Virus and Spyware Removal Guides, uninstall instructions

What kind of application is ArchievesOriginal?

ArchievesOriginal is an application that generates intrusive advertisements. It is an advertising-supported app (adware). Our team discovered ArchievesOriginal while examining websites claiming that some of the installed software is outdated. Like most advertising-supported apps, ArchievesOriginal is promoted and distributed using shady methods.

What kind of page is allcontrolpc[.]com?

While checking out suspicious websites, our research team discovered the allcontrolpc[.]com rogue page. It runs scams, promotes spam browser notifications, and causes redirects to different (likely unreliable/harmful) sites.

Allcontrolpc[.]com and pages akin to it are typically entered via redirects caused by websites that use rogue advertising networks.

What is Searchpoweronline.com?

Searchpoweronline.com is both the name of a browser hijacker and the URL of a fake search engine. This software makes modifications to browsers in order to promote illegitimate search engines. Furthermore, the Searchpoweronline.com browser hijacker likely spies on users' browsing activity.

What is CrownVanirty?

CrownVanirty is a piece of rogue software that our researchers discovered during a routine inspection of new submissions to VirusTotal. We determined that this application operates as advertising-supported software (adware) and belongs to the AdLoad malware family.

What kind of page is finchi[.]click?

During the examination of the finchi[.]click page, we found that it runs the "McAfee - Your PC is infected with 5 viruses!" scam and wants to show deceptive notifications. The purpose of this site is to trick visitors into purchasing an antivirus subscription. This page should be ignored. None of the messages displayed by it are real.

What kind of page is defense-software[.]com?

Defense-software[.]com is a rogue webpage our researchers discovered while inspecting new submissions to VirusTotal. It promotes online scams, pushes browser notification spam, and redirects visitors to other (likely dubious/malicious) sites.

Users typically enter defense-software[.]com and similar webpages through redirects caused by websites that use rogue advertising networks.

What kind of scam is "Un-Received Incoming Emails"?

We examined this email and learned that it is composed by scammers who aim to trick recipients into providing sensitive information. This email is disguised as a letter from an email service provider regarding pending emails. This and similar emails should be ignored.

What is Smartbase?

While inspecting suspicious websites, our research team discovered the Smartbase rogue browser extension. After we inspected this piece of software, we determined that it operates as a browser hijacker. Smartbase modifies browser settings in order to promote the legitimate Bing search engine (bing.com). Additionally, this extension collects sensitive information.

What kind of application is AdminPerformance?

While testing the AdminPerformance application, we found that its purpose is to bombard users with intrusive advertisements. Therefore, we classified AdminPerformance as adware. Our team discovered this advertising-supported app after using a fake installer downloaded from an untrustworthy website.

What is Trg ransomware?

Our researchers found the Trg ransomware-type program while checking out new submissions to VirusTotal. This program encrypts data and demands payment for the decryption; it also belongs to the Xorist ransomware family.

After we launched a sample of Trg on our test machine, it encrypted files and appended their names with a ".trg" extension. For example, an original filename like "1.jpg" appeared as "1.jpg.trg", "2.png" as "2.png.trg", etc.

Once this process was completed, a ransom note was displayed in a pop-up window and created in a text file titled "КАК РАСШИФРОВАТЬ ФАЙЛЫ.txt". This message was in Russian, and it is worth mentioning that if the system does not have the Cyrillic alphabet - the text in the pop-up will be unreadable.