Virus and Spyware Removal Guides, uninstall instructions

What is kind of application is Energy?

Energy is a rogue application that our researchers discovered while inspecting highly dubious download webpages. After analyzing it, we discovered that Energy operates as advertising-supported software (adware). We also found that this app is practically identical to Healthiness adware.

What kind of malware is Decryption#1222?

Decryption#1222 is ransomware that encrypts files and appends ".n53yb34tbb2" extension to filenames. It also creates the "HOW TO DEYCRYPT.txt" text file, a ransom note containing contact and payment information. We have discovered Decryption#1222 ransomware while checking the VirusTotal page for recently submitted malware samples.

An example of how files encrypted by Decryption#1222 are renamed: "1.jpg" is renamed to "1.jpg.n53yb34tbb2", "2.png" is renamed to "2.png.n53yb34tbb2", and so forth.

What kind of website is check-pcsecurity[.]com?

Check-pcsecurity[.]com is an untrustworthy website running the "McAfee - Your PC is infected with 5 viruses!" scam. It is designed to trick visitors into believing that their computers are infected. Also, this site asks for permission to show notifications and may redirect to other shady pages.

What kind of malware is ONYX?

ONYX is ransomware based on another ransomware called CONTI. It encrypts files and appends a randomly generated extension to filenames. Moreover, it deletes files larger than 200 megabytes in size and replaces them with random files. Like most ransomware variants, ONYX also creates a ransom note.

It generates the "readme.txt" file. An example of how ONYX modifies filenames: it renames "1.jpg" to "1.jpg.ampkcz", "2.png" to "2.png.ampkcz", and so forth.

What kind of scam is "Your Viber application is not updated!"?

It is a fake Viber warning displayed by a deceptive website. We have discovered this site while inspecting notifications displayed by other pages of this kind. Usually, the purpose of such scams is to trick visitors into downloading some software and (or) providing personal information.

What is Play No Ads adware?

While inspecting suspicious download webpages, our researchers discovered the Play No Ads browser extension. According to its promotional material, this piece of software promises to block advertisements displayed on YouTube videos. However, after analyzing Play No Ads, we determined that it operates as adware instead.

What kind of page is news-relimo[.]cc?

Our researchers discovered the news-relimo[.]cc rogue webpage while inspecting untrustworthy sites. It is designed to push browser notification spam and cause redirects to different (likely unreliable/malicious) websites. Most users access pages like news-relimo[.]cc via others that use rogue advertising networks.

What kind of page is totalwownews[.]com?

During a routine inspection of untrustworthy websites, our research team found the totalwownews[.]com page. This rogue site promotes spam browser notifications and redirects users to other (likely untrustworthy or malicious) webpages.

Visitors to websites like totalwownews[.]com typically access them via redirects caused by pages using rogue advertising networks.

What is BestSportSearch?

After analyzing the BestSportSearch browser extension, our researchers determined that it is a browser hijacker. This piece of software makes alterations to browser settings in order to promote the bestsportsearch.com fake search engine.

What is GonnaCope?

Recently, a new ransomware called GonnaCope was discovered by Petrovic. It was found that GonnaCope not only encrypts files but also deletes files and replaces them with some random files (files with the ".cope" extension). Files encrypted by GonnaCope do not have a new extension.

Also, GonnaCope ransomware generates a ransom note (the "ReadMe.txt" file) and displays another one in a cmd (Command Prompt) window.