Virus and Spyware Removal Guides, uninstall instructions

What kind of application is LeadingSystem?

LeadingSystem is the name of an adware-type and browser-hijacking application. It displays unwanted advertisements and changes the affected browser's settings to promote a fake search engine. Usually, apps like LeadingSystem are promoted/distributed using deceptive methods. Thus, users download/install them inadvertently.

What is AnalogTransaction?

AnalogTransaction is an advertising-supported application with browser-hijacking abilities. Furthermore, this piece of software is also categorized as a PUA (Potentially Unwanted Application).

What is DMCA Copyright Infringement Notification email virus?

It is a malspam campaign used to deliver IcedID. Cybercriminals behind it attempt to trick recipients into believing that they have received an email regarding a violation of the Digital Millennium Copyright Act (DMCA). Their goal is to trick recipients into executing a malicious file downloaded via the provided googleapis URL.

What is Matanbuchus?

Matanbuchus is a loader-type malicious program offered by its developers as Malware-as-a-Service (MaaS). This piece of software is designed to cause chain infections.

Since it is used as a MaaS, both the malware it infiltrates into systems, and the attack reasons can vary - depending on the cyber criminals operating it. Matanbuchus has been observed being used in attacks against US universities and high schools, as well as a Belgian high-tech organization.

What kind of website is mykiger[.]com?

Mykiger[.]com uses a clickbait technique to trick visitors into agreeing to receive notifications and redirects them to potentially malicious websites. It is similar to linkwinners[.]net, yourcoolfeed[.]com, news-befuka[.]cc, and a great number of other deceptive pages. As a rule, users do not visit them intentionally.

What is the "You've visited illegal infected website" scam?

"You've visited illegal infected website" is a scam disguised as a security alert from McAfee. It must be emphasized that this fake alert is in no way associated with the McAfee anti-virus or McAfee Corp.

Scams of this type usually endorse various untrustworthy apps, e.g., adware, browser hijackers, fake anti-virus tools, and other PUAs (Potentially Unwanted Applications). However, these schemes can also ask for bogus payments or trick victims into exposing sensitive information.

Scam-promoting websites are typically accessed via mistyped URLs or redirects caused by rogue pages, intrusive ads, or installed PUAs.

What kind of malware is Hr1wf?

Hr1wf is ransomware designed to encrypt files, modify filenames of all encrypted files and create the "i1jv_HOW_TO_DECRYPT.txt" file containing a ransom note. It appends a string of random characters and hte ".hr1wf" extension to filenames.

For example, Hr1wf renames "1.jpg" to "1.jpg.INhA59OBVcS5m0993VaOhBfo5pRDwfm6O25SfBTzvZf_0Vx0GeE5V3s0.hr1wf", "sample.png" to "sample.png.INhA59OBVcS5m0993VaOhBfo5pRDwfm6O25SfBTzvZf_0Vx0GeE5V3s0.hr1wf".

What is stayprotectedsupport[.]com?

Stayprotectedsupport[.]com is a rogue site sharing similarities with newschecktoday.com, hukelpfulin.xyz, alert-defenders.com, and countless others. It is designed to load dubious/deceptive content, push its browser notifications, and/or redirect visitors to different (likely unreliable/malicious) websites.

Most users enter such webpages via redirects caused by untrustworthy sites, intrusive ads, or installed PUAs (Potentially Unwanted Applications).

What kind of malware is Hudf?

Hudf is designed to encrypt files, append the ".hudf" extension to filenames, and create the "_readme.txt" file. It makes files inaccessible and provides a ransom note containing instructions on how to pay for their decryption. Hudf is part of the Djvu ransomware family.

An example of how Hudf modifies filenames: it renames "1.jpg" to "1.jpg.hudf", "document.txt" to "document.txt.hudf", and so on.

What is the "Your Device Has Been Compromised" scam?

"Your Device Has Been Compromised" is an online scam targeting Android device users. This scheme makes false claims about malware infections to trick users into downloading/installing or purchasing (likely untrustworthy or harmful) software.

Typically, scams of this type promote fake anti-viruses, adware, browser hijackers, and other PUAs (Potentially Unwanted Applications). It is noteworthy that such deceptive websites often push their browser notifications as well.

Scam sites are primarily accessed via mistyped URLs or redirects caused by rogue webpages, browser notifications/ intrusive ads, or installed PUAs.