Virus and Spyware Removal Guides, uninstall instructions

What kind of page is nerybelfaste[.]xyz?

Nerybelfaste[.]xyz is a website designed to trick visitors into allowing it to show notifications. We have discovered it while analyzing pages that use rogue advertising networks (e.g., illegal movie streaming pages, torrent sites). Additionally, nerybelfaste[.]xyz redirects visitors to other shady websites.

What is FortSearch?

FortSearch is a piece of rogue software. After analyzing it, we determined that this extension operates as a browser hijacker. FortSearch makes alterations to browser settings in order to promote (by causing redirects to) the fortsearch.xyz fake search engine.

What kind of malware is WanaCray2023+?

WanaCray2023+ is ransomware that belongs to the Xorist ransomware family. We have discovered this variant while examining malware samples submitted to the VirusTotal website. It was found that WanaCray2023+ encrypts files and appends the ".WanaCray2023+" extension to their filenames.

Also, WanaCray2023+ changes the desktop wallpaper, displays a pop-up window and creates the "HOW TO DECRYPT FILES.txt" file (both contain a ransom note). An example of how WanaCray2023+ renames files: it changes "1.jpg" to "1.jpg.WanaCray2023+", "2.png" to "2.png.WanaCray2023+", and so forth.

What kind of application is Live-Secure?

Live-Secure is a browser hijacker that our team has discovered while examining questionable web pages. After installing this application, we found out that it hijacks a web browser by changing some of its settings to live-secure.xyz - it promotes a fake search engine.

What kind of page is news-jivuka[.]cc?

News-jivuka[.]cc is a rogue site designed to promote browser notification spam and redirect visitors to other (likely untrustworthy/malicious) webpages. Our research team discovered this page while inspecting websites using rogue advertising networks. Most users enter news-jivuka[.]cc and similar sites via redirects caused by webpages employing such advertising networks.

What is StreamTopSearch?

StreamTopSearch is a rogue browser extension. After analyzing it, our researchers determined that it operates as a browser hijacker. StreamTopSearch modifies browser settings to promote the streamtopsearch.com fake search engine.

What kind of page is scanandclean[.]xyz?

Our research team found the scanandclean[.]xyz rogue webpage during a routine inspection of untrustworthy sites. This page is designed to load deceptive content (scams), push spam browser notifications, and redirect visitors to different (likely untrustworthy/harmful) webpages.

Most users enter websites of this kind through redirects caused by pages using rogue advertising networks.

What kind of page is myauto[.]site?

We have discovered the myauto[.]site website while inspecting other pages that use rogue advertising networks. Myauto[.]site asks for permission to show notifications (it uses a clickbait technique to trick visitors into clicking the "Allow" button). Also, it redirects to an identical page.

What kind of scam is the "Salvation Army" email scam?

We have examined this email and concluded that it is used to steal credentials. It contains an attachment designed to open a page asking to provide email, phone or Skype, and password. This site is disguised as a letter from The Salvation Army, an evangelical protestant Christian church in Australia.

What is "Email Shutdown In Progress" email scam?

After inspecting the "Email Shutdown In Progress" email, we determined that it is spam. This fake letter threatens that the recipient's email account is pending deactivation. The goal of this mail is to trick users onto providing their email account's log-in credentials to a phishing website.