Virus and Spyware Removal Guides, uninstall instructions

What is connection-protect[.]com?

connection-protect[.]com is a deceptive website, which promotes various scams. It has been observed promoting schemes that target Apple product users, primarily mobile device users. At the time of research, the scam run on connection-protect[.]com claimed that visitors' devices may have been compromised due to recently visited, harmful web pages.

It makes these false claims to trick users into downloading/installing and/or purchasing untrusted software. Typically, sites such as connection-protect[.]com are accessed via redirects caused by intrusive ads or Potentially Unwanted Applications (PUAs) already infiltrated into the system.

What kind of malware is Anubis?

Anubis is malware classified as an information stealer. It can be purchased on a hacker forum (starting from US$100). Cyber criminals can use it to steal cryptocurrency wallets, and information such as browsing cookies and passwords saved on browsers, and credit card details.

Therefore, if there is any reason to suspect that this (or other) malware is installed on your computer, remove it immediately.

What is StreamBrosSearch?

StreamBrosSearch is rogue software classified as a browser hijacker. Following successful infiltration, it makes changes to browser settings to promote streambrossearch.com (a fake search engine). Additionally, StreamBrosSearch monitors users' browsing habits.

Due to the dubious tactics employed to proliferate StreamBrosSearch, it is also classified as a Potentially Unwanted Application (PUA).

What is ViluciWare?

Discovered by JAMESWT, ViluciWare is designed to encrypt files, modify their filenames and prevent victims from using the computer (operating system) by locking the screen. In this way, ViluciWare functions as ransomware and a screenlocker. Research shows that it renames encrypted files by appending the ".locked" extension.

For example, it would rename "1.jpg" to "1.jpg.locked", "2.jpg" to "2.jpg.locked", etc.

What is FDFK22?

FDFK22 belongs to the Matrix ransomware family. Like other malicious programs of this type, FDFK22 is designed to prevent victims from accessing their files by encryption. It renames all encrypted files by replacing filenames with the FridaFarko@yahoo.com email address, a string of random characters, and appending the ".FDFK22" extension.

For example, "1.jpg" would be changed to "[FridaFarko@yahoo.com].49Vr2dSC-jD3GB53P.FDFK22", "2.jpg" to "[FridaFarko@yahoo.com].67Gr3sAV-kF4HN64L.FDFK22", and so on. It also creates a ransom message within the "FDFK22_INFO.rtf" file, placing this in all folders that contain encrypted files.

What is OperativeDevice?

OperativeDevice is dubious software categorized as adware. It also has browser hijacker traits. It operates by delivering intrusive advertisement campaigns and making alterations to browser settings to promote fake search engines. OperativeDevice promotes 0yrvtrh.com and the search.adjustablesample.com bogus web searchers.

Additionally, most adware and browser hijackers monitor users' browsing activity. Due to the questionable methods used to distribute OperativeDevice, it is classified as a Potentially Unwanted Application (PUA).

What is SkilledOrigin?

SkilledOrigin is a potentially unwanted application (PUA), which serves advertisements and collects sensitive information. SkilledOrigin is categorized as a PUA, since users often download and install this type of adware inadvertently. Note that this app might also be designed to promote a fake search engine address by changing certain browser settings.

What is WinkiSearch?

The WinkiSearch browser hijacker promotes winki-search.com (a fake search engine) by changing certain browser settings. It also gathers browsing-related information. Note that users often download and install browser hijackers inadvertently and, for this reason, they are classified as potentially unwanted applications (PUAs).

What is mol[.]biz?

mol[.]biz websites (similar variations include mol1[.]biz, mol2[.]biz, mol3[.]biz, etc.) are designed to promote (open) untrusted web pages or display dubious content. There are many websites of this type, including, for example, hipermovies[.]icu, gdanstum[.]net and vviewpoint[.]biz.

Note that most users do not visit these websites intentionally - they are opened by installed potentially unwanted applications (PUAs), through deceptive advertisements, or other web pages of this kind.

What is "Xerox Scanned Document" scam email?

"Xerox Scanned Document Email Scam" refers to a phishing spam email campaign. The term "spam campaign" is used to describe a mass-scale operation, during which thousands of deceptive emails are sent.

The messages distributed through this spam campaign claim that recipients have received a scanned document and, to retrieve it, they are instructed to click the provided link. Furthermore, the scam emails are concluded with "© 2020 Microsoft Corporation.

All rights reserved", which is intended to imply that the mail is from Microsoft. These emails are in no way associated with the Microsoft Corporation. Furthermore, the messages promote a phishing website, which collects data entered into it.