Virus and Spyware Removal Guides, uninstall instructions

What is watchonline[.]click?

Watchonline[.]click is a rogue site, designed to cause undesired redirects to unreliable sites as well as present untrustworthy/malignant content for user consumption. There are thousands of such rogue websites out there (for example, rembrandium.com, dreamteammyfriend.com, newsfrog.me, newsmagic.net, etc.) and they share many similarities in-between.

What is worthy of mention, is that few users happen upon watchonline[.]click willingly. Most are redirected from other dubious sites (precisely, through clicking intrusive adverts therein) or by having it force-opened by PUAs (potentially unwanted applications).

Often, to infiltrate systems said apps do not require explicit user permission. Once successfully installed, they cause unauthorized redirects, run invasive ad campaigns and track data.

What is BalkanRAT?

BalkanRAT is a malicious program that cyber criminals distribute together with another program of this type called BalkanDoor. As its name suggests, BalkanRAT is a remote access trojan (RAT).

If installed on a victim's computer, it allows cyber criminals to control the system remotely. BalkanDoor is a 'backdoor' trojan, which allows cyber criminals to control infected computers through the command line. If a virus detection engine has detected the presence of BalkanRAT and/or BalkanDoor on the operating system, remove these programs immediately.

What is Sguard?

Sguard is yet another high-risk ransomware infection discovered by Michael Gillespie. Sguard is designed to stealthily infiltrate computers and encrypt data so that developers can make ransom demands by offering paid recovery of files.

Sguard also appends the names of encrypted file with the ".sguard" extension (e.g., "sample.jpg" is renamed to "sample.jpg.sguard"). A text file ("SGUARD-README.TXT") containing a ransom-demand message is then created. Copies of this file are stored in most existing folders.

What is pushmehoney[.]com?

Pushmehoney[.]com is a rogue website, sharing many similarities with rumiceseeds.com, withingadvertly.pro, exclusivenotifications.com and thousands of others. Once entered, it redirects users to other untrustworthy sites or begins feeding users likewise unreliable, even malignant content.

It should be noted that intentional visits to this site are rare. Most visitors get redirecting to it, either by compromised sites (specifically, intrusive advertisements therein) or by PUAs (potentially unwanted applications). Often, these dubious applications are installed without express user permission.

Successfully within a system, they cause unauthorized redirects, deliver aggressive, invasive ad campaigns and gather information.

What is Stare?

Discovered by Michael Gillespie, Stare is a malicious program categorized as ransomware and belonging to the Djvu ransomware family. Ransomware is software that is used to encrypt files (denying access to them) and force victims to pay ransoms.

This ransomware creates a ransom message in the "_readme.txt" text file and renames all encrypted files by adding the ".stare" extension to the filenames. For example, "1.jpg" becomes "1.jpg.stare".

What is procontent[.]me?

procontent[.]me is a rogue website that is virtually identical to rembrandium.com, push4free.com, newsredir.com, and many others. The purpose of this site is to feed users with dubious content and redirect them to other rogue sites.

Most visitors arrive at procontent[.]me inadvertently - they are redirected by potentially unwanted applications (PUAs) or intrusive advertisements encountered on other rogue sites. PUAs infiltrate systems without users' consent, display intrusive advertisements, and track data.

What kind of malware is Vigorf?

Vigorf is the name of a threat that most virus detection engines recognize as a trojan, also known as Trojan Win32/Vigorf. It is not certain exactly how this trojan affects infected computer systems, however, it could be designed to perform a number of different actions. In any case, if detected, this malicious software should be removed immediately.

What is Your Template Finder?

Your Template Finder (not to be confused with Your Template Finder toolbar by Mindspark Interactive Network) is a browser hijacking that supposeldy allows download of various free templates and related content. It is accompanied by a fake search engine tool (search.searchytf.com).

Categorized as a PUA (potentially unwanted application), most users install Your Template Finder unintentionally. It operates by changing browser settings, forcing people to use its fake search engine, and tracking user data (specifically, monitoring and gathering information relating to browsing activity).

What kind of malware is Cetori?

Discovered by Michael Gillespie, Cetori is a high-risk ransomware-type infection that belongs to the Djvu family.

After successful infiltration, Cetori encrypts most stored files and appends filenames with the ".cetori" extension (e.g., "sample.jpg" becomes "sample.jpg.cetori"). Once encryption is complete, Cetori generates a "_readme.txt" file and stores copies in most existing folders.

What is PreApp?

PreApp is a browser hijacker, a potentially unwanted application (PUA), however, developers claims that it helps to browse the web more efficiently.

Typically, browser hijackers change browser settings, thereby promoting fake search engines. In this case, PreApp promotes searchnewworld.com. Before opening this site, however, it directs users through other dubious web addresses such as my-search.com and searchroute-1560352588.us-west-2.elb.amazonaws.com.