Virus and Spyware Removal Guides, uninstall instructions

What is losx.xyz?

losx.xyz is one of many fake search engines. Two of the apps used to promote it are called APP (on Chrome) and SDL (on Firefox), however, other apps might also be used. Typically, apps that promote fake search engines are categorized as browser hijackers and potentially unwanted applications (PUAs).

Typically, they change browser settings, however, these particular apps do not change any settings. Note that PUAs of this type usually collect information relating web browsing activity.

What is qqs7.xyz?

qqs7.xyz is the address of a fake search engine, which is promoted through a potentially unwanted application (PUA) called APP (in fact, it is likely that developers also promote qqs7.xyz via other rogue applications). This PUA is related to another app of this type called QIP.

Both are categorized as browser hijackers. These apps typically promote fake search engines by changing browser settings and gathering user information, however, research shows that this particular PUA (APP) does not change any settings.

What is "CVE-2018-10562" email scam?

"CVE-2018-10562" is the code name of a vulnerability discovered in a variety of Dasan GPON home routers. Cyber criminals have recently started a new spam campaign naming it after this vulnerability. It is designed to extort money by threatening to expose evidence of users' sexual activity.

The cyber criminals behind this email claim to have hacked the addressee's OS (Operating System) and gained access to the device's camera.

I.e., they have recorded the victim apparently visiting adult websites. Unless a certain sum is paid, this content will supposedly be sent to all of the addressee's contacts. Note that these alleged videos do not exist and the device's integrity has not been compromised.

What is ANTEFRIGUS?

ANTEFRIGUS is the name of a ransomware infection. Generally, malware of this type is designed to encrypt files with a strong encryption algorithm that can only be decoded with specific decryption software and/or key. In fact, this particular ransomware does not encrypt files stored on the C (C:) drive.

It does, however, encrypt data stored on other drives such as D, E, F, F, H and I. It appends a random extension to each encrypted file. For example, "1.jpg" might become "1.jpg.mewqsm", and so on for all affected files.

Furthermore, ANTEFRIGUS creates a ransom message within a text file called "mewqsm-readme.txt" (its name is associated with the appended random extension).

What is streampoint[.]live?

streampoint[.]live is a rogue website, sharing similarities with notification-centar.com, windowsguidenews.com, robotornotcheckonline.club, and many others. It operates by presenting visitors with dubious content and/or redirecting them to other untrustworthy/malicious web pages.

Few users access the site intentionally, since most are redirected to streampoint[.]live by intrusive ads or Potentially Unwanted Applications (PUAs) already infiltrated into the system. PUAs generate redirects, run intrusive advertisement campaigns, and track browsing-related data.

What is routgveriprt[.]com?

routgveriprt[.]com is one of many rogue websites online. Sites of this type share certain similarities. Relevant examples include highertpushs.com, mirox25.biz, windowsguidenews.com, etc. These web pages present visitors with dubious content and generate redirects to other untrustworthy/malicious websites.

Few users access routgveriprt[.]com intentionally, since most are redirected by intrusive advertisements or Potentially Unwanted Applications (PUAs) already present on the system. Once successfully infiltrated, PUAs cause redirects, run intrusive ad campaigns, and track sensitive data.

What is "Nonamenba"?

Nonamenba is a scam website group designed to promote dubious software. This variant endorses the Smart Mac Booster Potentially Unwanted Application (PUA). Users, who access these sites are presented with alarms about an alleged threat present on their device.

For removal of this fake virus, Nonamenba offers Smart Mac Booster. Note that no web page can detect threats/issues present on the system, and any claims to this effect cannot be trusted. Furthermore, apps promoted by these sites are often rogue and nonfunctional.

Deceptive/scam sites are commonly opened via redirects caused by intrusive advertisements or PUAs already infiltrated into the device.

What is AdLoad?

AdLoad is malicious software that targets macOS operating systems. It is capable of avoiding detection by built-in macOS security tools and a number of third party antivirus programs and other security suites of this type. Furthermore, it prevents victims from removing the software from operating systems.

AdLoad is adware-type malware that hijacks browsers and forces users to visit potentially malicious websites. This enables cyber criminals to generate revenue.

What kind of malware is Ninja?

Discovered by Jakub Kroustek and belonging to the Dharma/Crysis malware family, Ninja is a malicious program classified as ransomware. Ninja operates by encrypting data and demanding ransom payments for decryption.

During the encryption process, all files are appended with a unique ID (generated individually for each victim), the developer's email address, and the ".ninja" extension.

Therefore, "1.jpg" might appear as a filename similar to "1.jpg.id-1E857D00.[ninja777@cock.li].ninja" and so on for all compromised files. Once this process is finished, a text file ("FILES ENCRYPTED.txt") is created on the desktop and a pop-up window is displayed.

What is LogicalSearch?

LogicalSearch is endorsed as an application for enhancing the browsing experience. It is supposedly capable of providing fast searches, improved search results and similar. In fact, it acts as adware and runs advertisement campaigns - delivering intrusive, unwanted, and even harmful ads.

Adware-type apps commonly have data tracking abilities, which they use to monitor and gather browsing-related information. Due to the dubious methods used to distribute LogicalSearch, it is classified as a Potentially Unwanted Application (PUA).