Virus and Spyware Removal Guides, uninstall instructions

What is "apple.com-mac-booster[.]live"?

apple.com-mac-booster[.]live is a deceptive website that is designed to promote the CleanupMy-Mac application. It is deceptive, since it displays a fake virus alert message stating that the visitor's computer is infected (this is false). It encourages visitors to remove viruses using the aforementioned application.

Typically, websites of this type are opened by potentially unwanted apps (PUAs) installed on browsers. As well as redirects to deceptive web pages, most PUAs deliver ads and gather data.

What is "Fake Calculator"?

Related to MacSecurityPlus, Fake Calculator is malicious application that claims to be the genuine MacOS calculator.

This app does not change browser settings, however, as long as it is installed, it redirects people who attempt to surf the web using their browsers to bing[.]com, goto-searchitnow, and under-cover[.]info. It is impossible to avoid being redirected to these search engines unless this fake calculator is uninstalled.

What is Win32/Zpevdo?

Win32/Zpevdo is high-risk trojan designed to modify Windows Firewall settings. This malware typically infiltrates systems when another trojan is installed (a result of "chain infections") or when users visit malicious websites. The presence of Win32/Zpevdo trojan makes the system more vulnerable to other infections.

What is "Xerox Color Workstation Email Virus"?

"Xerox Color Workstation Email Virus" is the name of a spam campaign, designed by cyber criminals to proliferate a malicious program, a keystroke logger called Hawkeye. 

The main purpose of the email issued by this campaign is to trick people into opening the attached file, which infects computers with the aforementioned malware. We strongly recommend that you ignore this email and leave the attachment unopened.

What is renropsitto[.]info?

The internet is flooded with websites similar to renropsitto[.]info including, for example, Pushnews[.]online, txtnews[.]online, and watch-this[.]live. These are just some examples from many. Most of these sites are virtually identical. Once visited, they display untrustworthy content or open other dubious websites.

Typically, people do not visit these sites intentionally - they are redirected to them by potentially unwanted applications (PUAs) installed on their systems. Additionally, these apps often operate as information tracking tools and feed users with unwanted ads.

What is ticeroftertal[.]info?

ticeroftertal[.]info is a rogue website that has the same purpose as pushnews[.]online, txtnews[.]online, watch-this[.]live, and many other websites of this type.

Once visited, it redirects users to websites that cannot be trusted or displays dubious content. Typically, people are forced to visit these websites when they have potentially unwanted applications (PUAs) installed on their browsers. PUAs often deliver intrusive ads and record information.

What is "PayPal account is on hold"?

The "PayPal account is on hold" scam is presented on a deceptive website that should not be trusted. Scammers use it to steal PayPal accounts.

Typically, people end up visiting websites of this type due to potentially unwanted applications (PUAs) installed on their browsers or operating systems. In addition to unwanted redirects, PUAs often serve users with intrusive advertisements and collect information relating to browsing habits.

What is wal?

wal is high-risk ransomware that belongs to the Dharma ransomware family. This malware stealthily infiltrates the system and encrypts most stored files, thereby rendering them impossible to use. It is also appends filenames with the victim's unique ID, developer's email address, and ".wal" extension.

For example, "sample.jpg" might be renamed to a filename such as "sample.jpg.id-1E857D00.[decryptdocs@protonmail.com].wal". Once the encryption process is finished, wal opens a pop-up window and stores a "FILES ENCRYPTED.txt" file on the desktop.

What is 1 Click PDF?

1 Click PDF (also known as 1ClickPDF) is promoted as a file conversion app capable of converting virtually any file format to PDF.

It is promoted as a useful and legitimate tool, however, 1 Click PDF is categorized as a potentially unwanted (adware-type) application (PUA) and adware. It changes browser settings, feeds users with ads, and gathers information. Do not trust or use the 1 Click PDF converter.

What is Forasom?

Belonging to the Djvu ransomware family, Forasom is a high-risk infection designed to encrypt victims' data and make ransom demands. During encryption, Forasom appends filenames with the ".forasom" extension (e.g., "sample.jpg" is renamed to "sample.jpg.forasom").

As with other Djvu variants, Forasom also creates a text file called "_readme.txt" and stores a copy in each existing folder.