Virus and Spyware Removal Guides, uninstall instructions

What kind of app is big dark?

big dark is the name of a browser hijacker promoting ytood.com - a fake search engine. big dark hijacks a browser by changing its settings. Most browser-hijacking apps are promoted/distributed using questionable (often deceptive) methods. Thus, a big part of them gets downloaded and installed inadvertently.

What kind of page is greattypecaptcha[.]top?

Greattypecaptcha[.]top is one of the websites designed to trick users into allowing it to show notifications. It can also redirect visitors to other untrustworthy pages. Greattypecaptcha[.]top is similar to mykiger[.]com, stayprotectedsupport[.]com, defender-scanning[.]xyz, and hundreds of others.

What is Česká Pošta email scam?

It is a phishing email that scammers use to trick recipients into opening a deceptive page and providing sensitive information. This email is disguised as a letter from the Czech Post/Česká pošta (the state-owned postal company of the Czech Republic).

What kind of malware is 8zvpm?

8zvpm is ransomware that blocks access to files (encrypts files), appends a string of random characters and the ".8zvpm" extension to filenames, and creates a ransom note (the "vyS2_HOW_TO_DECRYPT.txt" file) on a desktop.

An example of how 8zvpm modifies filenames: it renames "1.jpg" to "1.jpg.O_tSScArzoT1ftfFungNbG0uAgdI1k80JVrt3Tc0-Wb_VkmIvdJgNH80.8zvpm", "file.txt" to "file.txt.O_tSScArzoT1ftfFungNbG0uAgdI1k80JVrt3Tc0-Wb_VkmIvdJgNH80.8zvpm", and so on.

What kind of software is ExpandedNet?

ExpandedNet is advertising-supported software. It generates advertisements. In addition to that, ExpandedNet changes web browser's settings to promote a fake search engine (it functions as a browser hijacker). This app is distributed using a fake Adobe Flash Player installer.

What kind of malware is Ver?

Ver is ransomware that encrypts files and appends the ".ver" extension (and the victim's ID, quacksalver@onionmail.org email address) to filenames. It also displays a pop-up window and creates the "info.txt" file containing a ransom note. This ransomware is part of the Dharma family.

For example, Ver renames a file named "1.jpg" to "1.jpg.id-9ECFA84E.[quacksalver@onionmail.org].ver", "document.txt" to "document.txt.id-9ECFA84E.[quacksalver@onionmail.org].ver", and so on.

What kind of malware is C1024?

C1024 belongs to a family of ransomware called Dharma. This variant appends the ".C1024" extension (and the victim's ID, code1024@keemail.me email address) to filenames. C1024 generates two ransom notes: it creates the "info.txt" file and displays a pop-up window.

An example of how C1024 renames files: "1.jpg" to "1.jpg.id-9ECFA84E.[code1024@keemail.me].C1024", "sample.png" to "sample.png.id-9ECFA84E.[code1024@keemail.me].C1024", and so on.

What kind of malware is Nnqp?

The purpose of Nnqp ransomware is to encrypt files and create a text file ("_readme.txt") containing a ransom note. Additionally, it appends the ".nnqp" extension to filenames. For example, it renames "1.jpg" to "1.jpg.nnqp", "document.txt" to "document.txt.nnqp", and so on. Nnqp belongs to a family of ransomware called Djvu.

What is rewardsltd[.]com?

Similar to stayprotectedsupport.com, newschecktoday.com, earnmoneycrypt.com, and countless others, rewardsltd[.]com is a rogue website. It operates by promoting questionable/deceptive content and/or redirecting visitors to different (likely untrustworthy or malicious) pages.

Most users enter rogue webpages via redirects caused by unreliable sites, intrusive ads, or installed PUAs (Potentially Unwanted Applications).

What is SmartTravel?

SmartTravel is an adware-type application. Due to the questionable techniques used to distribute it, this piece of software is also classified as a PUA (Potentially Unwanted Application).

SmartTravel is endorsed as a tool for easy access to information hosted on Wikitravel - a web-based collaborative travel guide. It must be emphasized that this rogue app is in no way associated with Wikimedia Foundation - the creators of Wikitravel.