Virus and Spyware Removal Guides, uninstall instructions

What is OriginalScheduler?

Our researchers discovered OriginalScheduler during a routine inspection of new submissions to VirusTotal. After analyzing this application, we learned that it operates as advertising-supported software (adware) and belongs to the AdLoad malware family.

What kind of software is OnlineClient?

OnlineClient is an advertising-supported application. The purpose of this app is to generate annoying advertisements. Our team has discovered OnlineClient while examining deceptive websites. Typically, apps of this type are promoted and distributed using deceptive methods.

What kind of malware is Dfwe?

We discovered Dfwe while examining malware samples submitted to VirusTotal. It is ransomware - malware that encrypts files and demands payment for their decryption. Dfwe appends the ".dfwe" extension to filenames and creates the "_readme.txt" file (a ransom note). We also found that Dfwe is part of the Djvu ransomware family.

An example of how Dfwe modifies filenames: it renames "1.jpg" to "1.jpg.dfwe", "2.jpg" to "2.jpg.dfwe", and so forth.

What kind of page is primerewardz[.]com?

Primerewardz[.]com is a shady website that asks for permission to show notifications and redirects to a scam website (and possibly other untrustworthy pages). Our team discovered it during an analysis of pages that use rogue advertising networks (e.g., illegal movie streaming pages, torrent sites).

What is TrackFrequency?

TrackFrequency is a rogue app, which we discovered while inspecting new submissions to VirusTotal. After analyzing this piece of software, we determined that it is adware, and that it belongs to the AdLoad malware family.

What kind of scam is "Mail Delivery Successful"?

Our team has examined this email and concluded that the scammers behind it aim to trick recipients into providing passwords. This email is disguised as a letter from the email service provider. It contains a link to a phishing page asking to provide login credentials (email address and password).

What kind of browser extension is reuse tab?

Our research team found the reuse tab browser extension while inspecting suspicious download webpages. We installed this piece of software onto our test machine, and based on its description in Chrome - we can surmise that this extension promises to save visited URLs for easy access in the future. After analyzing reuse tab's behavior, we determined that it operates as adware.

What is "MICROSOFT WINDOWS With Pre-installed Mcafee"?

During a routine inspection of deceptive websites, our researchers discovered "MICROSOFT WINDOWS With Pre-installed Mcafee". After inspecting it, we determined that this content operates as a technical support scam with phishing elements. The former attempt to trick users into calling fake helplines and allowing the scammers to access their devices remotely. While the latter is designed to extract sensitive information from visitors.

It must be emphasized that this scam is in no way associated with the Microsoft Corporation, McAfee Corp., or any other legitimate entity.

What is Strongix.exe?

Strongix.exe is a piece of malicious software, which our research team discovered while looking through fake "cracked" software download sites. This malware operates by force-opening various untrustworthy and malicious websites. It is not unlikely that Strongix.exe has additional harmful abilities as well.

What kind of malware is KurayStealer?

KurayStealer is the name of a malware builder that we found promoted on Discord. KurayStealer has the ability to steal passwords and capture screenshots. It is written in the Python programming language. We also learned that there are free and paid versions of the KurayStealer malware builder (the second paid version has additional features/extended capabilities).