Virus and Spyware Removal Guides, uninstall instructions

What is Smart Application Controller?

Smart Application Controller is a rogue application that supposedly allows users to update other installed programs. This functionality may seem legitimate and useful, however, this app typically infiltrates systems without permission. Furthermore, it delivers intrusive advertisements and gathers various information.

For these reasons, Smart Application Controller is categorized as a potentially unwanted program (PUP) and adware.

What kind of malware is FOX?

Discovered by MalwareHunterTeam, FOX is a new variant of high-risk ransomware called Matrix. Developers proliferate this malware using Remote Desktop Service - they hijack victims' computers and install FOX manually.

Once infiltrated, FOX encrypts most stored data and renames files using the "[developer's_email].[random_characters].FOX" pattern (e.g., "sample.jpg" might be renamed to a filename such as "[PabFox@protonmail.com ].3qAbTbsd-RgfExin0.FOX"). Once encrypted, data becomes unusable and indistinguishable.

In addition, FOX performs a number of other malicious actions, including deletion of File Shadow Volume Copies and removal of Windows Recovery Startup. After performing these functions, FOX generates a text file ("#FOX_README#.rtf") and places a copy in every existing folder. Additionally, FOX ransomware changes victim's desktop wallpaper.

What is Xorist?

Xorist (EnCiPhErEd) is a family of ransomware-type malware. After stealth system infiltration, ransomware from this family encrypts various files stored on the computer and adds one of the following extensions to each encrypted file: ....VeraCrypt_System_Error2019-You_need_to_make_payment_in_maxmin_24_hours_if_you_dont_the_decryptor_license_will_be_deleted_this_is_not_a_joke, .NEED-TO-MAKE-PAYMENT-OR-ALL-YOUR-FILLES-WILL-BE-DELETED-CRITICAL-SITUATION-URGENT-ATTENTION-24-HOURS-TO-PAY-OR-EVERYTHING-WILL-BE-PERMANENTLY-DELETED-FOREVER, .mbrcodes, ...DATA_IS_SAFE_YOU_NEED_TO_MAKE_THE_PAYMENT_IN_MAXIM_24_HOURS_OR_ALL_YOUR_IMPORTANT_FILES_WILL_BE_LOST_FOREVER_PLEASE_BE_REZONABLE_IS_NOT_A_JOKE_TIME_IS_LIMITED, .PrOtOnIs, ...Files-Frozen-NEED-TO-MAKE-PAYMENT-FOR-DECRYPTOR-OR-ALL-YOUR-FILES-WILL-BE-PERMANENLTY-DELETE, .cryptedx, .CerBerSysLocked0009881, ....error77002017111, .Blocked2, .TaRoNiS, .Cerber_RansomWare@qq.com, .hello, .brb, .RusVon, .fast_decrypt_and_protect@tutanota.com, .xdata, .SaMsUnG, .zixer2, .antihacker2017, .error, .errorfiles, .@EnCrYpTeD2016@, .pa2384259, .encoderpass, .fileiscryptedhard, .6FKR8d, .EnCiPhErEd, .73i87A, .p5tkjw, .PoAr2w, .xwz, .ava or .DECRYPT-ID-[victim's_ID].

After encrypting the files, this ransomware creates a 'How to Decrypt Files.txt text file on the victim's desktop. The file contains a message stating that the files can only be restored by paying a ransom.

The victim is then encouraged to contact cyber criminals by SMS and using a phone number provided. It is stated that victims have a limited number of attempts to send an SMS message with the specified text. This number diminishes each time the victim sends an SMS with text that does not conform to a pattern provided within the 'How to Decrypt Files.txt' file.

What is Advanced Mac Tuneup?

Advanced Mac Tuneup is a dubious application that claims to enhance system performance by optimizing and removing all threats/malware.

Initially, Advanced Mac Tuneup may seem legitimate, however, developers promote this app using a deceptive marketing method called "bundling", and thus it often infiltrates systems without permission. Therefore, Advanced Mac Tuneup is categorized as a potentially unwanted application (PUA).

What is Mp3tag?

Mp3tag is a legitimate application that allows users to to modify the metadata of various data files. As it is open-source, however, in some cases, Mp3tag is categorized as adware and a potentially unwanted application (PUA).

This is because criminals modify the original source code by inserting additional scripts, thereby making Mp3tag generate intrusive advertisements and record user-system information. These variants typically infiltrate systems without users' permission.

What is searchfort.online?

searchfort.online is a fake search engine that, according to the developers, enhances the browsing experience by generating improved results.

Initially, searchfort.online may appear legitimate and useful, however, this site is promoted using a browser-hijacking application called Search App. Furthermore, searchfort.online and Search App continually record user-system information relating to browsing activity.

What is Here Is Your Fax Email Virus?

"Here Is Your Fax Email Virus" is another spam email campaign used to distribute the Hancitor trojan. As usual, cyber criminals send thousands of emails containing deceptive messages encouraging users to open attached files. This is an attempt to trick unsuspecting users into opening files that download and install Hancitor onto the system.

What is wpformb.com?

wpformb.com is another rogue website designed to redirect visitors to other untrustworthy sites. There are many rogue sites similar to this one.

Some examples are shalledinition.club, linkrevdownload.xyz, and adxml.click Most users arrive at wpformb.com unintentionally - they are redirected by potentially unwanted programs (PUPs) that are installed without users' consent. Furthermore, PUPs deliver intrusive ads, misuse computer resources, and collect information.

What is Company Complaint Email Virus?

"Company Complaint Email Virus" is a spam email campaign similar to Microsoft Rights Management Email Virus, PayPal Email Virus, and many others.

Cyber criminals use this campaign to proliferate a trojan called TrickBot. As usual, cyber criminals send thousands of deceptive email messages that encourage users to open malicious Microsoft Word documents that stealthily download and install TrickBot into the system.

What is KeePass?

KeePass is a legitimate open-source password management application. This is a free app that can be downloaded from its official website, however, since KeePass is open source, cyber criminals have released a number of malicious versions.

The original source code has been modified so that KeePass can track sensitive information and deliver intrusive advertisements. Therefore, in some cases, KeePass is classed as a potentially unwanted program (PUP) and adware.