Virus and Spyware Removal Guides, uninstall instructions

What is "HR (Human Resources)" scam email?

Our team analyzed this email letter and found that it is a scam email written by scammers who aim to trick recipients into providing sensitive information. Emails of this type are called phishing emails. Scammers behind this particular email aim to lure recipients into opening the provided link and entering the requested info on the opened page.

What is FractionElement?

FractionElement is a piece of rogue software that our researchers found while inspecting new submissions to VirusTotal. After analyzing this application, we determined that it operates as advertising-supported software (adware) and belongs to the AdLoad malware family.

What kind of application is Secure Search Pro?

Our team examined the Secure Search Pro browser extension and learned that it is a browser hijacker. This app changes the settings of a web browser to promote securesearch.pro - a fake search engine. We discovered Secure Search Pro while inspecting shady web pages. Most browser hijackers are promoted and distributed using deceptive methods.

What kind of page is dolty[.]click?

While examining dolty[.]click, we learned that it runs the "McAfee - Your PC is infected with 5 viruses!" scam to trick visitors into purchasing an antivirus software subscription. Also, it wants to deliver notifications.

Usually, pages like dolty[.]click are promoted using shady methods. We discovered dolty[.]click while inspecting pages that use rogue advertising networks.

What is Lumino_Ransom ransomware?

Our research team found the Lumino_Ransom ransomware while inspecting new malware submissions to VirusTotal. After we executed a sample of this ransomware on our test system, it encrypted files and appended their filenames with a ".lumino_locked" extension. To elaborate, a file initially titled "1.jpg" appeared as "1.jpg.lumino_locked", "2.png" as "2.png.lumino_locked", etc.

Additionally, Lumino_Ransom created four hundred empty files on the desktop, which were named sequentially from "Lumine1" to "Lumine400". Following the completion of the encryption process, this ransomware opened a ransom note wherein the text appeared gradually. The message was presented both in English and French.

What kind of malware is Eu?

Eu is the name of ransomware that our team discovered while examining malware samples submitted to the VirusTotal page. Ransomware is a form of malware that encrypts files. Typically, it renames files and provides a ransom note as well. Eu appends ".eu" extension to filenames, changes the desktop wallpaper, and drops a ransom note on the desktop (the "read_instruction.txt" file).

An example of how files encrypted by Eu ransomware are renamed: "1.jpg" is changed to "1.jpg.eu", "2.png" to "2.png.eu", and so forth.

What kind of page is morcun[.]click?

Our team analyzed the morcun[.]click and found that it runs the "McAfee - Your PC is infected with 5 viruses!" scam. We discovered this page while inspecting other pages that use rogue advertising networks. We also found that morcun[.]click wants to show notifications. This page cannot be trusted.

What is Multiple Account?

Multiple Account is the name of a rogue browser extension promoted as a tool that can save and import Internet cookies from other accounts. After analyzing this piece of software, we determined that it operates as adware.

What kind of malware is Rs-jon?

Rs-jon is ransomware that makes files inaccessible by encrypting them. Also, it appends the ".rjson" extension to the filenames of the encrypted files, changes the desktop wallpaper, and drops the "READ_ME_PLZ.txt" file containing a short ransom note. Our malware researchers discovered Rs-jon while inspecting samples submitted to VirusTotal.

An example of how files encrypted by Rs-jon are renamed: "1.jpg" is renamed to "1.jpg.rsjon", "2.png" to "2.png.rsjon", "3.exe" to "3.exe.rsjon", and so forth.

What kind of page is yourhypejournal[.]com?

Our researchers discovered yourhypejournal[.]com rogue webpage during a routine inspection of untrustworthy sites. This page is designed to trick visitors into allowing it to deliver browser notification spam. Most users enter webpages like yourhypejournal[.]com through redirects caused by websites using rogue advertising networks.