Virus and Spyware Removal Guides, uninstall instructions

What is Česká Pošta email scam?

It is a phishing email that scammers use to trick recipients into opening a deceptive page and providing sensitive information. This email is disguised as a letter from the Czech Post/Česká pošta (the state-owned postal company of the Czech Republic).

What kind of malware is 8zvpm?

8zvpm is ransomware that blocks access to files (encrypts files), appends a string of random characters and the ".8zvpm" extension to filenames, and creates a ransom note (the "vyS2_HOW_TO_DECRYPT.txt" file) on a desktop.

An example of how 8zvpm modifies filenames: it renames "1.jpg" to "1.jpg.O_tSScArzoT1ftfFungNbG0uAgdI1k80JVrt3Tc0-Wb_VkmIvdJgNH80.8zvpm", "file.txt" to "file.txt.O_tSScArzoT1ftfFungNbG0uAgdI1k80JVrt3Tc0-Wb_VkmIvdJgNH80.8zvpm", and so on.

What kind of software is ExpandedNet?

ExpandedNet is advertising-supported software. It generates advertisements. In addition to that, ExpandedNet changes web browser's settings to promote a fake search engine (it functions as a browser hijacker). This app is distributed using a fake Adobe Flash Player installer.

What kind of malware is Ver?

Ver is ransomware that encrypts files and appends the ".ver" extension (and the victim's ID, quacksalver@onionmail.org email address) to filenames. It also displays a pop-up window and creates the "info.txt" file containing a ransom note. This ransomware is part of the Dharma family.

For example, Ver renames a file named "1.jpg" to "1.jpg.id-9ECFA84E.[quacksalver@onionmail.org].ver", "document.txt" to "document.txt.id-9ECFA84E.[quacksalver@onionmail.org].ver", and so on.

What kind of malware is C1024?

C1024 belongs to a family of ransomware called Dharma. This variant appends the ".C1024" extension (and the victim's ID, code1024@keemail.me email address) to filenames. C1024 generates two ransom notes: it creates the "info.txt" file and displays a pop-up window.

An example of how C1024 renames files: "1.jpg" to "1.jpg.id-9ECFA84E.[code1024@keemail.me].C1024", "sample.png" to "sample.png.id-9ECFA84E.[code1024@keemail.me].C1024", and so on.

What kind of malware is Nnqp?

The purpose of Nnqp ransomware is to encrypt files and create a text file ("_readme.txt") containing a ransom note. Additionally, it appends the ".nnqp" extension to filenames. For example, it renames "1.jpg" to "1.jpg.nnqp", "document.txt" to "document.txt.nnqp", and so on. Nnqp belongs to a family of ransomware called Djvu.

What is rewardsltd[.]com?

Similar to stayprotectedsupport.com, newschecktoday.com, earnmoneycrypt.com, and countless others, rewardsltd[.]com is a rogue website. It operates by promoting questionable/deceptive content and/or redirecting visitors to different (likely untrustworthy or malicious) pages.

Most users enter rogue webpages via redirects caused by unreliable sites, intrusive ads, or installed PUAs (Potentially Unwanted Applications).

What is SmartTravel?

SmartTravel is an adware-type application. Due to the questionable techniques used to distribute it, this piece of software is also classified as a PUA (Potentially Unwanted Application).

SmartTravel is endorsed as a tool for easy access to information hosted on Wikitravel - a web-based collaborative travel guide. It must be emphasized that this rogue app is in no way associated with Wikimedia Foundation - the creators of Wikitravel.

What kind of application is ExpandedCollection?

ExpandedCollection generates advertisements and hijacks web browsers (by changing their settings). It has the qualities of adware and a browser-hijacking app. Apps of this type often are distributed using deceptive/questionable methods. Thus, users download/install them inadvertently.

What is Best-Converter?

Best-Converter is a browser-hijacking piece of software. This rogue browser extension promotes the best-converter.com fake search engine. Browser hijackers are also categorized as PUAs (Potentially Unwanted Applications).