Virus and Spyware Removal Guides, uninstall instructions

What kind of page is richsurvey[.]site?

Richsurvey[.]site is a rogue webpage that loads dubious content, pushes browser notification spam, and redirects visitors to other (likely untrustworthy or malicious) pages.

Our research team discovered this page during a routine inspection of sites that use rogue advertising networks. However, websites of this kind can also be accessed through mistyped URLs or redirects caused by spam notifications, intrusive ads, or installed adware.

What kind of page is yourdatasecurityservice[.]com?

Our research team discovered the yourdatasecurityservice[.]com rogue website while inspecting untrustworthy sites. It loads deceptive content, promotes browser notification spam, and redirects visitors to other (likely dubious/malicious) pages. Most users access sites like yourdatasecurityservice[.]com via others that use rogue advertising networks.

What is the moon darker browser extension?

During a routine inspection of dubious download webpages, our researchers found the moon darker browser extension. It is endorsed as a dark mode tool. After analyzing this piece of software, we determined that it is a browser hijacker promoting the getsins.com fake search engine.

What kind of application is AdBlock Max - remove invasive ads?

AdBlock Max - remove invasive ads is the name of an application/browser extension that we have discovered on a shady website. It is described as an app that removes advertisements and trackers on popular websites and skips YouTube ads. Our team has tested the app and noticed that it operates adware - it generates advertisements.

Wha kind of page is check-the-weather[.]com?

Check-the-weather[.]com is an untrustworthy website designed to trick users into agreeing to receive its notifications and redirect visitors to other shady pages. Our team has discovered this page while examining other dubious sites that use rogue advertising networks. Typically, pages like check-the-weather[.]com are not being visited on purpose.

What kind of application is QuickCouponSearch?

Our team has discovered the QuickCouponSearch application on a shady website. After testing the app, it was concluded that QuickCouponSearch is a browser hijacker. This app hijacks web browsers by changing their settings. The purpose of QuickCouponSearch is to promote quickcouponsearch.com - a fake search engine.

What kind of scam is "Ministerio de Sanidad"?

Recently, it has been popular among scammers to send coronavirus-related emails to trick recipients into transferring money, providing sensitive information, and other purposes. We have examined this email and concluded that it is just another pandemic-related email scam. Scammers behind it attempt to trick recipients into providing sensitive information on a phishing site.

What kind of page is news-govuhu[.]cc?

News-govuhu[.]cc is a rogue site, which our researchers discovered while inspecting dubious webpages. It is designed to load questionable content, push browser notification spam, and redirect visitors to other (likely untrustworthy or malicious) websites.

News-govuhu[.]cc and similar pages are rarely accessed intentionally. Most enter them through sites that use rogue advertising networks; however, they can also be accessed via redirects caused by spam notifications, intrusive adverts, mistyped URLs, or installed adware.

What kind of malware is Kabil?

Kabil is ransomware based on another ransomware variant called Chaos. It encrypts files and appends ".kabil" extension to filenames. Also, Kabil changes the desktop wallpaper and creates the "read_it.txt" file (both containing ransom notes). Our malware researchers have discovered this ransomware while checking VirusTotal for recently submitted malware samples.

An example of how Kabil modifies filenames: it renames "1.jpg" to "1.jpg.kabil", "2.png" to "2.png.kabil", and so forth.

What is ProfessionalHelper?

ProfessionalHelper is a rogue app that our research team discovered while inspecting new submissions to VirusTotal. Our analysis revealed that this application operates as adware. Additionally, we learned that ProfessionalHelper belongs to the AdLoad malware family.