Virus and Spyware Removal Guides, uninstall instructions

What is the "World Health Organization (WHO)" email?

As discovered and researched by hiro_ and BleepingComputer respectively, "World Health Organization (WHO)" are spam campaigns, distributing deceptive emails disguised as mail from officials/representatives of the World Health Organization (WHO).

There are several variants of these messages, which claim to contain important information concerning the Coronavirus/COVID-19 pandemic. The purpose of these emails is phishing and malware proliferation.

At the time of research, they have been used to spread GuLoader, HawkEye, Agent Tesla and FormBook malicious programs. The messages might also be used to proliferate other malware.

What is Shield My Searches?

Shield My Searches supposedly increases browsing security, however, it actually promotes search.shieldmysearches.com (by changing browser settings) and collects data. I.e., this application is a browser hijacker, which promotes the address of a fake search engine and operates as an information tracking tool.

Since users usually download and install browser hijackers inadvertently, apps of this type are classified as potentially unwanted applications (PUAs).

What is the "COVID-19 Cases Surpassed 300,000" email scam"?

The number of fake emails claiming to be from the Centers for Disease Control and Prevention (CDC) organization and claiming to share information regarding COVID-19 (coronavirus) is growing daily. Scammers behind this phishing email attempt to trick recipients into clicking a website link supposedly designed to open a website allowing them to track COVID-19 cases.

At the time of research, the link opened a fake Microsoft Outlook login page, which scammers use to trick recipients into entering their login credentials.

What is GeneralLaunch?

GeneralLaunch is a rogue application classified as adware, however, it also possesses browser hijacker characteristics: it delivers intrusive advertisements and modifies browsers to promote a fake search engine. Additionally, most adware and browser hijackers can track browsing-related data.

Due to the dubious methods used to proliferate GeneralLaunch, it is also classified as a Potentially Unwanted Application (PUA).

What is Ginp?

Cyber criminals abuse the current situation (spread of COVID-19) in various ways. In this particular case, they attempt to extort banking information from unsuspecting people through a website called Coronavirus Finder. This web page is opened via a banking Trojan called Ginp.

Currently, cyber criminals responsible target mainly Android users in Spain, however, they could also be targeting people in other countries.

What is Milum RAT?

Milum is a Remote Access Trojan (RAT). Malware within this category allows cyber criminals remote access and control over the infected machine. Trojans of this type are highly dangerous and have varied capabilities, which can be used to cause especially serious issues.

Milum RAT has been observed targeting industrial organizations and similar entities in the Middle East. Additionally, during research it was noted that this malware was primarily used to gather data.

What is skyprize?

Skyprize is a family of deceptive, potentially malicious websites. For example, web pages designed to trick visitors into downloading and installing potentially unwanted applications (PUAs) such as browser hijackers, adware-type apps, or even malicious software including ransomware and Trojans.

Families such as skyprize often include pages designed to deceive visitors into providing private, sensitive information. None of these web pages can be trusted. Browsers usually open these pages automatically due to installed PUAs.

What is SearchPro Tools?

SearchPro Tools (also known as Search Pro Tools) is a potentially unwanted application (PUA) classified as adware. Typically, people do not download or install adware (or other PUAs) intentionally. When installed, adware-type software displays various intrusive advertisements. Commonly, programs of this type also track information.

What is Less Notifications?

Identical to Notifications Manager, the Less Notifications application supposedly operates as an 'ad blocker', however, after installation, it changes certain browser settings to find.lessnotifications.com. In summary, this app is a browser hijacker that promotes the address of a fake search engine.

Furthermore, applications of this type often gather information. Commonly, people download and install browser hijackers unintentionally. Therefore, these apps are classified as potentially unwanted applications (PUAs).

What is the contentfilled[.]com site?

contentfilled[.]com is a scam website designed to trick visitors into downloading/installing dubious or possibly malicious software. The site claims that the device has been infected with two viruses, which have caused significant damage to it. To remove these nonexistent threats, the scam recommends that visitors download/install a specific application.

No web page can detect threats or other issues present within a system - any that claim to do so are scams. Typically, access to deceptive/scam sites is unintentional - most users are redirected to them by intrusive advertisements or Potentially Unwanted Applications (PUAs).