Virus and Spyware Removal Guides, uninstall instructions

What is yourultimatesafevideoplayer[.]info?

yourultimatesafevideoplayer[.]info is one of many websites used to trick visitors into installing potentially unwanted applications (PUAs) such as adware, browser hijackers, or even malicious software, through a fake Adobe Flash Player updater. Neither yourultimatesafevideoplayer[.]info nor any other similar web pages can be trusted.

These websites are opened through other untrustworthy sites, deceptive ads, or by PUAs already installed on the browser and/or operating system. Therefore, people do not often visit these websites intentionally.

What is Lampion?

Lampion is a malicious program, a banking Trojan which cyber criminals proliferate by sending emails. The messages contain a link that downloads an archive file (ZIP) containing malicious files. Since Lampion is a banking Trojan, cyber criminals have designed it to steal information that can be used to make fraudulent transactions, and other data.

The image below is a screenshot of an email that is used to trick people into infecting systems with Lampion, however, they might also use other templates. We strongly recommend that you ignore this email and do not open files that are downloaded through the included link.

What is Forms Guru?

Forms Guru is a rogue application, advertised as a tool for easy access to various forms. This Potentially Unwanted Application (PUA) operates as a browser hijacker. It changes certain browser settings to promote a fake search engine (search.formsgurutab.com).

Additionally, most browser hijackers monitor users' browsing habits and gather sensitive information derived from them. Note that PUAs do not require explicit user permission to be installed onto devices.

What is akamaihd.net?

The akamaihd.net web address is promoted through a potentially unwanted application (PUA), an app categorized as a browser hijacker. The name of this browser hijacker is unknown, however, research shows that it relates to another app of this type called Search Pulse.

This is because akamaihd.net is designed to redirect users to a fake search engine (home.searchpulse.net or search.searchpulse.net), which is promoted by the aforementioned browser hijacker. Generally, these apps promote fake search engines and addresses such as akamaihd.net by changing browser settings. Most PUAs also gather browsing data.

What is Happy New Year?

Discovered by Alex Svirid, Happy New Year is an updated variant of WannaCash ransomware. This malicious program operates by encrypting data and demanding ransom payments for decryption. During the encryption process, all files are renamed with the following pattern: assigned file number; "file encrypted.

Write to" (in Russian); the cyber criminals' email address, and; the ".happy new year" extension. For example, following encryption, a file such as "1.jpg" would appear as something similar to "885 Файл зашифрован. Пиши noallpossible@cock.li .happy new year".

After this process is finished, Happy New Year stores a text file entitled "как расшифровать файлы.txt" ("how to decrypt files") on the victim's desktop. This file contains the ransom message.

What is BDDY?

BDDY is a part of the Matrix ransomware family. It encrypts files and renames them using this pattern: "[Buddy@criptext.com].[random_string]-[random_string].BDDY".

For example, "1.jpg" might become "[Buddy@criptext.com].xQ4uk8Vz-KAFJcwKX.BDDY", and so on. BDDY stores the "#BDDY_README#.rtf" ransom message in all folders that contain encrypted files and on the victim's desktop. It also stores five random files on the desktop.

What is nvux.xyz?

nvux.xyz is the address of a fake search engine. Typically, these bogus sites are promoted by browser hijackers - Potentially Unwanted Applications (PUAs) that change certain browser settings. This fake search engine is promoted by a PUA called CERX, which is related to the QIP rogue app.

Note that most browser hijackers also possess data tracking capabilities, which they employ to monitor users' browsing activity. Furthermore, PUAs do not need explicit user consent to be installed onto devices.

What is theultimatesafevideoplayer[.]info?

theultimatesafevideoplayer[.]info is one of many deceptive websites that attempts to trick visitors into installing adware or other potentially unwanted applications (PUAs). This is achieved via an installer, which supposedly installs updates for Adobe Flash Player.

These sites are usually opened through clicked untrustworthy advertisements or PUAs already installed on the browser and/or operating system. Therefore, people do not generally visit websites such as theultimatesafevideoplayer[.]info intentionally.

What is Look at my video?

Spelevo is the name of an exploit kit that abuses software vulnerabilities to infect systems with various malware. In this case, it triggers vulnerabilities in Internet Explorer browser and Adobe Flash Player, and redirects users to the lookatmyvideo[.]com (LookAtMyVideo) website, which is disguised as an adult web page.

The site attempts to trick people in downloading and executing a file - a decoy video codec that infects systems with malware.

What is Online Safety by Safely?

Online Safety is a browser hijacker developed by Safely. It is endorsed as a multi-purpose tool, which is supposedly designed to enhance the browsing experience. The advertised capabilities include real time alerts about visits to harmful websites, management of user data collected by sites and deletion of personal tracking data.

In fact, Online Safety operates by modifying browsers to promote mysafe-search.net, a fake search engine. Most users download/install Online Safety by Safely inadvertently and, therefore, it is additionally classified as a Potentially Unwanted Application (PUA).