Virus and Spyware Removal Guides, uninstall instructions

What is facebook-info[.]com?

facebook-info[.]com is one of many rogue websites online. It shares similarities with robotornotchecks.online, tencecatche.info, lurunews.biz, and countless others. The site operates by presenting visitors with dubious and potentially harmful content. It also generates redirects to other untrustworthy and malicious sites.

Most users enter facebook-info[.]com through redirects caused by intrusive advertisements, or by Potentially Unwanted Applications (PUAs) already present on the device. Therefore, access to facebook-info[.]com and similar web pages is rarely intentional.

Note that PUAs do not need explicit user permission to infiltrate systems. They generate redirects, run ad campaigns, and track browsing related information.

What is carlbendergogo[.]com?

carlbendergogo[.]com is the address of a website that should be avoided. If opened, it redirects people to various other untrustworthy, deceptive websites.

Generally, people do not open websites such as carlbendergogo[.]com intentionally - they are redirected to them by potentially unwanted applications (PUAs) installed on their browsers and/or operating systems. PUAs often display ads and gather information. These apps are termed PUAs, since most people download and install them unintentionally.

What is "Stydbui"?

Stydbui is a family of scam websites, which operate by deceiving visitors into downloading/installing untrustworthy applications. This variation endorses the Smart Mac Booster Potentially Unwanted Application (PUA). Stydbui warns users of a virus, which it has supposedly detected on the MacOS (Mac Operating System).

Note, however, that no site can find issues/threats on users' devices: all such claims and problems detected are false. Software advertised on these web pages cannot be trusted - it is often bogus and nonoperational. Few visitors to Stydbui access it intentionally, most are redirected by PUAs already present on the system.

What is MetroPremium?

MetroPremium is adware, which is promoted as legitimate software that supposedly makes everyday web browsing easier.

In fact, it deploys advertisements and gathers information relating to web browsing activity. In most cases, people download and install apps such as MetroPremium inadvertently and, for this reason, they are classified as potentially unwanted applications (PUAs).

What is JayTHL?

Discovered by GrujaRS, JayTHL is malicious software classified as ransomware. It derives its name from malware researcher, JayTHL - this is an attempt at defamation and a personal attack from the developers of this ransomware.

Note that this researcher is not associated with this ransomware infection, however, his work in malware research has made him undesirable to cyber criminals. The JayTHL malicious program is designed to encrypt data and demand ransom payments for decryption.

During the encryption process, all files are renamed with the ".JayTHL" extension. For example, a file named "1.jpg" appears as "1.jpg.JayTHL", and so on for all affected files. Once this process is complete, many identical text files are created on the victim's desktop and in the encrypted folders.

Their filenames are variations of "F*ckYouJayTHL_HELP_ENCRYPTED_FILES.TXT" (without the * symbol), differentiated with numbers at the end of the titles (0, 1, 2, 3, 4, 5, etc.).

What is Nakw?

Nakw is one of many ransomware-type programs that belongs to the Djvu ransomware family. Its victims cannot access/use their files, since Nakw encrypts them with a strong encryption algorithm. Typically, people who have computers infiltrated by ransomware can only regain access to their files with decryption software and/or keys.

To obtain these, they must pay ransoms to cyber criminals. Nakw creates the "_readme.txt" file, which contains instructions about how to recover encrypted data. This ransomware also renames files by changing extensions to ".nakw". For example, "1.jpg" becomes "1.jpg.nakw".

What is a website sextortion scam?

Typically, scammers proliferate sextortion scams via email, however, in this case, they are implemented through hacked WordPress and Blogger accounts, which post scam messages on the homepages of various websites.

Once opened, the sites display posts stating that the visitor's computer is hacked and the camera was used to record a video, whereby the visitor can be seen watching a video on an adult website. Scammers behind these posts attempt to trick people by stating that they will distribute recorded videos unless victims pay the ransoms.

Never trust these scams, even if they are posted on legitimate blogging websites (such as hacked WebPress, Blogger pages) or elsewhere.

What is Worm?

Discovered by Michael Gillespie, Worm is a new variant of Paradise ransomware. It is designed to encrypt data and demand ransom payments for decryption. During the encryption process, all affected files are appended with a unique ID number, developer's email address, and the ".worm" extension ("[id-[victim's_ID]].[corpseworm@protonmail.com].worm").

For example, "1.jpg" might appear similar to "1.jpg[id-SSJXbLaK].[corpseworm@protonmail.com].worm". After encryption is complete, Worm creates an HTML file ("$%~-#_ABOUT_YOUR_FILES_#$=$$.html") and stores it on the desktop.

What is "Badmonday"?

Badmonday is a family of deceptive/scam websites, which operate using scare tactics to trick people into installing untrustworthy applications. This variation promotes Smart Mac Booster, which is classified as a Potentially Unwanted Application (PUA).

Badmonday warns visitors of viruses it has detected on the MacOS (Mac Operating System) and offers Smart Mac Booster for removal. Note that no website can detect threats/issues on devices. Therefore, any problem alerts displayed by these sites are fake.

Websites displaying these messages cannot be trusted - do not download or install software advertised on them. Applications endorsed by deceptive sites are often bogus and nonfunctional. Most visitors to Badmonday access it inadvertently - they are redirected by PUAs already present on the system.

What is lm?

Discovered by dnwls0719, Lm is ransomware that belongs to the Paradise ransomware family. It is designed to encrypt files and keep them inaccessible unless victims purchase a decryption tool from the cyber criminals (lm developers). This ransomware changes filenames of all encrypted files.

The name of encrypted files comprise "_Kim Chin lm_", the victim's ID, and ".lm" extension. For example, "1.jpg" might be renamed to "1.jpg_Kim Chin Im_{5zkVf2}.lm", and so on. lm also generates a ransom message within the "---==%$$$OPEN_ME_UP$$$==---.txt" text file.