Virus and Spyware Removal Guides, uninstall instructions

What is Michael (Balaclava)?

Michael (Balaclava) is malicious software and a new variant of Balaclava ransomware. This malware operates by encrypting the data of infected systems and demands payment for decryption. During the encryption process, files are appended with the ".michael" extension.

For example, a file originally named something like "1.jpg" would appear as "1.jpg.michael" following encryption. After this process is complete, a ransom message ("HOW_TO_RECOVERY_FILES.txt") is dropped into every affected folder.

What is Sfile2?

Discovered by Amigo-A, Sfile2 is malicious software categorized as ransomware. After successful infiltration, this malware encrypts data and demands payment for decryption. During the encryption process, the names of all compromised files are appended with the ".sfile2" extension.

For example, a file named something like "1.jpg" would appear as "1.jpg.sfile2" after encryption. After this process, a ransom message ("!!_FILES_ENCRYPTED_.txt") is dropped into every affected folder.

What is pushsix[.]xyz?

pushsix[.]xyz is a scam website targeting iPhone users. This scheme claims that visitors' mobile devices are infected with fake viruses. These deceptive claims are used to trick people into downloading/installing the promoted software, however, content promoted using such highly dubious methods is often untrusted and can even be malicious.

For example, Potentially Unwanted Applications (PUAs) including adware, browser hijackers, fake anti-virus tools and even malware (Trojans, ransomware, etc.). Few users access pushsix[.]xyz or similar sites intentionally - most are redirected to them by intrusive ads or PUAs.

What is CyberThanos?

Discovered by MalwareHunterTeam, CyberThanos is a malicious program classified as ransomware. Systems infected with this malware suffer data encryption. Typically, malicious programs of this type encrypt files and demand payment for decryption tools/software.

During the encryption process, files are appended with the ".encrypted" extension. For example, a file originally named something like "1.jpg" would appear as "1.jpg.encrypted" following encryption, and so on for all affected files. After this process is complete, a text file named "README.txt" is created on the desktop.

This ransomware has been observed being spread under the guise of activators (activation tools) of various Microsoft software products (e.g. Windows, Microsoft Office, etc.).

What is MessengerSpot?

Virtually identical to MessengerHub, MessengerDeck, MessengerNow, and many others, MessengerSpot is an adware-type application supposedly capable of providing desktop access to Facebook Messenger. In fact, this app significantly diminishes the browsing experience by running intrusive advertisement campaigns.

Since most users download/install MessengerSpot unintentionally, it is also classified as a Potentially Unwanted Application (PUA).

What is goingapp[.]xyz?

goingapp[.]xyz is a scam website designed to trick visitors into installing a potentially unwanted application (PUA), which supposedly removes dozens of viruses that were detected by this web page. There are many websites similar to this, and none can be trusted.

Commonly, rogue addresses such as goingapp[.]xyz are opened through dubious ads (when clicked), rogue websites, or installed PUAs. In any case, people do not generally visit these web pages intentionally.

What is checkandgo[.]info?

There are many rogue websites similar to checkandgo[.]info including, for example, overiesarticu[.]info, alisalis[.]com and speakwithjohns[.]com.

All redirect visitors to other dubious web pages or load dubious content. People do not generally visit these sites intentionally - typically, they are opened via dubious ads/websites or by potentially unwanted applications (PUAs) installed on the system.

What is the Berbew malware?

Berbew is a malware infection classified as a 'backdoor' Trojan. This malicious program's primary function is to cause chain infections - it can download/install additional malware such as, for example, other Trojans, ransomware, and cryptominers. Therefore, the potential issues caused by Berbew malware can be varied and especially severe.

What is Screen Dream?

Screen Dream is advertised as an application which provides quick links to the latest movie trailers and upcoming movies. In fact, it is a browser hijacker that promotes hp.mysearch.com, a fake search engine. Like most apps of this type, it promotes this address by changing browser settings.

Note that people often download and install browser hijackers unintentionally when they are tricked. Therefore, apps of this type are categorized as potentially unwanted applications (PUAs).

What is Azor?

Azor was discovered by dnwls0719 and is a variant of Garrantydecrypt ransomware. Like most programs of this type, Azor encrypts files, changes their filenames and generates ransom messages with instructions about how to contact the developers. It renames encrypted files by appending the ".azor" extension.

For example, it changes "1.jpg" to "1.jpg.azor", "2.jpg" to "2.jpg.azor", and so on. It also drops the "!read_me!.txt" ransom message in each folder that contains encrypted files.