Virus and Spyware Removal Guides, uninstall instructions

What is rymothere[.]fun?

People do not often vistit rymothere[.]fun or similar sites intentionally. Some examples of other, similar web pages include boonfracto[.]fun, veadoles[.]online and cenesserie[.]fun. Commonly, these pages are promoted by potentially unwanted applications (PUAs), which many users download and install inadvertently.

What is Macfaster Pro?

Macfaster Pro is an untrusted application presented as a system cleaner and optimizer for Mac operating systems. In fact, the threats and issues it detects are fake.

The use of nonexistent problem detection is intended to trick users into purchasing Macfaster Pro. Furthermore, most users download/install this app inadvertently, and therefore it is classified as a Potentially Unwanted Application (PUA).

What is boonfracto[.]fun?

boonfracto[.]fun is an untrusted website that should be avoided. Typically, these sites are promoted via deceptive ads, other bogus web pages, or potentially unwanted applications (PUAs). Therefore, if a browser opens boonfracto[.]fun automatically, it is likely that a PUA is installed on it.

Some examples of other web pages similar to boonfracto[.]fun are, veadoles[.]online and cenesserie[.]fun.

What is the fake "Findomestic" email?

"Findomestic Email Virus" refers to a spam campaign proliferating Ursnif trojan-type malware. The term "spam campaign" defines a mass-scale operation, during which thousands of deceptive/scam emails are sent.

This spam campaign targets Italian users and is disguised as a notification concerning recipients' debts, supposedly from Findomestic, which is a legitimate consumer credit institution.

Note that these messages are in no way associated with the Findomestic banking company and none of the information provided in them is genuine. The purpose of these scam emails is to trick recipients into opening the file attached to them, thereby initiating the infection process of Ursnif. This Trojan stealthily infiltrates systems and extracts information stored in and accessed through them.

What is the "This computer was automatically blocked. Reason: Pirated software has been detected" message?

The 'Pirated software has been detected' message blocks computer systems demanding payment of a fine for supposedly owning pirated software. This is a scam, a ransomware virus that infiltrates operating systems via drive-by downloads, exploit kits, infected email attachments, and fake downloads (for example, rogue video players, or fake Flash updates).

After successful infiltration, this malicious program blocks the computer screen with a message stating that pirated content was detected and that the user must pay a 500 EUR (or 500 CAD) fine using bitcoins within three days to avoid criminal charges and arrest.

Cyber criminals responsible for creating this scam aim to trick PC users into believing that they have committed law violations and must pay the fine as a consequence. In fact, no international authorities (including the Department of Justice) use screen blocking messages to collect fines for any law violations.

What is oodsother[.]space?

Sharing many similarities with veadoles.online, sonoffer.online, cenesserie.fun, indexspotcaptcha.com, and thousands of others, oodsother[.]space is a rogue web page. Visitors to this site are presented with dubious content and/or are redirected to other bogus or possibly malicious websites.

Few users access oodsother[.]space or similar sites intentionally - most are redirected to them by intrusive advertisements or by Potentially Unwanted Applications (PUAs) already installed on the system. This software does not require explicit user permission to infiltrate devices, and thus users may be unaware of its presence.

PUAs cause redirects, run intrusive ad campaigns, and collect browsing-related data.

What is richinfo[.]co?

Users do not often visit websites such as richinfo[.]co intentionally - they are opened by browsers that have potentially unwanted applications (PUAs) installed on them. Some more examples of web pages that are similar to richinfo[.]co are veadoles[.]online, cenesserie[.]fun, and indexspotcaptcha[.]com.

PUAs open dubious web pages, serve advertisements, and gather various data.

What is Ukk1 ransomware?

Ukk1 is a malicious program and part of the MedusaLocker ransomware family. It is designed to encrypt the data of infected systems in order to make ransom demands for decryption. During the encryption process, all affected files are appended with the ".ukk1" extension.

For example, a file originally named something like "1.jpg" would appear as "1.jpg.ukk1" following encryption. Once this process is complete, ransom messages within "Recovery_Instructions.html" files are dropped into compromised folders.

What kind of malware is Thanos?

Thanos was discovered by GrujaRS. This ransomware encrypts files, modifies filenames and generates a ransom message. It renames files by appending the ".locked" extension. Therefore, after encryption, "1.jpg" is renamed to "1.jpg.locked", "2.jpg" to "2.jpg.locked", and so on.

Thanos creates the "HOW_TO_DECYPHER_FILES.txt" text file (ransom message) in all folders that contain encrypted files.

What is SmartSearch?

SmartSearch is a potentially unwanted application (PUA) that serves advertisements and modifies browser settings. It might also collect browsing data and other information. In this way, SmartSearch functions both as adware and a browser hijacker.

These apps are rarely downloaded by users intentionally, and therefore they are classified as PUAs. SmartSearch is distributed via a deceptive installer, which is disguised as an installer for Adobe Flash Player.