Virus and Spyware Removal Guides, uninstall instructions

What kind of page is news-nuriga[.]com?

News-nuriga[.]com is a rogue page found by our research team during a routine inspection of dubious websites. After investigating this webpage, we determined that it promotes spam browser notifications and redirects users to different (likely untrustworthy/harmful) sites.

Visitors to news-nuriga[.]com and similar pages access them primarily via redirects generated by websites using rogue advertising networks.

What kind of page is mykneads24[.]com?

Upon inspection, we learned that the mykneads24[.]com rogue webpage promotes browser notification spam and redirects visitors to different (likely dubious/malicious) sites.

Most users access pages like mykneads24[.]com through redirects caused by websites that employ rogue advertising networks. Our researchers discovered this page via a redirect generated by a website utilizing said networks.

What kind of malware is Trial_recovery?

While investigating submissions to VirusTotal, our researchers discovered a ransomware identical to Available_for_trial named Trial_recovery. Malware within this class is designed to encrypt data and demand ransoms for its decryption.

Trial_recovery also renames the files it locks following the "trial-recovery.[random_string].[random_string].-encrypted" pattern. For example, on our test machine, a file titled "1.jpg" became "trial-recovery.084k0ij61jeb49pxqd.639xzbe.-encrypted".

After the encryption process is completed, the Trial_recovery ransomware drops a ransom-demanding message in a text file titled "how_to_decrypt.txt".

What kind of extension is JsTimer?

JsTimer is presented as a simple timer extension for Chrome browsers. However, we found that it is distributed alongside other dubious extensions and apps. Also, it can read certain information. Therefore, we classified JsTimer as an unwanted extension. If this or any associated extension (like Funny Tool) is already present, users should remove it.

What kind of page is mumpings[.]com?

Our researchers discovered the mumpings[.]com rogue page while investigating dubious websites. After examining this webpage, we determined that it operates by promoting browser notification spam and generating redirects to other (likely unreliable/dangerous) sites.

Most users enter mumpings[.]com and similar pages via redirects caused by websites that employ rogue advertising networks.

What kind of page is mnadsnetwork[.]com?

Mnadsnetwork[.]com is a rogue page discovered by our researchers during a routine investigation of dubious websites. Upon investigation, we learned that it endorses spam browser notifications and redirects users to other (likely untrustworthy/hazardous) sites.

Most visitors to mnadsnetwork[.]com and webpages of this ilk enter them via redirects generated by websites using rogue advertising networks. Alternatively, these pages can be accessed through intrusive ads, spam notifications, mistyped URLs, and installed adware.

What kind of extension is QuickSearch?

During our inspection of QuickSearch, we found that this extension functions as a browser hijacker. Its purpose is to promote a fake search engine by modifying the settings of a hijacked browser. Users should avoid adding QuickSearch to browsers and remove it if it is already present.

What kind of malware is XiN?

Our researchers found the XiN ransomware-type program while reviewing new submissions to the VirusTotal site. It belongs to the Xorist ransomware family. Malware of this kind encrypts data and demands payment for the decryption.

On our test machine, XiN encrypted files and appended their filenames with a ".XiN" extension. For example, a file originally titled "1.jpg" appeared as "1.jpg.XiN", "2.png" as "2.png.XiN", and so on. After this process concluded, the ransomware created ransom notes in a pop-up window and a text file named "HOW TO DECRYPT FILES.txt".

What kind of page is myitmads[.]org?

While examining myitmads[.]org, we found that it employs a technique known as clickbait. The site is created to trick visitors into agreeing to receive its notifications. Users should not accept notifications from myitmads[.]org and similar websites because it could lead to privacy and security issues.

What kind of application is RairApp?

While inspecting untrustworthy websites, our researchers discovered the RairApp PUA (Potentially Unwanted Application). Software within this classification is often distributed using dubious techniques and tends to have harmful capabilities. What is more, unwanted apps may infiltrate systems in bundles (i.e., multiples).