Virus and Spyware Removal Guides, uninstall instructions

What is Microsoft Font Pack Was Not Found?

Identical to Adobe Flash Player Was Not Found, "Microsoft Font Pack Was Not Found" is a fake error displayed by a malicious website.

Research shows that users are often redirected to this site by various potentially unwanted programs (PUPs). In most cases, these programs infiltrate systems without users’ permission. Furthermore, PUPs deliver intrusive advertisements, gather data, and also misuse system resources to run unnecessary background processes.

What is CloudFront?

CloudFront is a legitimate service provided by Amazon allowing developers to improve users' web browsing experience by optimizing distribution of certain web content (read more here). Cyber criminals abuse this service to promote various web scam models and malicious programs (e.g., fake Adobe Flash Player updater, deceptive Calendar events, etc.).

If you continually encounter pop-ups that open with the cloudfront.net URL, your computer is probably infected with a type of malware (most likely adware or a browser hijacker).

What is Lime?

Lime is a ransomware-type virus discovered by malware security researcher, Leo. Immediately after infiltration, Lime encrypts most data and appends filenames with the ".Lime" extension (e.g., "sample.jpg" is renamed "sample.jpg.Lime"). Once files are encrypted, they become unusable.

After successfully encrypting data, Lime places two files on the desktop: 1) "#BackGround.png" [also set as the desktop wallpaper], and; 2) "#Decryptor.exe" [opens a file decryption tool].

What is search.hofficeworksuite.com?

Office Work Suite is presented as a legitimate application that allows users to edit MS Office documents.

Initially, Office Work Suite may seem legitimate and useful, however, this app is categorized as a browser hijacker and a potentially unwanted program (PUP). There are three main reasons for these negative associations: 1) stealth installation without users' consent; 2) promotion of a fake Internet search engine, and; 3) information tracking.

What kind of scam is "Deceptive site ahead"?

"Deceptive site ahead" is a pop-up message displayed by various web browsers. This error often confuses users, since it appears that the system is infected. This message is legitimate, however, there are cases when users encounter this warning without any real reason.

In such cases, there is a high probability that the system is infected with various unwanted programs.

What is hp.mysearch.com?

hp.mysearch.com is a deceptive website that supposedly enhances users' Internet browsing experience by generating improved results and providing quick access to various popular websites (such as YouTube, Facebook, Amazon, eBay, and so on).

Initially, hp.mysearch.com may seem legitimate and useful, however, developers promote this site via browser-hijacking extensions (potentially unwanted programs [PUPs]). These extensions typically infiltrate systems without users’ permission. Furthermore, they continually record sensitive information and, potentially, run unnecessary background processes.

What is GHOST ARMY?

Discovered by Jiri Kropac, GHOST ARMY is a ransomware-type virus that claims to be a legitimate VPN called Hide My Ass. GHOST ARMY is based on another high-risk malware infection called Crypt888.

Immediately after infiltration, GHOST ARMY encrypts most stored files and prepends filenames with "Lock." (for instance, "sample.jpg" is renamed to "Lock.sample.jpg"). From this point, all compromised files become unusable. As well as encrypting files, GHOST ARMY changes the desktop wallpaper.

What is Adobe Flash Player Was Not Found?

"Adobe Flash Player Was Not Found" is a fake error message displayed by a malicious website. Research shows that users often visit this website inadvertently - they are redirected by various potentially unwanted programs (PUPs) that infiltrate systems without permission.

As well as causing redirects, PUPs deliver various intrusive advertisements (coupons, banners, pop-ups, etc.), gather various sensitive data, and might also misuse system resources.

What is Facebook?

Facebook Virus is a generic name for all Facebook social network-related viruses. The list of Facebook-related malware is rather long. These viruses are typically proliferated via Facebook messenger - criminals hijack random user accounts and proliferate viruses via private messages. Note that the behavior of these viruses is not identical.

What is MoneroPay?

Discovered by MalwareHunterTeam, MoneroPay is ransomware-type malware that, once infiltrated, encrypts most stored data. It also adds the ".encrypted" extension to the name of each file.

From this point, files become unusable. Immediately after encryption, MoneroPay opens two different windows: 1) a tool that supposedly allows users to log in to SpriteCoin's [cryptocurrency that does not even exist] wallet, and; 2) a ransom demand message.