Virus and Spyware Removal Guides, uninstall instructions

What is "Apple.com-repair-macbook.live"?

Apple.com-repair-macbook.live is one of many rogue websites that delivers deceptive content. Typically, visitors arrive at this site unintentionally - they are redirected to it by adware-type potentially unwanted apps (PUAs). Most users install these apps inadvertently. Once installed, they feed users with intrusive ads and track data relating to browsing activity.

What is "Hidden Bomb In The Building"?

"Hidden Bomb In The Building" is an email scam. There are many scams of this type, most of which are sextortion-type: they are used to trick people into believing that humiliating or compromising material (videos or photos) have been obtained and shared with all users on the recipient's contacts list.

Note, however, that "Hidden Bomb In The Building" differs, since it is categorized as a terrorist threat.

What is Chameleon Explorer Pro?

Chameleon Explorer Pro is presented as a high quality file/folder management tool. Judging on appearance alone, Chameleon Explorer Pro may seem legitimate and useful, however, this tool is categorized as a potentially unwanted application (PUA) and adware.

Be aware that this PUA is likely to infiltrate systems without users’ permission. Furthermore, Chameleon Explorer Pro delivers intrusive ads, gathers sensitive information, and proliferates other rogue apps.

What is IronHead?

Discovered by Michael Gillespie, IronHead is a computer infection that is likely to be a part of the Scarab ransomware family of viruses. Like most ransomware-type viruses, it is designed to prevent users from accessing their data by encryption. To recover their files, IronHead victims are encouraged to pay developers a ransom (purchase a decryption key).

Once encrypted, all affected files are renamed by adding the ".ironhead" extension. For example, "1.jpg" becomes "1.jpg.ironhead". IronHead also generates a ransom-demand message within "How to restore encrypted files.txt", and places the file in folders containing encrypted files.

What is UnblockAndRecover?

Malware security researcher, Jack, was the first to discover UnlockAndRecover, a ransomware-type computer infection that cyber criminals use to blackmail victims. There are many viruses of this type that lock (encrypt) files and keep them in that state until the ransom is paid.

Note, however, that UnlockAndRecover deletes files rather than encrypting them. Once a computer is infected, the virus generates a "Warning.txt" text file.

What is Djvu ransomware?

Djvu is a high-risk virus that belongs to STOP malware family. It was firstly discovered by Michael Gillespie. It is categorized as ransomware and designed to lock (encrypt) files using a cryptography algorithm.

Djvu renames each encrypted file by adding the ".djvu" or ".djvu*" extension (updated variants of this ransomware use ".djvuu", ".udjvu", ".djvuq", ".uudjvu", ".djvus", ".djuvt", ".djvur", and ".DJVUT" extensions for encrypted files). For example, "1.jpg" becomes "1.jpg.djvu" or "1.jpg.djvu*". All Djvu victims are provided with a ransom-demand message in a "_openme.txt" text file.

What is "A2 Trading Corp Email Virus"?

"A2 Trading Corp Email Virus" is a scam (spam email campaign) used by cyber criminals who attempt to trick recipients of the email to download and open an executable file. This then installs LokiBot, trojan-type malware that steals various personal/private data.

We strongly recommend that you ignore the "A2 Trading Corp Email Virus" email and avoid downloading or opening the presented malicious attachment.

What is "XMRig"?

XMRig is a legitimate open-source application that allows utilization of system CPU resources to mine cryptocurrency. Cyber criminals often misuse these tools to generate revenue in malicious ways. Here, we look at malware that combines a backdoor-tool called EmPyre with XMRig and allows cyber criminals to exploit infected systems to mine cryptocurrency.

What is bing.com?

bing.com is a well-known, legitimate search engine owned by Microsoft and is not associated with any viruses, malware, and so on.

Despite this, many browser hijackers, potentially unwanted applications (PUAs), promote bing.com to give the impression of legitimacy. Typically, users install apps of this type unintentionally. Once installed, they modify browser settings, deliver ads, and collect data relating to users' browsing activity.

What is severeweathercheck.com?

severeweathercheck.com is one of many fake search engines available and is promoted using the Severe Weather Check application. According to the developers, this site can track weather changes in a specific area when users enter a city or ZIP code.

This may seem to be a legitimate and useful app, however, it is classified as a browser hijacker and a potentially unwanted app (PUA). Users often install these apps unintentionally. Furthermore, once installed, Severe Weather Check collects browsing-related data and changes browser settings.