Virus and Spyware Removal Guides, uninstall instructions

What kind of application is GuideInfo?

GuideInfo is a rogue app discovered by our researchers during a routine investigation of new submissions to the VirusTotal website. After analyzing this software, we learned that it is adware from the AdLoad malware family. GuideInfo is designed to run intrusive advert campaigns.

What is ConnectedSource?

We have examined the ConnectedSource application and found that it is intended to display intrusive advertisements. Consequently, we have classified ConnectedSource as adware. Besides showing ads, this type of software can also collect various types of data. Thus, affected users should remove such apps from their computers.

What kind of email is "OUTFRONT Email Quarantine"?

After inspecting the "OUTFRONT Email Quarantine" message, we determined that it is spam. The fake notification alerts that an email failed to reach the recipient's inbox due to being withheld in quarantine. This mail lures users into providing their email log-in credentials to a phishing website.

What is "DHL Delivery Interrupted"?

We have inspected this email and found that it is a phishing letter masquerading as a notification from DHL (a legitimate logistics company). Emails of this type are typically employed to trick recipients into disclosing personal information to scammers. Recipients should ignore such emails to avoid potential negative outcomes.

What is OnlinePartition?

We have analyzed the OnlinePartition application and discovered that it is designed to serve annoying advertisements. For this reason, we have classified OnlinePartition as adware. In addition to displaying ads, software of this type can gather various data. Users should avoid installing apps like OnlinePartition on computers.

What kind of application is RecordInterface?

Our researchers found the RecordInterface application while browsing new submissions to the VirusTotal platform. Upon inspection, we determined that this app is adware belonging to the AdLoad malware family. Advertising-supported software is designed to run intrusive ad campaigns, typically by displaying advertisements on various interfaces.

What kind of application is PracticalEntry?

PracticalEntry is a rogue application discovered by our research team during a routine inspection of file submissions to VirusTotal. This app is advertising-supported software (adware), which is part of the AdLoad malware family. Adware is designed to generate revenue for its developers/publishers through advertising.

What kind of malware is LostInfo?

LostInfo is a ransomware-type program discovered by our researchers during a routine examination of new file submissions to the VirusTotal site. This malware encrypts data and demands ransoms for the decryption.

When we executed a sample of LostInfo on our test machine, it encrypted files and modified their filenames. Original titles were appended with a random ID and a ".lostinfo" extension. For example, a file initially named "1.jpg" appeared as "1.jpg.{06420628-F5F4-ECED-BAAA-BCC19668745C}.lostinfo". After the encryption process was finished, a ransom-demanding message titled "README.TXT" was created.

What is searchnukes.com?

We have inspected searchnukes.com and found that it is a fake search engine promoted via a browser extension that functions as a browser hijacker. Users should avoid using fake search engines and adding browser hijackers to browsers. Users who encounter searchnukes.com should remove it and the associated extension.

What kind of malware is GameCrypt?

Our research team discovered GameCrypt ransomware while reviewing new file submissions to the VirusTotal platform. This program is part of the GlobeImposter ransomware family. This malware encrypts data to demand payment for its decryption.

On our testing system, the names of files encrypted by GameCrypt were appended with a ".GameCrypt" extension. For example, a file initially titled "1.jpg" appeared as "1.jpg.GameCrypt", "2.png" as "2.png.GameCrypt", and so on for all of the locked files.

Following the completion of the encryption, GameCrypt dropped a ransom-demanding message named "how_to_back_files.hta".