Virus and Spyware Removal Guides, uninstall instructions

What is the 761d[.]site website?

Sharing common traits with premium-shops-around.me, positiveweb.org, verifyrobots.online, life-change-about.me, and thousands of others, 761d[.]site is a rogue webpage. It loads questionable content and/or redirects visitors to various (likely unreliable or malicious) websites.

Users typically enter rogue sites via redirects caused by untrustworthy webpages, intrusive adverts, or PUAs (Potentially Unwanted Applications) infiltrated into their systems.

What is Wind Blocker?

Wind Blocker is a rogue browser extension endorsed as an adblocker. It is supposedly capable of eliminating various advertisements on the Web. Instead, Wind Blocker operates as adware, i.e., it displays ads. Furthermore, due to the questionable methods used to distribute software products within this classification, they are also considered to be PUAs (Potentially Unwanted Applications).

What type of threat is MyKings?

MyKings is the name of a botnet leveraging EternalBlue vulnerability in the Windows operating system. It is known that this botnet spreads Trojans, cryptocurrency miners, and possibly other malware. Once the system is infected, MyKings attempts to spread to other devices using the vulnerability mentioned before.

What is Mhkwl ransomware?

Mhkwl is a piece of malicious software classified as ransomware. It operates by encrypting data (rendering files unusable) and demanding payment for the decryption.

Encrypted files are appended with a random character string and a ".mhkwl" extension. For example, a file initially titled "1.jpg" would appear as something similar to "1.jpg.MGYVknZZsa7hqdl43-xdVkSFmdjfkdbL7swJ71pRZb7_1nJ97Sb9nos0.mhkwl". After this process is complete, a ransom note - "etrU_HOW_TO_DECRYPT.txt" - is dropped onto the desktop.

What is the premium-shops-around[.]me site?

Premium-shops-around[.]me is a rogue website similar to get-positive.net, positiveweb.org, apel.top, captcha-smart.top, and countless others. It is designed to load dubious content and/or redirect visitors to different (likely untrustworthy or malicious) webpages.

Most users enter rogue sites via redirects caused by suspect pages, intrusive advertisements, or installed PUAs (Potentially Unwanted Applications).

What is Host Europe email scam?

The purpose of most phishing emails is to trick recipients into providing personal information (usually through a provided website). These emails often are disguised as letters from legitimate companies or other entities. Scammers behind this email posing as Host Europe - a German company that serves as a web hosting provider.

What is Maxtrilha?

Maxtrilha is the name of a banking trojan. This piece of malicious software is designed to target victims' banking accounts and their log-in credentials. Maxtrilha has been especially active in Latin America and certain countries in Europe (notably Portugal). This malware has been observed being spread through phishing spam campaigns.

What is !secure ransomware?

!secure is a piece of malicious software categorized as ransomware. It encrypts data (renders files inaccessible) and demands payment for the decryption (access recovery).

Affected files are prepended with the cyber criminals' email address and a unique ID assigned to the victims, they are also appended with a ".!secure" extension. Therefore, a file initially titled "1.jpg" would appear as something similar to "{notsosecure@firemail.cc}.ID=34GI7BEH.1.jpg.!secure". Afterwards, two ransom notes - "!README!.hta" and "!README!.txt" - are created.

What is Void68 ransomware?

Void68 blocks access to files (it encrypts them) and modifies their filenames. It appends the ".void" extension to the filename of every encrypted file. For example, it renames "1.jpg" to "1.jpg.void", "2.jpg" to "2.jpg.void". Void68 also changes the desktop wallpaper to an image containing a ransom note and creates the "nyiss meg.txt" file.

What is PasswordStealer Spyware?

Password stealers are malicious programs that people often install on their computers inadvertently. Once installed, they stealthily collect sensitive information. In most cases, they target details such as login credentials (usernames, passwords), credit card details, and other personal information.

They can also be designed to gather information regarding an infected system (connected users, network activity, installed antivirus and other software, etc.). Additionally, some of these malicious programs are capable of installing additional malware onto the computer and/or adding the computer to a botnet.