Virus and Spyware Removal Guides, uninstall instructions

What kind of email is "United Nations Reimbursement Program"?

After examining this email, our team concluded that it is a fraudulent email that masquerades as a letter from the assistant secretary general of the United Nations. Scammers behind it attempt to lure recipients into providing sensitive information or transferring money. Thus, recipients should ignore this letter.

What kind of application is MetroToken?

During our assessment of the MetroToken application, our team observed that it exhibits intrusive ads. As a result, we classified it as adware or software that supports advertising. Adware is typically installed unintentionally by users. Our detection of MetroToken occurred while examining deceptive web pages.

What kind of application is Sports Madness?

Upon testing the Sports Madness browser extension, we learned it is a browser hijacker promoting sportmadness.info, a fake search engine. Sports Madness hijacks web browsers by changing their settings. Usually, users download and add browser-hijacking apps inadvertently.

What kind of malware is Pwpdvl?

Pwpdvl is ransomware that our team discovered while checking the VirusTotal site for recently submitted samples. Upon investigating Pwpdvl, we found that it encrypts files, appends the victim's ID and ".pwpdvl" extension to filenames, and creates a ransom note ("RESTORE_FILES_INFO.txt" file).

An example of how Pwpdvl changes filenames: it renames "1.jpg" to "1.jpg.[ID-9ECFA84E].pwpdvl", "2.png" to "2.png.[ID-9ECFA84E].pwpdvl", and so forth.

What kind of application is RichExts?

Upon analyzing the RichExts application, we have determined that it is a browser extension that is designed to take over web browsers (hijack them). The application alters the browser settings to forcefully push a fake search engine (sweetrnd.net). Furthermore, RichExts possesses the capacity to access certain data.

What kind of application is FractionCommand?

Whilst evaluating the FractionCommand application, our team observed that it displays intrusive ads. As a result, we classified FractionCommand as adware. Adware is typically distributed via questionable methods, which can result in inadvertent downloads and installations by users.

What kind of application is Cosmica?

We have examined the Cosmica application and discovered that it operates as a browser hijacker. Once added, Cosmica changes some of the settings of a web browser to search.cosmica-tab.com - a fake search engine. Neither Cosmica nor search.cosmica-tab.com is trustworthy.

What is "To Complete The Update, Install The Critical Security Update"?

Upon investigating this website, we found that it is a scam. The purpose of this site is to trick visitors into believing that they must download and install a critical security update. Downloading files from such pages can lead to unwanted installations and computer infections. Thus, it is strongly recommended to ignore messages on websites of this kind.

What kind of application is UnitinItiator?

Upon our investigation, it has been determined that UnitinItiator displays invasive advertisements, leading us to categorize it as adware. Furthermore, UnitinItiator has the potential to access sensitive data. It should be noted that adware is seldom intentionally downloaded and installed by users.

What kind of malware is Boty?

While analyzing malware samples submitted to VirusTotal, we stumbled upon Boty, a type of ransomware from the Djvu family. This ransomware encrypts files and alters their original filenames by adding the ".boty" extension. In addition, it creates a ransom note in the form of a text file named "_readme.txt".

An example of Boty renames encrypted files: it changes "1.jpg" to "1.jpg.boty", "2.png" to "2.png.boty", and so on. It is important to note that Boty may be distributed alongside other malware (information stealers) like Vidar and RedLine.