides, uninstall instructions

What is ONI?

ONI is a ransomware-type virus discovered by MalwareHunterTeam. After infiltration, ONI encrypts most stored files. In addition, it renames them using the "[random_letters_and_digits].ONI" pattern. For instance, "sample.jpg" might be renamed to a filename such as "AE6966EA6F736F667420454411652E6C6E6B.ONI".

Once encrypted, data immediately becomes unusable and indistinguishable. Furthermore, ONI generates a text file ("RESTORE_ONI_FILES.txt") and places a copy in every existing folder.

What is BID PURCHASE DOCUMENT?

"BID PURCHASE DOCUMENT" is a spam email campaign used to proliferate a trojan-type virus called FormBook. It is very similar to Swisscom Email Virus, Complaint Email Virus, AT&T Invoice Email Virus, and many others.

As usual, criminals send hundreds of emails that contain deceptive messages encouraging users to open attachments, however, the attached Microsoft Office documents download and install malware - opening them results in infiltration of FormBook.

What is Swisscom Email Virus?

"Swisscom Email Virus" is a spam email campaign similar to Complaint Email Virus, DHL Email Virus, AT&T Invoice Email Virus, and many others. Cyber criminals use this campaign to distribute a high-risk trojan called Ursnif. They send thousands of emails that contain false invoices and encourage users to visit links to view them. This, however, results in system infection.

What is Mac Heal Pro?

Developers present Mac Heal Pro as a great tool to clean the system and optimize performance.

Judging on appearance alone, Mac Heal Pro may seem legitimate and useful, however, this dubious app often infiltrates systems without users’ permission - developers distribute it using a deceptive marketing method called "bundling". Therefore, Mac Heal Pro is categorized as a potentially unwanted application (PUA).

What is Counterflix?

Counterflix is a deceptive application identical to Gostify. Both offer functionality (DNS services) providing access to various websites restricted in the user's country. This application may seem legitimate, however, it is classed as a potentially unwanted program (PUP) and adware.

There are three main reasons for these negative associations: stealth installation without users' consent, tracking of the Internet browsing activity, and display of intrusive online advertisements.

What is WARNING WITHOUT ANTIVIRUS, YOUR SYSTEM IS AT HIGH RISK?

Similar to Website You Visited Infected Your Mac With A Virus, Apologies For Interruption!, You Mac May Be Infected By A Virus!, and many others, "WARNING WITHOUT ANTIVIRUS, YOUR SYSTEM IS AT HIGH RISK" is a fake error message delivered by various deceptive websites.

Research shows that users typically visit these sites without consent, since they are redirected by potentially unwanted applications (PUAs) and intrusive advertisements (displayed on other rogue sites).

Furthermore, potentially unwanted applications usually infiltrate systems without permission and, as well as causing redirects, gather sensitive information and deliver intrusive advertisements.

What is wowmovix.com?

WowMovix is a deceptive application that supposedly allows users to watch various movies, trailers, and other online media free of charge.

Initially, this functionality may seem legitimate and useful, however, this app is categorized as a potentially unwanted application (PUA) and a browser hijacker. There are three main reasons for these negative associations: 1) promotion of a fake search engine [wowmovix.com]; 2) tracking of browsing activity, and; 3) infiltration without users' consent.

What is Maftask?

Maftask (or mafntask) is the process name of a deceptive application called Mac Auto Fixer. Developers promote Mac Auto Fixer using a deceptive marketing method called "bundling" and, thus, it often infiltrates systems without consent. For these reasons, Mac Auto Fixer is categorized as a potentially unwanted application (PUA).

What is e.tre456_worm_osx Trojan Virus?

"e.tre456_worm_osx Trojan Virus" is a fake error message similar to Website You Visited Infected Your Mac With A Virus, Apologies For Interruption!, and many others. It is displayed by various deceptive websites.

Most users visit theses sites inadvertently - they are redirected by potentially unwanted applications (PUAs) that infiltrate systems without permission or intrusive ads generated by other dubious sites. Research shows that, in addition to redirects, potentially unwanted applications record sensitive data and deliver intrusive advertisements.

What is click.new-posts.support?

click.new-posts.support is a rogue site similar to adxfactory.com, click-now-on-this.online, and many others. The site redirects users to various other untrustworthy (potentially, malicious websites).

Research shows that many visitors arrive at click.new-posts.support inadvertently - they are redirected by intrusive ads (displayed by other rogue sites) or potentially unwanted applications (PUAs). Be aware that potentially unwanted applications typically infiltrate systems without consent.

As well as causing redirects, they deliver intrusive advertisements and record sensitive information.