Virus and Spyware Removal Guides, uninstall instructions

What kind of page is snapinterruptfilesave[.]com?

Snapinterruptfilesave[.]com is a rogue page discovered by our research team during a routine investigation of suspicious websites. It operates by promoting dubious content and browser notification spam. Additionally, the webpage can redirect users elsewhere (likely unreliable/malicious) sites.

Most visitors to snapinterruptfilesave[.]com and analogous pages enter them via redirects produced by websites that employ rogue advertising networks.

What kind of application is Klio Verfair Tools?

While analyzing a rogue installer, our researchers discovered the "Klio Verfair Tools" PUA (Potentially Unwanted Application). This app is designed to infiltrate the Legion Loader malware into systems.

At the time of research, Klio Verfair Tools was installed together with another PUA called SumatraPDF. It is noteworthy that installation setups carrying software like Klio Verfair Tools often include additional suspicious/harmful programs.

What kind of malware is P*zdec?

While investigating new file submissions to the VirusTotal website, our research team discovered the P*zdec ransomware (the asterisk stands for the letter "i", and it will be censored in this manner throughout this article). This malicious program is part of the GlobeImposter ransomware family.

On our test machine, this ransomware encrypted files and added a ".p*zdec" extension to their names. For example, an original filename like "1.jpg" became "1.jpg.p*zdec", "2.png" – "2.png.p*zdec", etc. Once this process was finished, a ransom note – "how_to_back_files.html" – was created.

What kind of malware is Louis?

While investigating new submissions to the VirusTotal platform, we discovered the Louis ransomware. It operates by encrypting files and demanding payment for the decryption.

On our test machine, Louis ransomware encrypted files and appended their names with a ".Louis" extension. For example, a file initially titled "1.jpg" appeared as "1.jpg.Louis", "2.png" as "2.png.Louis", and so on for all of the affected files.

After the encryption process was concluded, this ransomware changed the desktop wallpaper and created a ransom note in a text file named "Louis_Help.txt". It also displayed a full-screen message before the user log-in screen.

What kind of page is spinefreeads[.]top?

Spinefreeads[.]top is a rogue page discovered during a routine investigation session of suspicious websites. Upon inspection, we determined that this webpage promotes browser notification spam and generates redirects to other (likely untrustworthy/dangerous) sites.

Most visitors enter pages like spinefreeads[.]top via redirects caused by websites that employ rogue advertising networks.

What kind of email is "Avoid Getting Locked Out"?

After examining this "Avoid Getting Locked Out" email, we determined that it is spam. This message warns the recipient that they can get locked out of their account if they do not re-authenticate it. The email promotes a phishing website targeting email log-in credentials.

What kind of email is "Capital One - Purchase Was Charged To Your Account"?

Our inspection of the "Capital One - Purchase Was Charged To Your Account" email revealed that it is spam. This fake message alerts recipients of a purchase made with their account – thus, the email lures them into revealing their log-in credentials to a phishing website.

It must be emphasized that the claims made by the email are false, and this mail is not associated with the actual Capital One Financial Corporation.

What kind of page is connectscreen[.]xyz?

We have inspected connectscreen[.]xyz and determined that it uses clickbait, a misleading technique, to trick users into agreeing to get its notifications. If connectscreen[.]xyz has permission to show notifications, it promotes various scams, unwanted apps, and similar content. Users should not trust connectscreen[.]xyz.

What kind of page is jenonubaz[.]sbs?

In our analysis, we found that jenonubaz[.]sbs displays a deceptive message to obtain permission to show notifications. If such permission is granted, jenonubaz[.]sbs delivers fake alerts and other misleading notifications. This can expose users to scams and other online threats. Thus, jenonubaz[.]sbs should be avoided.

What kind of page is gerqrg[.]click?

Gerqrg[.]click is a rogue page discovered by our researchers during a routine investigation of suspect websites. After examining this webpage, we learned that it endorses browser notification spam and generates redirects to different (likely untrustworthy/hazardous) sites.

Most visitors access gerqrg[.]click and analogous pages via redirects produced by websites that utilize rogue advertising networks.