Virus and Spyware Removal Guides, uninstall instructions

What is onclickclear.com?

onclickclear.com is a rogue website (very similar or even identical to offerzone.click, igkxr.biz, flurryad.com, etc.) designed to cause redirects to various other dubious/untrustworthy sites. If you arrived at onclickclear.com unexpectedly, you were probably redirected to it by potentially unwanted applications (PUAs) or via a clicked intrusive ad.

In most cases, PUAs are installed inadvertently, cause redirects to potentially malicious websites, gather data, and deliver intrusive advertisements.

What is Locky Imposter?

First discovered by malware security researcher, dao ming si, Locky Imposter (also known as "PyLocky") is a ransom-type virus that imitates another high-risk ransomware infection called Locky. 

After stealthily infiltrating the system, Locky Imposter encrypts data using the RSA and AES encryption algorithms, creates a copy of each file, and then appends filenames with the ".locky" extension (e.g., "sample.jpg" is renamed to "sample.jpg.locky").

Updated variants of this ransomware use ".lockedfile" and ".lockymap" extensions for encrypted files. Ultimately, there are two copies of each existing file (one with the original name and extension, and another with the ".locky" extension), both are encrypted and unusable.

Once data is encrypted, Locky Imposter generates a text file (named "LOCKY-README.TXT") and places a copy in every existing folder.

What is Instagram2go?

Instagram2go is a deceptive application that claims to allow use of the Instagram social network directly from the desktop. This functionality may seem legitimate and useful, however, this app is likely to infiltrate systems without permission.

Furthermore, it delivers intrusive advertisements and potentially gathers sensitive information. For these reasons, Instagram2go is categorized as a potentially unwanted application (PUA) and adware.

What is Client Requirements Email Virus?

"Client Requirements Email Virus" is another spam email campaign similar to Order Confirmation Email Virus, BID PURCHASE DOCUMENT Email Virus, and many others. Cyber criminals use this campaign to proliferate high-risk malware called LokiBot. As usual, criminals send thousands of deceptive emails that are delivered with malicious attachments.

What is Super Clean Pro 2018?

Super Clean Pro 2018 is a dubious application that developers present as high-end system optimization/cleaning software. Judging on appearance alone, Super Clean Pro 2018 may seem legitimate and useful, however, developers promote this app using a deceptive marketing method called "bundling".

Therefore, Super Clean Pro 2018 is categorized as a potentially unwanted application (also known as PUA).

What kind of scam is "PEGASUS SPYWARE ACTIVATED"?

Displayed by a deceptive website, "PEGASUS SPYWARE ACTIVATED" is a fake error similar to "Immediately Call Apple Support", "APPLE SECURITY BREACH", "AppleCare And Warranty", and many others. Users often visit this website inadvertently - they are redirected by various potentially unwanted programs (PUPs).

In most cases, PUPs infiltrate systems without users’ permission. In addition to causing redirects, PUPs deliver intrusive ads, gather sensitive data, and run various unnecessary processes.

What is Cassetto?

Cassetto is a ransomware-type virus discovered by MalwareHunterTeam. Immediately after infiltration, Cassetto encrypts most stored files and appends filenames with the ".cassetto" extension. For instance, "sample.jpg" is renamed to "sample.jpg.cassetto".

Once encrypted, files immediately become unusable. Following successful encryption, Cassetto generates a text file ("IMPORTANT ABOUT DECRYPT.txt"), placing a copy in each existing folder.

What is Cortana.exe?

Cortana.exe is a cryptocurrency-mining trojan that stealthily infiltrates the system and utilizes resources (specifically, CPU) to mine Monero cryptocurrency. Note that Cortana.exe is actually a renamed executable of XMRIG, a legitimate cryptocurrency-mining tool. Since Cortana.exe is used to mine cryptocurrency without users' consent, however, it is categorized as a virus.

What is Trojan.gen.npe.2?

Trojan.gen.npe.2 is a generic name for specific malware. It is malicious and poses a significant threat to computer safety. In the past, Symantec anti-virus suite treated legitimate (clean) files as Trojan.gen.npe.2 malware. This type detection is called a 'false positive'.

What is Found 4 Virus?

"Found 4 Virus" is a fake error similar to VIRUS ALERT FROM MICROSOFT, Critical System Error: x679Qs5m, and many others.

The error is displayed by various websites that users often visit inadvertently - they are redirected by potentially unwanted applications (PUAs) or intrusive advertisements delivered by other rogue sites. Research shows that, in most cases, PUAs infiltrate systems without users’ permission, deliver intrusive intrusive ads, and gather sensitive information.