Virus and Spyware Removal Guides, uninstall instructions

What is cocketexercine[.]info?

Similar to younwild.com, zahkit.pro, pushbestdevice.com and many others, cocketexercine[.]info is a rogue website. When opened, it presents visitors with dubious content and/or redirects them to other untrusted, malicious web pages.

Most users access cocketexercine[.]info and similar websites via redirects caused by intrusive ads or Potentially Unwanted Applications (PUAs) already installed on the system. Note that these apps stealthily infiltrate devices without users' knowledge. PUAs cause redirects, deliver intrusive ads (pop-ups, banners, surveys, etc.) and can track browsing-related information.

What kind of malware is EnCiPhErEd?

EnCiPhErEd is malicious software and part of the Xorist ransomware family. This malware is designed to encrypt data and demand payment for decryption. During the encryption process, all affected files are converted into executables and their filenames are appended with the ".EnCiPhErEd" extension.

For example, a file originally named "1.jpg" would appear as "1.jpg.EnCiPhErEd". When any of the compromised files are opened (i.e., double-clicked), a pop-up window is opened, which contains the ransom demand message.

Additionally, an identical ransom message in the form of a text file ("HOW TO DECRYPT FILES.txt") is dropped onto the desktop, the wallpaper of which is changed and also contains part of the message.

What is .com (Phobos)?

Discovered by Karsten Hahn, .com (Phobos) is a part of the Phobos ransomware family. Like many other programs of this type, .com (Phobos) encrypts victims' files, changes filenames and provides instructions about how to contact the developers (and other details) in a ransom message.

It renames all encrypted files by adding the victim's ID, email address of the developers, and appending the ".com" extension to filenames.

For example, a file called "1.jpg" might be renamed to something similar to "1.jpg.id[1E857D00-1127].[MerlinWebster@aol.com].com", and so on. It also displays a ransom message in a pop-up window ("info.hta") and creates another in a text file named "info.txt".

What is "IFC Global Development Funding Program Email Scam"?

This email scam is disguised as a message regarding fund approval, supposedly by "IFC Global Development Funding Program". Scammers behind this email claim that recipients can receive a specific sum of money by sending various personal details.

We strongly advise against replying to this email or providing any information to scammers - they are likely to misuse the details to generate revenue, which would lead to a number of problems. Ignore this and other, similar emails and do not believe the statements.

What is twok[.]pro?

twok[.]pro is a rogue website that shares many similarities with zahkit.pro, scuseami.net, showeverig.info and countless others. Visitors to this page are presented with dubious content and/or are redirected to other untrusted, even malicious sites.

Typically, users do not access these web pages intentionally - they are redirected by intrusive ads or Potentially Unwanted Applications (PUAs) already infiltrated into the system. Note that these apps do not require explicit consent to be installed onto users' devices. PUAs generate redirects, deliver intrusive advertisement campaigns and gather browsing-related information.

What is younwild[.]com?

younwild[.]com has similar behavior to zahkit[.]pro, usinesmycete[.]info, scuseami[.]net and many other rogue websites. When visited, it opens a number of other untrusted pages or loads dubious content.

Typically, websites such as younwild[.]com are opened through various dubious web pages, deceptive ads or by potentially unwanted applications (PUAs) installed on the system. Apps of this type usually gather browsing-related details and/or display advertisements.

What is yourday-winprize[.]life?

yourday-winprize[.]life redirects visitors to various other potentially malicious, deceptive and untrusted websites.

Typically, people do not arrive at websites such as yourday-winprize[.]life intentionally - in most cases, they are opened through other untrusted websites, dubious advertisements or potentially unwanted applications (PUAs) installed on the browser and/or operating system. No websites opened through yourday-winprize[.]life can be trusted.

What is rewardsawesome[.]com?

rewardsawesome[.]com is a rogue website designed to promote untrusted/malicious pages and/or present visitors with dubious content. The site has been observed promoting various fake prize-oriented scams.

During research, rewardsawesome[.]com has promoted "Congratulations Amazon shopper!", "Congratulations Samsung user!", "Dear YouTube user, Congratulations!", "Congratulations Walgreens shopper!" and "Congratulations Walmart shopper!" scams.

Most users enter rewardsawesome[.]com via redirects generated by intrusive advertisements and/or Potentially Unwanted Applications (PUAs) already infiltrated into the system. Note that these apps do not need express user consent to be installed onto devices.

What is AlphaBetaCrypt?

AlphaBetaCrypt ransomware is designed to encrypt victims' files, change the filenames and create a text file (containing the ransom message).

The program renames all files by appending the ".CRYPT" extension (e.g., it renames "1.jpg" to "1.jpg.CRYPT", and so on), and creates the "README_README_README_README.txt" text file, which contains instructions about how to contact AlphaBetaCrypt's developers plus some other information.

What is "Congratulations Samsung user!"?

"Congratulations Samsung user!" is a scam run on deceptive web pages. It claims that, due to visitors' support of "Samsung" services, the company is offering the chance to win an "exclusive reward". Note that this dubious scheme has no connection with Samsung.

Additionally, any prizes offered are bogus. At the time of research, the scam simply redirected to a website stating "Thank You", however, in most cases, these scams steal users' personal information (e.g. names, email addresses, banking details, etc.) and/or to trick them into making monetary transactions (e.g. paying shipping fees for the bogus prize, etc.).

Typically, visits to deceptive/scam web pages occur via redirects caused by intrusive ads or by Potentially Unwanted Applications (PUAs) already infiltrated into the system.