Virus and Spyware Removal Guides, uninstall instructions

What is Online Safety by Safely?

Online Safety is a browser hijacker developed by Safely. It is endorsed as a multi-purpose tool, which is supposedly designed to enhance the browsing experience. The advertised capabilities include real time alerts about visits to harmful websites, management of user data collected by sites and deletion of personal tracking data.

In fact, Online Safety operates by modifying browsers to promote mysafe-search.net, a fake search engine. Most users download/install Online Safety by Safely inadvertently and, therefore, it is additionally classified as a Potentially Unwanted Application (PUA).

What is speedtestace.co?

Very similar to searchmedia.online, feed.ebooks-club.com, feed.searchfrit.com, and many other sites, speedtestace.co is a fake search engine.

Its developers claim that this search engine provides an enhanced browsing experience (fast and accurate searches, improved results, and so on), however, they promote this fake search engine using a browser hijacker, a potentially unwanted application (PUA) called Speed Test Ace.

Like most apps of this type, it modifies browser settings and records data relating to users' browsing activity.

What is wwserch42[.]biz?

wwserch42[.]biz is a rogue website, which is usually opened by potentially unwanted applications (PUAs) installed on browsers or operating systems. Therefore, people do not generally visit this site intentionally. Once opened, wwserch42[.]biz redirects people to other untrustworthy websites or loads dubious content.

It operates like many other rogue websites including, for example, newsredirect[.]net, giantttraffic[.]com and localmylife[.]info. In most cases, people download and install PUAs accidentally. When installed, they force browsers to open rogue web pages, gather various information relating to users' browsing habits, and display intrusive advertisements.

What is s3.amazonaws[.]com?

The s3.amazonaws[.]com website has been identified as proliferating a variety of unwanted and malicious content. It is hosted by Amazon AWS (Amazon Web Services), a legitimate service intended to provide various IT-related resources/functionalities, however, it is commonly misused by cyber criminals to host malicious sites.

These web pages are then used to spread Potentially Unwanted Applications (PUAs) such as fake system cleaners/optimizers, adware, and browser hijackers, and also malware including ransomware, trojans, etc. This website generates redirects to various other rogue web pages.

One researched variant of s3.amazonaws[.]com operates by promoting a fake Adobe Flash Player updater, which in turn can be used to infiltrate systems with the aforementioned content. People often enter s3.amazonaws[.]com unintentionally when they are redirected by intrusive advertisements or PUAs already infiltrated into the device.

What is "LAB Bot Email"?

"LAB Bot" email is a scam message. Its misleading subject/title suggests that the email is from Amazon Delivery Support, however, it has nothing to do with this company. The message is not from Amazon or associates, and the content has no connection with them.

The body of the message claims to be from a group of "data storage hackers" (a cyber criminal group), which has supposedly hacked the recipient's cloud storage.

This scam is furthered by the use of scare tactics, in this case the model is used to trick people into paying to prevent the criminals from misusing their data. In fact, the user's device is not infected and data has not been compromised by these scammers.

What is Power Search?

The Power Search app is categorized as a browser hijacker. There are two main reasons for this classification: it promotes a fake search engine by changing browser settings and gathers browsing data. Browser hijackers are termed 'potentially unwanted applications' (PUAs), since people often download and install them inadvertently.

What is CentralLocator?

CentralLocator is the name of a potentially unwanted application (PUA) that is categorized as adware. This program supposedly enhances the browsing experience, however, it serves intrusive advertisements and gathers various information. Adware-type apps are termed 'PUAs', since people usually do not download or install them intentionally.

What is android-recaptcha[.]info?

android-recaptcha[.]info is a rogue website. Like many similar websites, it redirects visitors to other untrustworthy web pages or loads dubious content. Some examples of other sites that operate in this manner include find-soulmates[.]com, best-girls-ever[.]com and hellopushworld[.]com.

Web browsers commonly open these sites due to potentially unwanted applications (PUAs) installed on them. Typically, PUAs are designed to force browsers to open untrustworthy websites, display advertisements and gather browsing data.

What is Horriblemorning?

Discovered by GrujaRS. Horriblemorning is malicious software belonging to the GlobeImposter ransomware family. This malware is designed to encrypt data and demand ransom payments for decryption. During the encryption process, all files are are appended with the ".Horriblemorning" extension.

Therefore, "1.jpg" would appear as "1.jpg.Horriblemorning", and so on for all affected files. After this process is finished, Horriblemorning stores an HTML file ("how_to_back_files.html") on the desktop.

What is mainsourceofupdates[.]best?

mainsourceofupdates[.]best is a deceptive website claiming that Adobe Flash Player is outdated. It operates by encouraging users into downloading/installing a fake Flash Player updater.

The rogue update installers are high-risk, since they are used to proliferate Potentially Unwanted Applications (PUAs) such as adware, browser hijackers, and malicious content (e.g. trojans, ransomware and other malware).

Few visitors arrive at mainsourceofupdates[.]best intentionally - most are redirected by intrusive advertisements or PUAs already infiltrated into the device.