Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is Exploit6?

Exploit6 is the name of ransomware designed to encrypt files, append the ".exploit6" extension to filenames of all encrypted files, and drop the "READMI.txt" file. Our malware researchers discovered Exploit6 while examining samples submitted to the VirusTotal website.

An example of how Exploit6 modifies filenames: it renames "1.jpg" to "1.jpg.exploit6", "2.png" to "2.png.exploit6", "3.exe" to "3.exe.exploit6", and so forth.

What kind of page is cimen[.]click?

After examining cimen[.]click, we found that this page runs the "McAfee - Your PC is infected with 5 viruses!" scam. It also wants to show notifications. Cimen[.]click is an untrustworthy page. We discovered it while inspecting other pages of this kind (pages that use rogue advertising networks).

What kind of software is Files Download Tool?

Files Download Tool is an application that supposedly allows users to keep track of downloads and manage or create new downloads. After testing this app, we found that it shows unwanted advertisements. For this reason, we classified Files Download Tool as adware. Our team discovered this browser extension on an untrustworthy page.

What kind of malware is 62IX?

After examining 62IX, we learned that it is ransomware that encrypts files, appends the ".62IX" extension to filenames, changes the desktop wallpaper, and creates the "КАК РАСШИФРОВАТЬ FILES.txt" file (a ransom note). Our team discovered 62IX while checking the VirusTotal page for recently submitted malware samples.

An example of how 62IX renames files: it changes "1.jpg" to "1.jpg.62IX", "2.png" to "2.png.62IX", "3.exe" to "3.exe.62IX", and so forth.

What is Cyber_Puffin ransomware?

Our research team discovered Cyber_Puffin during a routine inspection of new submissions to VirusTotal. This malicious program is classified as ransomware, a type of malware that encrypts data and demands payment for decryption.

After we launched a sample of Cyber_Puffin on our test machine, it encrypted files and appended their filenames with a ".Cyber_Puffin" extension, e.g., a file titled "1.jpg" appeared as "1.jpg.Cyber_Puffin", "2.png" as "2.png.Cyber_Puffin", etc.

Following the completion of this process, this ransomware changed the desktop wallpaper and created a text file named "Cyber_Puffin.txt", which contained the ransom-demanding message.

What kind of application is PowerSet?

While examining the PowerSet application, we noticed that various ads appear while this app is installed. Software that displays unwanted advertisements is called adware. Typically, users install software of this type unintentionally. We discovered PowerSet while inspecting deceptive websites.

What kind of page is antivirus-stability[.]com?

During a routine investigation of suspicious websites, our researchers discovered the antivirus-stability[.]com rogue page. It is designed to promote deceptive content; when we inspected antivirus-stability[.]com, it ran the "You've visited illegal infected website" scam. Additionally, this site pushes browser notification spam and can redirect visitors to other (likely untrustworthy/hazardous) sites.

Users typically access webpages like antivirus-stability[.]com via redirects caused by websites using rogue advertising networks.

What is EmailCheckToday?

While inspecting dubious software-promoting sites, our researchers discovered one advertising the EmailCheckToday browser extension. This piece of software is endorsed as an easy-access tool for email services.

Instead, we determined that EmailCheckToday operates as a browser hijacker - it modifies browser settings to promote fake search engines, and it spies on users' browsing activity.

What is No-Light?

While inspecting deceptive software-promoting websites, we discovered the No-Light browser extension. This piece of software is presented as a tool capable of creating a dark mode for simple design websites. However, our analysis revealed that No-Light operates as advertising-supported software (adware) instead.

What kind of page is securityservice-pc[.]com?

After inspecting the securityservice-pc[.]com page, we discovered that it runs the "McAfee - Your PC is infected with 5 viruses!" scam and asks for permission to deliver notifications. Our team encountered this site while examining pages that use rogue advertising networks. It is very uncommon for sites like securityservice-pc[.]com to be visited on purpose.