Virus and Spyware Removal Guides, uninstall instructions

What is the "DUY THANH EXPORT" email virus?

Our team has examined this email and discovered that the cybercriminals behind it aim to trick recipients into opening the attached file. They pretend to be a company called "DUY THANH EXPORT & IMPORT CO .LTD" and claim that the file attached to this email is a purchase order. That file is malicious and likely to be used to deliver NanoCore RAT.

What kind of malware is Spark?

Spark is the name of ransomware discovered by MalwareHunterTeam. It is a type of malware that encrypts files to make them inaccessible until victims decrypt them with a tool purchased from the attackers. Also, it appends the ".Spark" extension to filenames and displays a pop-up window containing a ransom note.

An example of how Spark modifies filenames: it renames "1.jpg" to "1.jpg.Spark", "2.png" to "2.png.Spark", and so forth.

What kind of page is scanoclean[.]com?

During a routine inspection of dubious webpages, our research team discovered the scanoclean[.]com site. It is designed to promote deceptive material, push browser notification spam, and redirect visitors to different (likely questionable/malicious) websites. Most users access such pages via redirects caused by sites using rogue advertising networks.

What is "SYSTEM NOTIFICATION" email scam?

"SYSTEM NOTIFICATION" is the name of an email spam campaign. We found two practically identical variants of these emails. Both operate as phishing scams; they attempt to trick recipients into disclosing their email account log-in credentials by claiming that several messages have not reached the inbox and will be deleted soon - unless action is taken.

What kind of page is devicespam-shield[.]com?

While inspecting deceptive websites, we discovered the devicespam-shield[.]com rogue page. It promotes scams, pushes spam browser notifications, and redirects visitors to other (likely untrustworthy/malicious) sites. Users typically enter such pages via others that use rogue advertising networks.

What is Clear Search?

Clear Search is a rogue browser extension. After analyzing this piece of software, we learned that it is a browser hijacker. Clear Search operates by modifying browser settings to cause redirects to the clear-search.com fake search engine.

What kind of application is SearcheeBoo!?

After downloading and installing the SearcheeBoo! application, we learned that it is designed to hijack web browsers. This application forces users to browse the web with a fake search engine (searcheeboo.com). It promotes searcheeboo.com by changing the settings of a web browser.

What is ProgressionLegion?

ProgressionLegion is a rogue app that our researchers found while inspecting new submissions to VirusTotal. After analyzing this piece of software, we determined that it operates as adware and belongs to the AdLoad malware family.

What kind of page is push-detectors[.]com?

Push-detectors[.]com is an untrustworthy website that displays deceptive content to trick visitors into agreeing to receive notifications. Moreover, it redirects to other websites of this kind. Our team has discovered push-detectors[.]com while examining pages that use rogue advertising networks.

What kind of page is tacklingallas[.]com?

Tacklingallas[.]com is a rogue page that our researchers discovered while inspecting dubious websites. It operates by pushing browser notification spam and redirecting visitors to different (likely unreliable/malicious) sites. Most users typically enter webpages of this kind through redirects caused by sites using rogue advertising networks.