Virus and Spyware Removal Guides, uninstall instructions

What is "Your apple id has been disabled!"?

"Your apple id has been disabled!" is the name of a tech-support scam used to steal users' Apple ID accounts. Scammers promote this scam through a deceptive, unofficial website disguised as a legitimate Apple web page.

Typically, visitors do not open this site intentionally - they are forced to visit it by potentially unwanted applications (PUA) installed on their systems. These apps often feed users with intrusive ads and collect browsing-related details.

What is "Mac.BackDoor.Siggen.20"?

Mac.BackDoor.Siggen.20 is the name of a malicious program that operates as a 'backdoor', allowing download and execution of malicious code from a remote server. This malware can be installed on MacOS and Windows Operating Systems. The Malware that infects Windows is called BackDoor.Wirenet.517. These malicious programs were discovered by Dr.Web security researchers.

What is "Qbit Mac Speedup"?

Qbit Mac Speedup is promoted as an optimization tool for Mac computers that fixes various errors, cleans MacOS systems, and makes them run faster. Note, however, that developers promote this app by bundling it into set-ups of other software. People often install these apps unintentionally and, therefore, Qbit Mac Speedup is categorized as a potentially unwanted application (PUA).

What is Fordan?

Belonging to the Djvu ransomware family, Fordan is a high-risk infection designed to infiltrate computers and encrypt stored data, thereby rendering it unusable. During encryption, Fordan appends names of encrypted files with the ".fordan" extension. I.e., "sample.jpg" is renamed to "sample.jpg.fordan". Additionally, Fordan creates a text file ("_readme.txt") and stores a copy in every existing folder.

What is "Placed a malware on the xxx streaming site"?

"Placed a malware on the xxx streaming site" is a typical scam which is distributed through a spam campaign (by sending bogus emails to many people). This particular campaign is categorized as a sextortion scam. Scammers who distribute it try to make recipients believe that humiliating material will be sent to other people unless they pay a specific cryptocurrency payment.

What is "Enter Windows registration key to unblock"?

"Enter Windows registration key to unblock" is the name of a technical support scam. Scammers use it to extort money from people, however, they can only do this if they are contacted in the first instance. Typically, websites of this type are opened by potentially unwanted apps (PUAs) installed on users' systems.

I.e., they are not generally opened intentionally by victims of this scam. In addition to these redirects, PUAs often serve users with intrusive advertisements and collect information relating to browsing habits.

What is page-ups.com?

page-ups.com is a common fake search engine that is promoted as supposedly useful and of value. It operates in the same way as other engines of this type. Some examples are internet-start.net, blpsearch.com, and funkystreams.com. Developers promote page-ups.com via rogue download/installation setups designed to modify browser settings.

What is search.heasyspeedtestapp.com?

Developers promote the Easy Speed Test App application as an internet performance testing tool that supposedly allows users to check internet connection speeds directly from their browsers. Unfortunately, it is also a potentially unwanted application (PUA), a browser hijacker.

Like most apps of this type, Easy Speed Test App promotes a fake search engine, search.heasyperformancetestapp.com, modifies browser settings, and gathers user-information.

What kind of malware is Win32/Malagent?

Win32/Malagent is a malicious program that is classified as a Trojan. Trojans are programs that steal personal details and confidential information, control computers remotely, proliferate other computer infections, and so on. Since Win32/Malagent is one of these rogue programs, it might cause serious problems and should, therefore, be uninstalled/removed immediately.

What is Recry1?

Discovered by Michael Gillespie, Recry1 is high-risk ransomware designed to stealthily infiltrate computers and compromise (encrypt) stored files. Additionally, Recry1 appends filenames with the ".recry1" extension (e.g., "sample.jpg" is renamed to "sample.jpg.recry1").

Encrypted data immediately becomes unusable. After successful encryption, Recry1 creates a text file called "decryption_help.txt" and places a copy in every existing folder.