Virus and Spyware Removal Guides, uninstall instructions

What is PC CleanUp 2018?

PC CleanUp 2018 is a dubious application that claims to remove computer infections and optimize the system.

Judging on appearance alone, PC CleanUp 2018 may seem legitimate and useful, however, it often infiltrates systems without permission (developers distribute it using the "bundling" method). Therefore, PC CleanUp 2018 is categorized as a potentially unwanted application (PUA).

What is CryptoJoker?

CryptoJoker is a ransomware-type virus that encrypts various files (for example, .txt, .doc, .docx, .ppt, etc.) stored on victims' computers.

All files are encrypted using AES-256 encryption, and once successfully encrypted, victims are presented with a message stating that they are required to pay a ransom in bitcoins (otherwise the files will remain permanently decrypted). CryptoJoker is distributed as a .PDF file and, therefore, is often proliferated as an email attachment.

What is ExecutionerPlus?

Recently discovered by MalwareHunterTeam, ExecutionerPlus is a ransomware-type virus based on CryptoJoker. Once infiltrated, ExecutionerPlus encrypts most stored data and appends the "pluss.executioner" or ".destroy.executioner" extension to the name of each file.

For example, "sample.jpg" is renamed to "sample.jpgpluss.executioner" or "sample.jpg.destroy.executioner". Immediately after encryption, ExecutionerPlus places an HTML file ("Readme.html") on the desktop. Note that this malware is still in development and, thus, might contain bugs.

What kind of malware is BlueEagle?

BlueEagle is a ransomware-type virus discovered by malware security researcher, Michael Gillespie. Once infiltrated, BlueEagle encrypts various files and appends the filenames with the ".SaherBlueEagleRansomware" extension.

For instance, "sample.jpg" is renamed to "sample.jpg.SaherBlueEagleRansomware". BlueEagle then opens a pop-up window and changes the desktop wallpaper.

What is ONI?

ONI is a ransomware-type virus discovered by MalwareHunterTeam. After infiltration, ONI encrypts most stored files. In addition, it renames them using the "[random_letters_and_digits].ONI" pattern. For instance, "sample.jpg" might be renamed to a filename such as "AE6966EA6F736F667420454411652E6C6E6B.ONI".

Once encrypted, data immediately becomes unusable and indistinguishable. Furthermore, ONI generates a text file ("RESTORE_ONI_FILES.txt") and places a copy in every existing folder.

What is BID PURCHASE DOCUMENT?

"BID PURCHASE DOCUMENT" is a spam email campaign used to proliferate a trojan-type virus called FormBook. It is very similar to Swisscom Email Virus, Complaint Email Virus, AT&T Invoice Email Virus, and many others.

As usual, criminals send hundreds of emails that contain deceptive messages encouraging users to open attachments, however, the attached Microsoft Office documents download and install malware - opening them results in infiltration of FormBook.

What is Swisscom Email Virus?

"Swisscom Email Virus" is a spam email campaign similar to Complaint Email Virus, DHL Email Virus, AT&T Invoice Email Virus, and many others. Cyber criminals use this campaign to distribute a high-risk trojan called Ursnif. They send thousands of emails that contain false invoices and encourage users to visit links to view them. This, however, results in system infection.

What is Mac Heal Pro?

Developers present Mac Heal Pro as a great tool to clean the system and optimize performance.

Judging on appearance alone, Mac Heal Pro may seem legitimate and useful, however, this dubious app often infiltrates systems without users’ permission - developers distribute it using a deceptive marketing method called "bundling". Therefore, Mac Heal Pro is categorized as a potentially unwanted application (PUA).

What is Counterflix?

Counterflix is a deceptive application identical to Gostify. Both offer functionality (DNS services) providing access to various websites restricted in the user's country. This application may seem legitimate, however, it is classed as a potentially unwanted program (PUP) and adware.

There are three main reasons for these negative associations: stealth installation without users' consent, tracking of the Internet browsing activity, and display of intrusive online advertisements.

What is WARNING WITHOUT ANTIVIRUS, YOUR SYSTEM IS AT HIGH RISK?

Similar to Website You Visited Infected Your Mac With A Virus, Apologies For Interruption!, You Mac May Be Infected By A Virus!, and many others, "WARNING WITHOUT ANTIVIRUS, YOUR SYSTEM IS AT HIGH RISK" is a fake error message delivered by various deceptive websites.

Research shows that users typically visit these sites without consent, since they are redirected by potentially unwanted applications (PUAs) and intrusive advertisements (displayed on other rogue sites).

Furthermore, potentially unwanted applications usually infiltrate systems without permission and, as well as causing redirects, gather sensitive information and deliver intrusive advertisements.