Virus and Spyware Removal Guides, uninstall instructions

What is ConsoleConnection?

ConsoleConnection is a rogue app classified as adware. Additionally, it has browser hijacker traits. Due to the questionable methods used to distribute software products within these classifications, they are also considered to be PUAs (Potentially Unwanted Applications).

What is Cns ransomware?

Cns ransomware encrypts files and appends the decryptharma24@cock.li email address, victims ID and the ".Cns" extension to their filenames. For instance, it renames "1.jpg" to "1.jpg.email=decryptharma24@cock.li.id=C279F237.Cns", "2.jpg" to "2.jpg.email=decryptharma24@cock.li.id=C279F237.Cns".

Cns also displays a pop-up window ("info.hta") and the "ReadMe.txt" text file to provide instructions on how to contact the attackers and additional information.

What is the life-change-about[.]me site?

Life-change-about[.]me is a rogue website that shares similarities with digitalcaptcha.top, ralemploay.space, fewmonthst.space, mutigue.com, and thousands of others. It operates by presenting visitors with questionable content and/or redirecting them to different (likely unreliable or malicious) pages.

Rogue sites are usually accessed via redirects caused by untrustworthy webpages, intrusive ads, or installed PUAs (Potentially Unwanted Applications).

What is ProSportSearch browser hijacker?

ProSportSearch is a potentially unwanted application (PUA) that hijacks a browser by changing some of its settings to prosportsearch.com - it promotes a fake search engine. Browser hijackers can collect information about their users. They are often promoted using questionable methods.

What is Footer Quotes?

Footer Quotes is a rogue browser extension promoted as a tool capable of providing various quotes at the bottom of Google search pages. However, Footer Quotes is classified as adware due to delivering intrusive advertisement campaigns. Since users typically download/install adware-type products unintentionally, they are also classified as PUAs (Potentially Unwanted Applications).

What is Artemis (999) ransomware?

Artemis (999) encrypts files, appends the victim's ID, restoredisscus@gmail.com email address and ".999" extension to filenames, and creates the "ReadMe-[victim's_ID].txt" file (a ransom note). It renames "1.jpg" to "1.jpg.id[C279F237].[restoredisscus@gmail.com].999", "2.jpg" to "2.jpg.id[C279F237].[restoredisscus@gmail.com].999", etc.

What is totaltopposts[.]com?

Sharing similarties with typiccor.com, positive-news.org, watch-this-leaked.video, and thousands of others, totaltopposts[.]com is a rogue site. It operates by loading dubious content and/or redirecting visitors to various (likely unreliable or malicious) webpages. Rogue pages are typically accessed via redirects caused by untrustworthy websites, intrusive advertisements, or installed PUAs (Potentially Unwanted Applications).

What is fewmonthst[.]space page?

Fewmonthst[.]space uses a clickbait technique to trick visitors into giving it permission to show notifications and promotes potentially malicious pages. Fewmonthst[.]space is more or less similar to news-keheza[.]cc, ourhypewords[.]com, digitalcaptcha[.]top, and a great deal of other sites.

What is "I am a programmer and hacked your computer 3 months ago Email Scam"?

"I am a programmer and hacked your computer 3 months ago Email Scam" refers to a spam campaign. These letters use the sextortion scam model - they claim that a sexually explicit video featuring the recipient will be publicized unless a ransom is paid. It must be emphasized that all of the claims made by the emails are fake.

What is Notwanna ransomware?

Notwanna is part of the Xorist family. It blocks access to files by encrypting them and appends the ".Notwanna" extension to filenames. For instance, it renames "1.jpg" to "1.jpg.Notwanna", "2.jpg" to "2.jpg.Notwanna". Notwanna changes the desktop wallpaper, creates the "КАК РАСШИФРОВАТЬ ФАЙЛЫ.txt" file, and shows a pop-up window.

Notwanna's pop-up window, "КАК РАСШИФРОВАТЬ ФАЙЛЫ.txt", and desktop wallpaper are ransom notes containing contact and (or) payment information. Text in the pop-up window is written in Russian. Victims who do not have the Russian language installed on Windows text in the pop-up window written in gibberish.