Virus and Spyware Removal Guides, uninstall instructions

What is NativeDesktopMediaService?

Developed by Jetmedia, NativeDesktopMediaService is a rogue application that infiltrates systems without users’ permission. This potentially unwanted application (PUA) is designed gather various information from users. Furthermore, it continually connects to remote websites to send recorded data and receive additional commands to execute.

What is clksite.com?

clksite.com is a deceptive website designed to redirect users to a variety of other rogue sites. It is virtually identical to dentially.info, cobalten.com, bestadbid.com, and many others. Most visitors visit clksite.com inadvertently - they are redirected by various potentially unwanted programs (PUPs) or intrusive advertisements delivered by other rogue sites.

Research shows that potentially unwanted programs typically infiltrate systems without permission. As well as causing redirects, PUPs deliver intrusive advertisements and record user-system information relating to web browsing habits.

What is LanRan?

LanRan is a ransomware-type virus based on an open-source ransomware project called Hidden Tear. It is designed to infiltrate the system and encrypt most stored files (thereby making them unusable) using the AES encryption algorithm.

In addition, LanRan adds the ".LanRan2.0.5" appendix to the name of each compromised file (e.g., "sample.jpg" is renamed to "sample.jpg.LanRan2.0.5"). After LanRan finishes encrypting data, it changes the desktop wallpaper and creates a text file ("@___README___@.txt"), placing a copy in every existing folder.

What is "FEDERAL BUREAU OF INVESTIGATION - Your PC Is Blocked"?

First discovered by MalwareHunterTeam, "FEDERAL BUREAU OF INVESTIGATION - Your PC Is Blocked" is a scam message displayed by a screen-locking virus.

 The message essentially states that the user has violated certain laws and must pay a "fine", otherwise arrest will follow. Be aware, however, this is a scam - cyber criminals generate revenue by abusing users' credulity.

What is FAssistant?

Developers present FAssistant as a great tool to restrict access to various files/folders by adding password protection. Judging on appearance alone, FAssistant may seem legitimate and useful, however, this software is categorized as a potentially unwanted program (PUP) and adware.

There are three main reasons for these negative associations: 1) stealth installation without consent; 2) display of intrusive advertisements, and; 3) tracking of Internet browsing activity.

What is Electronic Intuit Email Virus?

"Electronic Intuit Email Virus" is an email spam campaign used to distribute the Zeus Panda (and in some cases, TrickBot) trojan. 

Cyber criminals send thousands of deceptive emails stating that recipients must pay a type of bill/invoice. These emails are also delivered with an attached MS Office document, which is presented as the bills/invoices. Be aware, however, that these attachments are malicious - once opened, they stealthily inject the system with the Zeus Panda or TrickBot trojan.

What is Apple Warning Alert?

"Apple Warning Alert" is a fake error messaged displayed by a malicious website to which users are redirected by various potentially unwanted programs (PUPs). These programs are known to infiltrate systems without consent. In addition, they continually record user-system information relating to web browsing activity and deliver intrusive online advertisements.

What kind of malware is SHRUG?

Discovered by MalwareHunterTeam, SHRUG is a ransomware-type virus that stealthily infiltrates the system and encrypts most stored data.

In doing so, this malware appends filenames with the ".SHRUG" extension (e.g., "sample.jpg" is renamed to "sample.jpg.SHRUG"). Encrypted data immediately becomes unusable. Following successful encryption, SHRUG opens a pop-up window with a ransom-demand message.

What is search.hclassifiedlist.net?

Search.hclassifiedlist.net is a fake search engine that gets installed thought the app called Classified List. Classified List offers users not only to use their supposedly enhanced browser engine with improved search results, but to access online classifieds such as Craiglist, Classified Ads Close 5 ads and Super Ads in a single click.

What is DATASTOP?

Discovered by Michael Gillespie, DATASTOP is an updated version of high-risk ransomware called STOP. It is designed to infiltrate the system and encrypt most stored files using RSA-1024 encryption. Compromised data immediately becomes unusable.

During encryption, DATASTOP appends filenames with the ".DATASTOP" extension (e.g., "sample.jpg" is renamed to "sample.jpg.DATASTOP"). Once encryption is complete, DATASTOP generates a text file ("!!!DATA_RESTORE!!!.txt"), placing a copy in every existing folder.