Virus and Spyware Removal Guides, uninstall instructions

What is "Is this your package?"?

This is a scam website used by criminals to extort money from unsuspecting people. It is disguised as the website of an international department of lost and found packages. The main purpose of this site is to trick recipients into paying for delivery of unclaimed packages.

Generally, websites of this type are opened through other untrustworthy web pages, deceptive advertisements or potentially unwanted applications (PUAs) installed on browsers and/or operating systems. In any case, these pages cannot be trusted and should be avoided.

What is creditcable[.]info?

Sharing many similarities with betanews.me, sms-mail-message.com, fastnewstream.com and countless others, creditcable[.]info is a rogue website. Visitors to it are presented with dubious content and/or redirected to other untrustworthy, even malicious sites.

Few users enter creditcable[.]info intentionally - they are redirected by intrusive advertisements or Potentially Unwanted Applications (PUAs) already installed on the system. Note that these apps do not need express permission to infiltrate devices. PUAs operate by generating redirects, running intrusive ad campaigns and monitoring users' browsing habits.

What is Devon?

Belonging to the Crisis/Dharma malware family, Devon is a ransomware infection. This malicious program encrypts data and demands payment for decryption. When encryption is underway, files are renamed with a unique ID, the developer's email address and ".Devon" extension.

For example, a filename like "1.jpg" might appear as something similar to "1.jpg.id[1E857D00-2609].[decryptfiles@qq.com].Devon", and so on for all affected files. Once this process is complete, Devon malware stored the "info.hta" and "info.txt" files on the desktop. Both the HTML application and text file contain ransom messages.

Updated variants of this ransomware use ".[cyberdyne@foxmail.com].Devon", ".[decryption_help@protonmail.com].Devon",  ".[suppdecrypt@cock.li].Devon", ".[Unlock1@cock.li].Devon", ".[admindevon@cock.li].devon" and ".[celine_denny@aol.com].Devon" extensions for encrypted files.

What is The PDF Tools Plus?

The PDF Tools Plus is a browser hijacker endorsed as a tool to convert document formats to PDF and vice versa. It operates by making certain alterations to browsers to promote thepdftoolssearch.net, a fake search engine. Furthermore, this app possess data tracking capabilities, which it employs to monitor users' browsing activity.

Due to its dubious proliferation methods, The PDF Tools Plus is also categorized as a Potentially Unwanted Application (PUA).

What is maztek[.]xyz?

maztek[.]xyz is a scam site, which claims that the visitor's device has been infected. Note that no web page can detect threats/issues present in systems. Typically, scams of this type promote untrustworthy and/or malicious content. At the time of research, maztek[.]xyz redirected users to a broken website.

Most visits to this site occur via redirects caused by intrusive ads or Potentially Unwanted Applications (PUAs) already infiltrated into the device.

What is Ultra PDF Converter Plus?

As its name suggests, Ultra PDF Converter Plus supposedly converts files to and from PDF format. In fact, this app promotes ultrapdfconverterplussearch.com (the address of a fake search engine) by changing browser settings. Apps of this type are categorized as browser hijackers.

They change certain settings and collect information relating to users' browsing habits. Typically, people download and/or install browser hijackers inadvertently and, therefore, they are also classified as potentially unwanted applications (PUAs).

What is nJoyMusic Search Plus?

nJoyMusic Search Plus is a browser hijacker, which is advertised as a tool for easy access to music-related content and providing other unique features. Following successful infiltration, however, it modifies browsers to promote musix.eanswers.com (a fake search engine).

nJoyMusic Search Plus also has data tracking capabilities, which it employs to monitor users' browsing activity. Furthermore, due to its dubious proliferation methods, it is also categorized as a Potentially Unwanted Application (PUA).

What is DIY Projects?

DIY Projects supposedly provides links to popular how-to websites, however, this app is classified as a browser hijacker, since it promote a fake search engine (search.freehowtotab.com) by changing certain browser settings. Browser hijackers can also record user-system information - in most cases, they target browsing data.

DIY Projects is distributed and installed together with Hide My Searches. Both of these apps are categorized as potentially unwanted applications (PUAs), since people tend to download and install them unintentionally.

What is njkwe RaaS corporation?

Discovered by Michael Gillespie, njkwe RaaS corporation is the name of malicious software that belongs to the Paradise ransomware family. Like many other programs of this type, njkwe RaaS corporation encrypts files, changes associated filenames and creates a ransom message.

Furthermore, it adds the operator's name and victim's ID, and appends the ".payload" extension to the filename of each encrypted file.

For example, "1.jpg" becomes "1.jpg_kfs_{SA3Cu8}.payload", and so on. Note that njkwe RaaS corporation also creates a text file ("---==%$$$OPEN_ME_UP$$$==---.txt"), a ransom message containing instructions about how to contact the cyber criminals who designed this ransomware.

What is betanews[.]me?

betanews[.]me is a rogue website sharing many common traits with sms-mail-message.com, fastnewstream.com, lifeimpressions.net and thousands of others. It operates by generating redirects to untrustworthy and malicious sites.

The site also presents visitors with dubious and harmful content. People rarely enter these web pages intentionally - typically they are redirected by intrusive ads or Potentially Unwanted Applications (PUAs) already present on the system. These apps do not need express user permission to be installed onto devices.

Following successful installation, however, they cause redirects, run intrusive ad campaigns, hijack browsers and monitor users' browsing habits.