Virus and Spyware Removal Guides, uninstall instructions

What is Sality Trojan?

Sality is an old family of various malware. Although it originates from 2003, it is relevant today, since developers continually update these viruses and add new features.

They are proliferated in various ways, but mostly by cyber criminals employing spam email campaigns. They send thousands of deceptive emails encouraging users to open malicious attachments that stealthily infect the system.

What is KEYPASS?

KEYPASS is a high-risk ransomware-type virus that stealthily infiltrates the system and encrypts most stored data. We suspect this malware to be an updated variant of another ransomware infection called STOP. During encryption, KEYPASS appends filenames with the ".KEYPASS" extension (e.g., "sample.jpg" is renamed to "sample.jpg.KEYPASS").

Once encrypted, data immediately becomes unusable. Following successful encryption, KEYPASS generates a text file ("!!!KEYPASS_DECRYPTION_INFO!!!.txt") and places a copy in every existing folder.

What is Princess?

Princess is a ransomware-type virus that encrypts most data stored on the infiltrated computer. During encryption, Princess appends the names of compromised files with random extensions.

This is quite uncommon, since most of ransomware appends a specific extension (for example, ".locked") or renames files using various patterns (e.g., "[5_random_characters]_[12_random_digits]_[unique_ID].[certain_extension]"). Note that updated variant of this ransomware is named "Princes Evolution".

Following successful encryption, Princess creates two files ("!_HOW_TO_RESTORE_[extension].TXT" and "!_HOW_TO_RESTORE_[extension].html") informing victims of the encryption (newer variants use =_HOW_TO_FIX_[victim's ID].txt and @_USE_TO_FIX_[unique_ID].txt names for the ransom demanding messages), and places them in each folder containing encrypted files.

Note that updated variants of this ransomware add ".*id*" extension to encrypted files. The ransom demanding message in the newer variants of this ransomware is presented in _USE_TO_REPAIR_[victim’s ID].html file.

What is geniustrainer.net?

Virtually identical to daypush.com, 1bcde.com, best2018games.com, and many others, geniustrainer.net is a rogue website that redirects visitors to other untrustworthy sites. Users do not generally visit geniustrainer.net intentionally - they are redirected to it by potentially unwanted programs (PUPs).

Typically, PUPs are installed inadvertently, cause unwanted redirects, deliver intrusive advertisements, misuse system resources, and gather information.

What is umprow.com ?

umprow.com is a rogue website designed to redirect visitors to other dubious/untrustworthy sites.

There are many websites of this type available (such as hibids10.com, click-view-and-buy.com, audienceline.com, etc.) and are usually visited unintentionally - users are redirected to them by potentially unwanted programs (PUPs) that are installed inadvertently. PUPs deliver intrusive advertisements, trigger various background tasks, and collect data.

What is push4check.com?

push4check.com is a rogue website similar to many others of this type (1bcde.com, ilowcost.ru, audienceline.com, etc.) that redirect users to untrustworthy sites.

Most users visit push4check.com inadvertently - they are redirected by installed potentially unwanted programs (PUPs). These programs are installed without consent and are designed to cause unwanted redirects, misuse system resources, deliver advertisements, and collect user information.

What is letsupdateourdomain.com?

letsupdateourdomain.com is a rogue website virtually identical to 1bcde.com, hibids10.com, ilowcost.ru, and many others. These sites redirect visitors to other dubious/untrustworthy websites. As a rule, most visitors do not visit letsupdateourdomain.com willingly - potentially unwanted programs (PUPs) cause redirects to it.

PUPs often are installed without users' consent (or inadvertently) and cause unwanted redirects, deliver intrusive ads, and misuse computer resources.

What is join.pro-gaming-world.com?

join.pro-gaming-world.com is one of many rogue websites (similar to daypush.com, check2push.com, best2018games.com, etc.) This site causes redirects to other untrustworthy websites.

In most cases, users arrive at join.pro-gaming-world.com unintentionally - they are redirected by potentially unwanted programs (PUPs) that are also installed inadvertently. PUPs cause these redirects, deliver intrusive ads, misuse system resources, and collect information.

What is Discord Trojan?

Discord is a legitimate Voice over Internet Protocol (VoIP) application that targets gaming communities. It provides users with text, video, and audio communications. Cyber criminals proliferate a trojan by presenting it as a Discord hacking tool. Therefore, dishonest users who want to steal other people's accounts can end up infecting their own systems.

What is JPMorgan Chase Email Virus?

"JPMorgan Chase Email Virus" is a spam email campaign identical to Bank of America Email Virus and Wells Fargo Email Virus. This campaign is used to proliferate trojan-type malware called Emotet.

As with the aforementioned spam campaigns, "JPMorgan Chase Email Virus" emails contain a message stating that a transaction is complete and encourages users to read the attached Microsoft Word document (.doc) for detailed information. This is a scam - the opened file immediately downloads and installs Emotet on the system.