Virus and Spyware Removal Guides, uninstall instructions

What kind of page is captchafair[.]top?

Our team has examined captchafair[.]top and learned that this site shows a deceptive message to trick visitors into allowing it to show notifications. Also, captchafair[.]top redirects visitors to other untrustworthy web pages. We have discovered captchafair[.]top while inspecting sites that use shady advertising networks.

What is "Your Windows OS Is Damaged"?

While inspecting websites that use rogue advertising networks, our research team discovered a page promoting the "Your Windows OS Is Damaged" scam. It is a technical support scam presented as a system warning from Windows claiming that the visitor's operating system has been damaged due to virus infections.

It must be emphasized that all these claims are false, and by calling the provided numbers - users will engage with the scammers and potentially fall for their scam.

What kind of malware is D0n?

While examining malware samples submitted to VirusTotal, we discovered a Dharma ransomware variant dubbed D0n. This ransomware encrypts files and appends the victim's ID, dong@techmail.info email address, and ".d0n" extension to their filenames. Also, it drops the "info.txt" file and shows a pop-up window containing ransom notes.

An example of how D0n renames files: it changes "1.jpg" to "1.jpg.id-9ECFA84E.[dong@techmail.info].d0n", "2.png" to "2.png.id-9ECFA84E.[dong@techmail.info].d0n", and so forth.

What kind of malware is Bpsm?

Bpsm is ransomware (file-encrypting malware). Our team discovered Bpsm while checking the VirusTotal site for recently submitted malware samples. We found that Bpsm belongs to the Djvu ransomware family, which means it is likely that it is distributed alongside RedLine, Vidar, or other information stealers.

This variant appends the ".bpsm" extension to filenames. Also, it drops the "_readme.txt" file (a ransom note). An example of how Bpsm modifies filenames: it renames "1.jpg" to "1.jpg.bpsm", "2.png" to "2.png.bpsm", and so forth.

What is searchesmia.com?

While inspecting searchesmia.com, our team found that it redirects users to fake search engines. Our team discovered searchesmia.com while testing rogue browser extensions. These are the main two reasons why searchesmia.com cannot be trusted.

What kind of page is allnicespot[.]com?

Our team has analyzed allnicespot[.]com and determined that this page displays deceptive content to lure visitors into agreeing to receive notifications and redirects to other pages. We have discovered allnicespot[.]com while browsing sites that use shady advertising networks. It is very uncommon for pages like allnicespot[.]com to be visited willingly.

What kind of page is mywebsecurityguard[.]site?

While investigating mywebsecurityguard[.]site web page, we found that it shows a fake virus warnings and other deceptive content to trick visitors into believing that their computers are infected. We determined that mywebsecurityguard[.]site runs the "Norton Security - Your PC Might Be Infected With Viruses!" scam.

What kind of application is National Parks Tab?

While testing the National Parks Tab browser extension, we found that it hijacks a web browser by changing its settings. Typically, users download and add browser hijackers to browsers unknowingly. Most apps of this type promote fake (or untrustworthy) search engines.

What kind of website is cophypserous[.]com?

While analyzing cophypserous[.]com, we found that it is an untrustworthy web page that shows a deceptive message to lure visitors into allowing it to show notifications. Our team discovered cophypserous[.]com while inspecting websites that use shady advertising networks.

What kind of malware is Monaki?

While inspecting malware samples submitted to the VirusTotal page, our team discovered a ransomware variant called Monaki. This ransomware encrypts files and prepends "Lock." to their filenames. Also, Monaki changes the desktop wallpaper to an image with a ransom note.

An example of how Monaki renames files: it changes "1.jpg" to "Lock.1.jpg", "2.png" to "Lock.2.png", and so forth.