Virus and Spyware Removal Guides, uninstall instructions

What is Smart Mac Care?

Smart Mac Care is a rogue application identical to Mac Tonic, Advanced My Cleaner, Mac Mechanic, and many others.

By offering system optimization/cleaning functionality, Smart Mac Care attempts to give the impression of legitimacy, however, this application is categorized as a potentially unwanted application (PUA). Smart Mac Care is likely to infiltrate systems without users’ permission and gives no real value for regular users.

What kind of malware is Matrix?

Matrix is a ransomware-type virus that encrypts various data stored on victims' computers. Despite this threat, Matrix has some flaws - it does not encrypt all files. Therefore, we assume that Matrix ransomware is still in development.

This malware appends: ".FDFK", ".TGMN", ".ABAT", ".DECP", ".YDHM", ".MDRL", ".[Kromber@tutanota.com]", ".QH24", ".NGSC", ".SDEN", ".MDEN", ".SCR", ".SBLOCK", ".GBLOCK", ".PEDANT", ".PLANT", ".CHRB", ".GMBN", ".SPCT", ".GRHAN", ".PRCP", ".FASTA", ".GMPF", ".THDA", ".NOBAD", ".GMAN", ".EMAN", ".CHE08", ".ITLOCK", ".KOK08", ".FASTBOB", ".NEWRAR", ".KOK8", ".CORE", ".ANN", ".[RestorFile@tutanota.com]", "_[LINERSMIK@NAVER.COM][JINNYG@TUTANOTA", ".matrix", ".b10cked", ".AG88G", ".TMS5", ".[MarkEvans333@criptext.com].[random-string].MKES", ".EG83", ".AL8P". ".BNFD", ".AL8G", ".DECC", ".MH24", ".TG33" or ".[RestoreFile@qq.com].MTXLOCK" extensions to the name of every encrypted file.

For instance, "sample.jpg" is renamed to "sample.jpg.matrix". Following successful encryption, Matrix creates a text file "matrix-readme.rtf" (newer variants create "#What_Wrong_With_Files#.rtf", "!ReadMe_To_Decrypt_Files!.rtf", "#_#WhatWrongWithMyFiles#_#.rtf", "Readme-Matrix.rtf", "WhatHappenedWithMyFiles.rtf", or "WhatHappenedWithFiles.rtf") and places it in every folder. The file contains a ransom demand message.

What is CryptoConsole?

Discovered by security researcher xXToffeeXx, CryptoConsole is a ransomware-type virus that impersonates Purge (Globe) malware.

Be aware, however, that CryptoConsole only mimics file encryption - the virus simply renames files using the "unCrypte/decipher_ne@outlook.com_[NAME_OF_FILE]" pattern. An HTA file ("How decrypt files.hta") is then created containing a ransom demand message.

What is datsadstrack.com?

datsadstrack.com is a rogue website virtually identical to ecoencomputer.com, comproliverton.pro, rakbler.ru, and many others of this type.

Most users visit datsadstrack.com inadvertently - they are redirected to it by potentially unwanted programs (PUPs) that are usually installed without users' knowledge/inadvertently. PUPs such as this cause redirects to various other untrustworthy websites, collect data, deploy intrusive advertisements, and affect computer performance.

What is eazydevlin.xyz?

Identical to fastcanary.com, beteim.com, ecoencomputer.com, and many others, eazydevlin.xyz is a rogue website that redirects visitors to other untrustworthy sites. As a rule, these redirects are caused by potentially unwanted programs (PUPs) that are installed without users' consent. PUPs deliver intrusive ads, record information, and misuse computer resources.

What is trkerrr.net?

trkerrr.net is identical to other rogue websites on the Internet (such as thepopularlinks.com, ecoencomputer.com, comproliverton.pro, and many more) that redirect users to further untrustworthy sites. Most users are redirected to trkerrr.net by potentially unwanted programs (PUPs) that cause these redirects.

PUPs are generally installed without users' consent, deliver various intrusive ads, collect information, and affect computer performance.

What is fixnnetwork.com?

fixnnetwork.com is another rogue website that is identical to rakbler.ru, browsersecurely.com, mobile-feednews.com, and many others. The website causes redirects to other untrustworthy sites. In most cases, users do not visit fixnnetwork.com willingly - they are redirected to it by potentially unwanted programs (PUPs).

These usually infiltrate systems without users' consent, cause redirects to fixnnetwork.com, deploy intrusive ads, gather information, and run various background tasks.

What is autoage-verify.com?

Identical to beteim.com, ecoencomputer.com, buzz-track.com (and many others), autoage-verify.com is a rogue website designed to redirect its visitors to other untrustworthy websites.

In most cases, users visit autoage-verify.com inadvertently - potentially unwanted programs (PUPs) cause these redirects. PUPs are often installed without users' permission or knowledge and cause unwanted redirects, gather user-system information, deploy intrusive/unwanted ads, and misuse computer resources.

What is ecoencomputer.com?

ecoencomputer.com is a rogue website identical to buzz-track.com, linkingoutnow.online, beteim.com and many other websites of this type.

They redirect users to various other untrustworthy websites. Users often visit sites such as ecoencomputer.com (and other identical sites) inadvertently - they are redirected by Potentially Unwanted Programs (PUPs) that infiltrate systems without consent, cause unwanted redirects, gather information, display intrusive ads, and misuse computer resources.

What is AZORult?

AZORult is high-risk trojan-type virus designed to gather various sensitive information. Research shows that cyber criminals proliferate this malware using spam email campaigns. The emails typically contain deceptive text to trick users into opening attached files (e.g., fake job application forms delivered in the MS Office format).

Once opened, these attachments execute a number of commands that infiltrate AZORult into the system. Older versions of AZORult were distributed using Ramnit, Seamless, and other intermediary loaders.