Virus and Spyware Removal Guides, uninstall instructions

What is Adair?

Adair is part of the Phobos ransomware family. Like most programs of this type, Adair encrypts files, changes filenames and provides victims with instructions about how to contact the developers. This ransomware renames each file by adding the victim's ID, developers's email address and appending the ".Adair" extension to filenames.

For example, it renames "1.jpg" to a filename similar to "1.jpg.id[1E857D00-2261].[kusachi@cock.li].Adair", and so on. It also provides two ransom message: one in a text file named "info.txt" and the other in a pop-up window, which is launched through the "info.hta" file. Other variants of this ransomware use the ".[decryptbox@airmail.cc].Adair" extension for encrypted files.

What is Removeme2020?

Discovered by malware researcher, Raby, Removeme2020 is a malicious program belonging to the GlobeImposter ransomware family. This ransomware operates by encrypting data and demanding ransom payments for decryption. When Removeme2020 encrypts, files are appended with the ".locker" extension.

For example, "1.jpg" would appear as "1.jpg.locker" following encryption. After this process is finished, an HTML file ("how_to_back_files.html") containing the ransom message is stored on the desktop.

What is hitnews[.]biz?

Sharing countless similarities with balanceformoon.com, mediazone.mobi, turbonews.biz and many others, hitnews[.]biz is a rogue web site. It operates by causing redirects to other untrustworthy and malicious web pages, and also presents visitors with dubious content.

Few users enter hitnews[.]biz intentionally - most are redirected by intrusive advertisements or Potentially Unwanted Applications (PUAs) already installed onto the system. Following successful infiltration, PUAs generate redirects, deliver intrusive ad campaigns and monitor users' browsing activity.

What is worldmylife[.]info?

worldmylife[.]info is one of many websites (similar to balanceformoon[.]com, mediazone[.]mobi, toobotnews[.]biz and so on) that redirect visitors to other untrustworthy sites or load dubious content.

Generally, people do not visit these websites intentionally - browsers open them when potentially unwanted applications (PUAs) are installed on the browser and/or operating system. Additionally, PUAs usually gather browsing data and serve intrusive advertisements.

What is "Get the new iPhone 11 Pro"?

"Get the new iPhone 11 Pro" is a scam run by deceptive web pages. The scheme claims that users can win an Apple iPhone 11 Pro for a small fee, however, this is an attempt to extort money from people and steal their personal information (e.g. credit card details).

Few visitors to deceptive websites, such as ones running "Get the new iPhone 11 Pro", access them intentionally - most people are redirected by intrusive advertisements or Potentially Unwanted Applications (PUAs) already infiltrated into the system.

What is yourultimatesafevideoplayers[.]info?

yourultimatesafevideoplayers[.]info is one of the many deceptive websites designed to trick visitors into downloading and installing potentially unwanted applications (PUAs) through the fake installer of a new Adobe Flash Player version. Typically, these sites actually download the installers of PUAs such as browser hijackers, adware.

In some cases, the installers infect systems with malicious software such as ransomware, Trojans, or other high-risk malware. In any case, websites like yourultimatesafevideoplayers[.]info should never be trusted.

What is "Я Прôгрaммиcт, Кoтôрый Взлôмaл 0с Вaшeгô Уcтрôйcтвa"?

Like many sextortion emails, this one is sent by scammers who attempt to extort money from unsuspecting recipients. Typically, they claim that they have recorded humiliating, compromising videos or photos, and threaten to proliferate the material unless they are paid a ransom.

Do not believe these emails or pay these scammers any money. Ignore all emails of this type.

What is "Antivirus Update is prepared"?

"Antivirus Update is prepared" is a deceptive pop-up window displayed by scam websites. By implying that antivirus software requires updating and devices are at risk, the pop-up attempts to urge people into downloading/installing untrustworthy, malicious content. Potentially Unwanted Applications (PUAs) are often proliferated through these scams.

 For example, fake antivirus programs, adware, browser hijackers, etc. Note that no site can detect issues or threats present on systems - any making such claims cannot be trusted. Additionally, few visitors to deceptive/scam web pages enter them intentionally - most are redirected by intrusive ads or PUAs already infiltrated into the device.

What is Jenkins?

Jenkins ransomware is designed to encrypt files and change associated filenames by appending the ".jenkins" extension. For example, "sample.jpg" becomes "sample.jpg.jenkins", and so on. This ransomware also creates a text file ("!READ_ME.txt") containing the ransom message and instructions about how to contact the cyber criminals who designed Jenkins.

What is Easy Gaming App?

Easy Gaming App is the name of an application designed to provide easy access to various online games. In fact, it is categorized as a potentially unwanted application (PUA), a browser hijacker. Typically, apps of this type promote the address of a fake search engine and gather browsing data.

In most cases, people download and install browser hijackers inadvertently. Note that Easy Gaming App is installed together with another PUA called Hide My Searches.