Virus and Spyware Removal Guides, uninstall instructions

What kind of page is saveprivatedata[.]com?

While inspecting dubious websites, we discovered the saveprivatedata[.]com rogue page. It is designed to promote scams, push spam browser notifications, and redirect visitors to different (likely untrustworthy/malicious) sites. Users typically enter such webpages via redirects caused by sites using rogue advertising networks.

What is PerfectConverters?

PerfectConverters is the name of a rogue browser extension. After analyzing this piece of software, we determined that it operates as a browser hijacker promoting the perfectconverters.com fake search engine.

What kind of page is swooflia[.]xyz?

While inspecting untrustworthy sites, our research team discovered the swooflia[.]xyz rogue page. It operates by endorsing deceptive content, promoting browser notification spam, and redirecting visitors to other (likely unreliable/malicious) websites.

Webpages of this kind are typically accessed inadvertently; most enter them via redirects caused by sites using rogue advertising networks.

What is Avira Antivirus email scam?

We have inspected this email and concluded that it is a fake email from Avira (a legitimate computer software company). Scammers behind it attempt to trick recipients into believing that their computers are infected. Their goal is to trick them into opening a deceptive website and following the provided instructions.

What kind of malware is PARKER?

PARKER is the name of a ransomware variant that our malware researchers have found while analyzing malware samples submitted to VirusTotal. We learned that PARKER encrypts files and appends ".PARKER" extension to filenames. Also, it creates the "RESTORE_FILES_INFO.txt" file, which contains a ransom note.

An example of how PARKER renames files: it changes "1.jpg" to "1.jpg.PARKER", "2.png" to "2.png.PARKER", "3.exe" to "3.exe.PARKER", and so forth.

What is Healthiness adware?

Healthiness is a piece of rogue software that our research team discovered while inspecting dubious download webpages. After analyzing this app, we determined that it operates as advertising-supported software (adware) and that is nearly identical to Bloom adware.

What kind of page is tooklichair[.]com?

The purpose of tooklichair[.]com is to trick visitors into allowing it to show notifications and redirect to other pages of this kind. Our team has discovered tooklichair[.]com while analyzing various websites that use rogue advertising networks. It is uncommon for pages like this one to be visited on purpose.

What is FantaroX ransomware?

Discovered by MalwareHunterTeam, FantaroX is a malicious program based on the Chaos ransomware. It is designed to encrypt data and demand payment for the decryption.

We obtained a sample of FantaroX from VirusTotal and launched it onto our test machine. After that, it began encrypting files and appended their filenames with a ".FantaroX" extension. For example, a file initially titled "1.jpg" appeared as "1.jpg.FantaroX", "2.png" as "2.png.FantaroX", etc.

Once this process was completed, this ransomware changed the desktop wallpaper and dropped a ransom note - "read_it.txt" - onto the desktop. The text presented in this file was in Hungarian.

What kind of malware is Huis_bn?

Huis_bn is ransomware that belongs to the Xorist ransomware family. Our malware researchers have discovered Huis_bn while checking the VirusTotal page for recently submitted malware samples. It was found that Huis_bn encrypts files and appends ".huis_bn" as their new extension.

Also, this ransomware displays a pop-up window and creates the "КАК РАСШИФРОВАТЬ ФАЙЛЫ.txt" file. They contain a ransom note. An example of how Huis_bn modifies filenames: it renames "1.jpg" to "1.jpg.huis_bn", "2.png" to "2.png.huis_bn", and so on.

What is Jhgn ransomware?

Jhgn is a piece of malicious software classified as ransomware. Our researchers discovered this program while inspecting new submissions to VirusTotal. We learned that Jhgn is part of the Djvu ransomware family.

Once launched onto our test system, this ransomware began encrypting files and appended their filenames with a ".jhgn" extension. For example, a file originally titled "1.jpg" appeared as "1.jpg.jhgn", "2.png" as "2.png.jhgn", etc. Following the completion of this process, Jhgn created a ransom-demanding message named "_readme.txt".