Virus and Spyware Removal Guides, uninstall instructions

What is YoSearch Weather Tab?

YoSearch Weather Tab is a rogue browser extension. Our analysis of this piece of software revealed that it operates as a browser hijacker. YoSearch Weather Tab modifies browser settings to promote the yosearch.co fake search engine. Furthermore, this extension spies on users' browsing activity.

What is "Find iPhone"?

After inspecting "Find iPhone", we determined that it is a phishing scam. It is promoted via SMSes (text messages), which claim that users' mobile devices are online and their location can be checked via the provided link. This URL belongs to a phishing website targeting Apple ID log-in credentials.

This scam mimics the genuine Find My application (based on its predecessor Find My iPhone) from Apple. It must be emphasized that the "Find iPhone" scam is not associated with Apple Inc.

What is NavigateNetwork?

NavigateNetwork is a rogue application that our research team discovered while checking out new submissions to VirusTotal. Our analysis of this app revealed that it operates as advertising-supported software (adware) and belongs to the AdLoad malware family.

What kind of malware is Ritzer?

Ritzer is ransomware that encrypts data and appends the ".ritzer" extension to filenames. Also, it creates the "read_it.txt" file that contains a ransom note. We have found that Ritzer is based on Chaos ransomware. Our team discovered the Ritzer ransomware while inspecting malware samples submitted to the VirusTotal page.

An example of how Ritzer renames files: it renames "1.jpg" to "1.jpg.ritzer", "2.png" to "2.png.ritzer", and so forth.

What kind of website is shoksips[.]com?

Shoksips[.]com is a page designed to trick visitors into allowing it to show notifications. Also, it redirects visitors to other websites. Like most pages of this type, shoksips[.]com uses a clickbait technique to trick visitors into agreeing to receive notifications. We have discovered shoksips[.]com while examining websites that use rogue advertising networks.

What kind of email is "Your OneDrive Is Inactive And Will Soon Be Deleted"?

Our inspection of the "Your OneDrive Is Inactive And Will Soon Be Deleted" email revealed that it operates as a phishing scam.

This spam letter is presented as a notification regarding the deletion of the recipient's Microsoft OneDrive account. With these false claims, the email aims to trick users into visiting a phishing site that is disguised as the OneDrive log-in page. The credentials entered into this webpage will be disclosed to the scammers behind this spam campaign.

It must be emphasized that these scam letters are in no way associated with the Microsoft Corporation.

What kind of malware is APT32?

It is the name of a malicious application that provides access to Android devices and spies on victims. APT32 establishes the "MainService" service, connects to a command-and-control (C2) server, and starts its malicious activities (it receives commands via a C2 server). It is known that this malicious app does not install unless Play Protect is disabled.

What is "Your Computer May Be At Risk With An Expired McAfee License"?

While inspecting untrustworthy websites, our researchers found the "Your Computer May Be At Risk With An Expired McAfee License" scam.

Typically, deceptive content of this kind is used to push unreliable or malicious software. At the time of research, this scam redirected to the official website of McAfee. However, it must be emphasized that McAfee Corp. is in not associated with this scam.

What kind of application is paint page?

paint page is described as an application allowing users to paint the background and text on websites. After testing the application, we noticed that it shows annoying/intrusive advertisements. In other words, paint page is an advertising-supported application. Our team has discovered paint page on a deceptive website instructing visitors to add this app to a web browser.

What kind of application is IndexInterface?

IndexInterface is the name of an application that our team has discovered on a shady website offering to download fake updates for the Adobe Flash Player. After downloading and installing the app, we found that it generates unwanted advertisements. Therefore, we classified IndexInterface as adware (advertising-supported software).