Virus and Spyware Removal Guides, uninstall instructions

What is Dark It Online?

Our researchers found the Dark It Online browser extension during a routine inspection of dubious download web pages. After analyzing it, we determined that this piece of software operates as adware.

Unlike most adware-types, the feature promised by Dark It Online - enabling dark mode for websites - is operational. However, that does not negate the fact that this browser extension endangers device/user safety.

What is WireNavigate?

WireNavigate is a rogue app, which our research team discovered while inspecting new submissions to VirusTotal. After analyzing this application, we determined that it operates as advertising-supported software (adware) and belongs to the AdLoad malware family.

What is the "Your Antivirus Has Expired" scam?

While inspecting deceptive websites, our researchers found the "Your Antivirus Has Expired" scam. We discovered two practically identical variants of it. Both claim that the McAfee anti-virus subscription has expired and urges users to renew it.

Usually, schemes of this type endorse untrustworthy and harmful software; however, our inspection uncovered that this scam does redirect to the official McAfee website. However, we must emphasize that "Your Antivirus Has Expired" itself is not associated with the McAfee Corp.

What kind of email is "ShenZhen A&E"?

After analyzing the "ShenZhen A&E" email, our research team determined that it is spam intended to infect recipients' devices with malware.

This letter claims that a massive sum has been transferred to the recipient's bank account and requests them to consult the attached payment slip. Once opened, the attachment triggers the download/installation of NanoCore RAT (Remote Access Trojan).

What kind of page is onlineshield[.]info?

While inspecting rogue sites, our researchers discovered the onlineshield[.]info webpage. It loads deceptive content, promotes browser notification spam, and redirects visitors to other (likely dubious/malicious) pages. Onlineshield[.]info and similar websites are rarely accessed intentionally. Most users enter them through redirects caused by webpages that use rogue advertising networks.

What kind of application is Moon Browser?

Moon Browser is the name of a Chromium-based browser. After testing this browser, we found that it promotes the feed.moonbrowser.com address. Feed.moonbrowser.com is a fake search engine. Thus, it is recommended not to use it as a tool to browse the Internet and avoid using browsers (and other apps) used to promote fake search engines.

What is "You've made the 16.39-billionth search!"?

During a routine inspection of shady websites, our researchers discovered the "You've made the 16.39-billionth search!" scam. It uses content (names/graphics) associated with the Google search engine, thereby implying that this reward is given or sponsored by Google LLC. In fact, this scam is in no way associated with this search engine or the multinational technology company.

"You've made the 16.39-billionth search!" operates a phishing scam and might also try to trick victims into making bogus purchases.

What kind of application is CommonLocator?

We have discovered the CommonLocator application while examining various shady websites. Once installed, it starts displaying annoying advertisements. Therefore, our team has concluded that CommonLocator is typical adware. It is not recommended to have any adware installed on browsers or computers.

What is Venom ransomware?

Venom is the name of a ransomware-type program, which our researchers found while inspecting new malware submissions to VirusTotal.

We learned that Venom belongs to the ZEPPELIN ransomware family. On our test system, this malicious program encrypted files and appended their filenames with the ".venom.[victim's_ID]" extension. For example, a file initially titled "1.jpg" appeared as "1.jpg.venom.676-8D9-8E6", and so forth for all affected files.

Once the encryption was finished, Venom created a text file named "ALL YOUR FILES ARE ENCRYPTED.txt" on the desktop. The text therein was the ransom note.

What kind of page is window-save[.]com?

Window-save[.]com is a deceptive page running the "You've Visited Illegal Infected Website" scam and asking for permission to deliver notifications. We have discovered it while examining other sites that use rogue advertising networks. Websites like window-save[.]com can never be trusted and should not be allowed to display notifications.