Virus and Spyware Removal Guides, uninstall instructions

What is FastSupport?

FastSupport is a legitimate website that provides a remote computer access service using the GoToAssist toolset. Note that, although this site is legitimate, cyber criminals abuse it to generate revenue.

What is FedEx Shipment Email Virus?

"FedEx Shipment Email Virus" is a spam email campaign similar to Barclays Secured Message, Electronic Intuit, FedEx Package, and many others. This campaign is used to distribute a high-risk trojan called LokiBot. Developers send thousands of emails that contain a message stating that the user has received a FedEx package.

The email also contains an attached MS Office document, which is presented as a receipt necessary to collect the package. Be aware, however, that this attachment is malicious - it downloads and installs the LokiBot trojan.

What is User Access Suspended?

"User Access Suspended" is a fake error message displayed by various rogue sites. In most cases, users visit these sites inadvertently - they are redirected by potentially unwanted programs (PUPs) or intrusive advertisements (displayed by other websites).

Research shows that many PUPs infiltrate systems without users’ permission. As well as causing unwanted redirects, they gather sensitive information and deliver intrusive advertisements.

What is unknown-1.download?

"unknown-1.download" (and "unknown-2.download", "unknown-3.download", "unknown-4.download", and so on) is the name of an unrecognizable file that appear in Mac download folders without users' consent. These files seem suspicious, since it is unusual for any files to randomly appear on the system.

They do not necessarily pose any threat to your computer and are often downloaded by rogue websites that you may have previously visited.

What is search.pardessov.com?

search.pardessov.com is a fake search engine that supposedly enhances the browsing experience by generating improved results. Judging on appearance alone, search.pardessov.com barely differs from Google, Bing Yahoo, and other legitimate search engines.

Therefore, many users believe that search.pardessov.com is also legitimate and useful. Bear in mind, however, that developers promote this site using browser-hijacking download/installation set-ups that modify browser options without permission. Furthermore, search.pardessov.com continually gathers information relating to web browsing habits.

What kind of malware is BitCoinMiner?

BitCoinMiner is a generic name of cryptocurrency-mining viruses. On first glance, the name suggests that these viruses mine only Bitcoin cryptocurrency, however, cyber criminals also attempt to mine other cryptocurrencies, such as Monero, Ethereum, etc.

What is Yyto?

Yyto is a ransomware-type virus discovered by security researcher, xXToffeeXx. Following successful infiltration, Yyto encrypts stored data and appends names of compromised files with the "read_to_txt_file.yyto" extension (for example, "sample.jpg" is renamed to "sample.jpg.read_to_txt_file.yyto").

Once files are encrypted, Yyto creates a text file ("help_to_decrypt.txt"), placing it in each folder containing encrypted files.

Newer variants of this ransomware use ".id[victim's ID]@readme.txt.mo7n", ".adapaterson@mail.com.mkmk", ".codyprince92@mail.com.ovgm", ".albertkerr94@mail.com.m5m5" and ".colecyrus@mail.com.b007" extensions for encrypted files.

What is Dharma ransomware?

Dharma is a ransomware-type program, a type of malware designed to encrypt data and make ransom demands for the decryption. It is based on Crysis and uses asymmetric cryptography for encryption. Throughout the years, Dharma has evolved into a ransomware family that includes a multitude of versions. Since 2020 Dharma's developers have begun offering it as RaaS (Ransomware-as-a-Service), thereby making it accessible to countless threat actors.

Typically, ransomware-type programs rename encrypted files, and Dharma is not an exception. Originally, this ransomware appended files with a ".dharma" extension (e.g., "1.jpg" modified into "1.jpg.dharma", etc.). However, how the filenames are altered depends on the program's variant.

The renaming patterns include appending original titles with: a unique ID, the cyber criminals' contact information (typically, email), and an extension, or just the contact info and extension, or only an extension. For example, a file named "1.jpg" could appear as "1.jpg.id-9ECFA84E.[king2022@msgden.com].gnik", "1.jpg.[Beamsell@qq.com].bip", "1.jpg.KICK", or a myriad of other variations (list of examples).

Once the encryption is complete, Dharma creates ransom notes (filename list), and some variants also change the desktop wallpapers. The messages and wallpapers differ depending on the ransomware's version. However, since Dharma's update in 2017, it consistently creates the same pop-up window and text file titled "How to restore data.txt".

What is Advanced Top?

Advanced Top is a rogue application that infiltrates systems without users' permission (the "bundling" method). Following infiltration, Advanced Top delivers intrusive advertisements and might record various user-system information. For these reasons, this app is categorized as a potentially unwanted program (PUP) and adware.

What is Barclays Secured Message Email Virus?

Similar to Danske Bank, Electronic Intuit, ADP Invoice, and many others, "Barclays Secured Message Email Virus" is a spam email campaign used to distribute the TrickBot trojan.

The email contains text stating that the user has received a secured message and encourages them to open an attached MS Office document. Be aware, however, that this attachment is malicious - it downloads and installs a TrickBot trojan.