Virus and Spyware Removal Guides, uninstall instructions

What is "Coloquei malware no site adulto" email?

"Coloquei malware no site adulto" ("I put malware on the adult site") is an email scam targeting Portuguese users. The scheme uses the sextortion scam model to extort money from recipients through blackmailing them with threats to expose their sexual activity.

The message claims that the user's device has been hacked and exploited to obtain compromising material (via the webcam). It warns victims that should they fail to pay a specified sum, this content will be publicized. "Coloquei malware no site adulto" is simply a scam, the alleged material (videos) does not exist, and the user's system has not been infected.

What is piolo.xyz?

piolo.xyz is the address of a fake search engine that is promoted through potentially unwanted applications (PUAs): browser hijackers called CERX and Dorss APP. It is also very likely that there are other apps of this type that promote this fake search engine.

CERX is related to QIP (another browser hijacker). Typically, browser hijackers promote fake search engines by changing certain browser settings, and most gather information relating to users' browsing habits.

What is Pashka?

Pashka is malicious program categorized as ransomware. It is designed to encrypt the data of infected devices and demand payment for decryption tools. It is distributed via a hacked YouTube account called 'Noted'. YouTuber Noted has released a video, stating that his account account has been hacked.

The infection spreads through a link in the description of a video entitled "Malwarebytes 4.0.4 Premium Key Cracked 2020 Protect Yourself". The link redirects to a cloud storage site from which an archived malicious executable file can be downloaded. The "cracking" (illegal activation) instructions inform users that they must disable all anti-virus software.

As Pashka encrypts, files are appended with the ".pashka" extension. For example, "1.jpg" would appear as "1.jpg.pashka", and so on for all affected files. After this process is complete, a text file ("HELP_ME_RECOVER_MY_FILES.txt") is stored on the desktop.

What is applecomsupport[.]com?

Identical to applesupportofficial.com, applecomsupport[.]com is a deceptive website that claims visitors' devices are infected and/or at risk. It advises them to contact a fake Apple support service - this 'service' actually leads to the designers of this scam.

Most visits to applecomsupport[.]com occur via redirects caused by intrusive ads or Potentially Unwanted Applications (PUAs) already infiltrated into the system. Unwanted apps have many dangerous capabilities including force-opening untrustworthy/malicious web pages, delivery of intrusive ad campaigns and data tracking.

What is Daily Online Manuals?

As the name suggests, Daily Online Manuals supposedly provides various online manuals, however, this app is categorized as a browser hijacker and is designed to promote the address of a fake search engine (search.dailyonlinemanualstab.com) by changing browser settings.

It also gathers details relating to users' browsing habits. Note that browser hijackers are classed as potentially unwanted applications (PUAs) because people do not usually download or install them intentionally.

What is Roll Safe?

Discovered by S!Ri, Roll Safe encrypts and renames victims' files, and displays a ransom message in a pop-up window. Roll Safe also renames encrypted files by appending the ".encrypted" extension to filenames. For example, "1.jpg" becomes "1.jpg.encrypted", and so on.

What is Bablo?

Part of the Phobos malware family, Bablo is a malicious program classified as ransomware. It operates by encrypting data and demanding ransom payments for decryption. During the encryption process, files are renamed with a unique ID, the developer's email address and the ".bablo" extension.

For example, "1.jpg" might appear similar to "1.jpg.id[1E857D00-2569].[symetrikk@protonmail.com].bablo", and so on for all affected files. After this process is complete, two files ("info.hta" and "info.txt") are created on the desktop. Both contain ransom messages.

What is Converter King?

Converter King is a potentially unwanted application (PUA), a browser hijacker that supposedly operates as an online file converter. In fact, it promotes a fake search engine (search.converterkingtab.com) by changing browser settings and recording browsing data. In most cases, people download and install browser hijackers and other PUAs inadvertently.

What is "Cyber attack from Iran Government" email?

Discovered by Michael Gillett, "Cyber attack from Iran Government" is the title of an email scam that steals the log-in credentials of users' Microsoft accounts. This phishing scam claims that Microsoft servers have experienced a cyber attack, and therefore users' accounts have been locked to protect their email accounts and data integrity.

This fake cyber attack supposedly originated from Iran, which the designers of this scheme have chosen due to tensions present between the United States and Iran. The "Cyber attack from Iran Government" email scam was devised following warnings issued by the US government concerning potential cyber attacks from Iran.

What is Snake?

Snake ransomware was discovered by MalwareHunterTeam. Research shows that cyber criminals behind it target business networks.

Snake is designed to encrypt files stored on all computers within a network using the AES-256 and RSA-2048 cryptographic algorithms. It also creates a ransom message within a file called "Fix-Your-Files.txt". Most ransomware-type programs rename encrypted files by appending an extension to the filenames, however, Snake does not change filenames in any way.