Virus and Spyware Removal Guides, uninstall instructions

What is "ZoneAlarm Global Virus Alert"?

Like most technical support scams, this one claims that the user's personal, sensitive information is stolen and the computer is infected with malware. Its main purpose is to trick unsuspecting people into calling scammers via the provided telephone number.

Typically, scammers behind these deceptive websites seek to extort money from users by deceiving them into paying for remote "support services" software. They might also ask people to grant remote access to their computers. In any case, such scams should never be trusted.

Note that this scam mentions legitimate antivirus software called ZoneAlarm, however, neither this software, nor the internet security software company that developed it, has anything to do with this scam.

What is Geminis?

Discovered by dnwls0719, Geminis is a malicious program categorized as ransomware. Systems infected with this malware suffer data encryption and users receive ransom demands for decryption keys/software. When Geminis ransomware encrypts data, files are appended with the ".geminis3" extension.

Therefore, a file originally named something like "1.jpg" would appear as "1.jpg.geminis3 following encryption, and so on for all affected files. After this process is complete, a ransom message ("README.txt") is dropped into every compromised folder.

What is hesterinoc[.]info?

hesterinoc[.]info is one of many sites that redirect visitors to other untrusted websites or load dubious content. More examples of pages that function in this way are promodayz[.]com, overiesarticu[.]info and pushpush[.]net. Typically, these web pages are opened through dubious ads, rogue web pages or potentially unwanted applications (PUAs) installed on the browser.

Most users do not visit websites such as hesterinoc[.]info intentionally.

What is magnetdl[.]com?

magnetdl[.]com is a torrent website which uses rogue advertising networks and might contain copyrighted content. Note that buttons within magnetdl[.]com can lead to other untrusted and potentially malicious websites, including illegal streaming web pages. Note that 'torrenting' (using torrent clients) is not illegal, however, downloading copyrighted content is.

What is GoCryptoLocker?

Discovered by Amigo-A, GoCryptoLocker is malicious software classified as ransomware. Ransomware is designed to encrypt data and demand payments for decryption. When GoCryptoLocker encrypts, all affected files are appended with the ".GEnc" extension.

For example, a file originally named something like "1.jpg" would appear as "1.jpg.GEnc" following encryption. After this process is complete, GoCryptoLocker displays a pop-up window.

What is History Hide?

History Hide is advertised as a privacy-focused app that keeps users' searches private. In fact, it changes browser settings to promote its associated search engine (historyhide.com) and might also gather browsing-related and other data. Apps of this type are classified as browser hijackers.

People often download and install browser hijackers accidentally and, therefore, they are also categorized as potentially unwanted applications (PUAs).

What is zooqle[.]com?

zooqle[.]com is an untrusted P2P (Peer-to-Peer) sharing website, which allows users to share content through torrent files. In fact, this site infringes copyright laws and uses rogue advertising networks. Therefore, visitors to this website are redirected to other dubious, deceptive and malicious sites.

This is a common monetization tactic employed by torrents and other dubious sites. Additionally, web pages such as zooqle[.]com are known to offer Trojans, ransomware and other malware for download, disguised as, or bundled with, normal software and/or media files. You are strongly advised against using zooqle[.]com or other untrusted download sources.

What is WisePCDoctor?

WisePCDoctor is advertised as program which allows users to scan, repair and improve the performance of their computers, however, due to its distribution method, WisePCDoctor is categorized as a potentially unwanted application (PUA). Generally, users do not download or install PUAs intentionally. Therefore, apps of this type should never be trusted.

What is the fake "U.S. Small Business Administration" email?

The "U.S. Small Business Administration" email is part of yet another spam campaign exploiting the Coronavirus/COVID-19 pandemic.

Supposedly from the US Small Business Administration (SBA), the emails are disguised as containing information regarding the Paycheck Protection Program, Economic Injury Disaster Loans and Emergency Grants, and Small Business Debt Relief - as part of the CARES (Coronavirus Aid, Relief, and Economic Security) act.

These emails are designed to target small business owners/representatives, possibly SBA applicants who had their personally identifiable information exposed. The messages have infectious files attached, which contain GuLoader malware. This, in turn, infects systems with the Remcos Remote Access Tool (RAT).

When used for malicious purposes, this software is termed a 'Remote Access Trojan'.

What is TopicFirst?

TopicFirst is a potentially unwanted application (PUA), an adware-type app supposedly designed to improve the browsing experience. In fact, it feeds users with advertisements, promotes Safe Finder (by opening it via akamaihd.net) and might also gather information. Users often download and install adware unintentionally and, therefore, TopicFirst is categorized as a PUA.