Virus and Spyware Removal Guides, uninstall instructions

What is ValueKnow?

ValueKnow is a potentially unwanted application (PUA) classified as adware. Generally, adware-type applications generate revenue for the developers by feeding users with advertisements. This particular app is also capable of accessing and collecting various information.

It promotes the Safe Finder website by opening it through akamaihd.net. ValueKnow and other similar apps are classified as PUAs, since people tend to download and install them unintentionally.

What is topflownews[.]com?

topflownews[.]com functions like many other rogue websites including, for example, allow-space[.]com, belazyelephant[.]com and alisalis[.]com. These sites load dubious content or redirect visitors to a number of other untrusted web pages.

Commonly, people are forced to visit these websites and do not open them intentionally - they are opened by browsers with potentially unwanted applications (PUAs) installed on them. Furthermore, PUAs display intrusive ads and collect details relating to web browsing habits.

What is Opqz?

Opqz is a malicious program and part of the Djvu ransomware family. It is designed to encrypt files, modify their filenames and create ransom messages. Opqz renames encrypted files by appending the ".opqz" extension to filenames. For example, it renames a file named "1.jpg" to "1.jpg.opqz", "2.jpg" to "2.jpg.opqz", and so on.

Opqz issues victims with a ransom message within a text file named "_readme.txt".

What is redfunchicken[.]com?

redfunchicken[.]com is a rogue website sharing many similarities with allow-space.com, belazyelephant.com, alisalis.com and countless others. It presents visitors with dubious content and/or redirects them to other untrusted or malicious web pages. Sites such as redfunchicken[.]com are rarely accessed intentionally.

In most cases, users are redirected to them by intrusive advertisements or Potentially Unwanted Applications (PUAs) already infiltrated into the system. Note that these apps do not need express permission to be installed onto devices. PUAs cause redirects, deliver intrusive ad campaigns and track browsing-related data.

What is UpgradeAssist?

UpgradeAssist feeds users with intrusive advertisements, promotes the Safe Finder website (it opens this site via akamaihd.net) and collects various user-system information. Most users download and install adware inadvertently. Therefore, these programs are also known as potentially unwanted applications (PUAs).

What is N2019cov?

Discovered by MalwareHunterTeam, n2019cov is a ransomware-type malicious program. Systems infected with this malware have their data encrypted and users receive ransom demands for decryption tools/software. During the encryption process, all affected files are appended with the ".P4WN3D" extension.

Therefore, a file named something like "1.jpg" would appear as "1.jpg.P4WN3D" following encryption. Afterwards, a ransom message (within "1nF0rM@t1On.txt") is created.

What is the "World Health Organization (WHO)" email?

As discovered and researched by hiro_ and BleepingComputer respectively, "World Health Organization (WHO)" are spam campaigns, distributing deceptive emails disguised as mail from officials/representatives of the World Health Organization (WHO).

There are several variants of these messages, which claim to contain important information concerning the Coronavirus/COVID-19 pandemic. The purpose of these emails is phishing and malware proliferation.

At the time of research, they have been used to spread GuLoader, HawkEye, Agent Tesla and FormBook malicious programs. The messages might also be used to proliferate other malware.

What is Shield My Searches?

Shield My Searches supposedly increases browsing security, however, it actually promotes search.shieldmysearches.com (by changing browser settings) and collects data. I.e., this application is a browser hijacker, which promotes the address of a fake search engine and operates as an information tracking tool.

Since users usually download and install browser hijackers inadvertently, apps of this type are classified as potentially unwanted applications (PUAs).

What is the "COVID-19 Cases Surpassed 300,000" email scam"?

The number of fake emails claiming to be from the Centers for Disease Control and Prevention (CDC) organization and claiming to share information regarding COVID-19 (coronavirus) is growing daily. Scammers behind this phishing email attempt to trick recipients into clicking a website link supposedly designed to open a website allowing them to track COVID-19 cases.

At the time of research, the link opened a fake Microsoft Outlook login page, which scammers use to trick recipients into entering their login credentials.

What is GeneralLaunch?

GeneralLaunch is a rogue application classified as adware, however, it also possesses browser hijacker characteristics: it delivers intrusive advertisements and modifies browsers to promote a fake search engine. Additionally, most adware and browser hijackers can track browsing-related data.

Due to the dubious methods used to proliferate GeneralLaunch, it is also classified as a Potentially Unwanted Application (PUA).