Virus and Spyware Removal Guides, uninstall instructions

What is sweepstakessurvey[.]org?

Sweepstakessurvey[.]org is an untrustworthy website designed to load dubious content, push its browser notifications, and/or redirect visitors to other (likely unreliable and malicious) pages.

There are thousands of such rogue sites on the Web; fresh-content.biz, allactualjournal.com, alert-defenders.com, and rplnd1.com are just some examples. Most users enter these webpages via redirects caused by suspect sites, intrusive adverts, or installed PUAs (Potentially Unwanted Applications).

What kind of page is sasmotia[.]com?

Sasmotia[.]com is an untrustworthy website designed to open other dubious sites and to lure visitors into agreeing to receive its notifications. It is uncommon for pages of this type to be visited intentionally. A couple of examples of other similar sites are fresh-content[.]biz, allactualjournal[.]com, and fugles[.]net.

What is Dark place?

Dark place is a rogue browser extension promising to create a dark mode for simple websites. Instead, this piece of software operates as adware. Due to the questionable methods used to distribute adware-type products, they are also categorized as PUAs (Potentially Unwanted Applications).

What type of malware is Encoded01?

Encoded01 (also known as Sugar) is ransomware that encrypts files and creates the "BackFiles_encoded01.txt" file containing instructions on how to contact the attackers. It also appends the ".encoded01" extension to filenames. For example, it renames "1.jpg" to "1.jpg.encoded01", "2.jpg" to "2.jpg.encoded01".

What is V4cnyy ransomware?

V4cnyy is a piece of malicious software categorized as ransomware. It is designed to encrypt data (render files inaccessible) and demand ransoms for the decryption.

Affected files are appended with a ".v4cnyy" extension. For example, a file initially named "1.jpg" would appear as "1.jpg.v4cnyy", "2.jpg" as "2.jpg.v4cnyy", "3.jpg" as "3.jpg.v4cnyy", and so on.

Afterwards, a text file titled "-Инструкция.txt" ("Instructions.txt" in English) is dropped onto the desktop. At the time of research, this file was empty - though it is intended to contain the ransom note. However, this might be rectified in future releases of V4cnyy. This ransomware also displays a message before the log-in screen.

What is ytop1[.]com?

Ytop1[.]com is an untrustworthy website designed to allow users to convert videos from media platform links (e.g., YouTube, Facebook, etc.) - to downloadable audio (MP3) files. This site infringes copyright laws, but it also employs rogue advertising networks as a monetization technique. These networks promote various unreliable, scam, and even malicious webpages.

The Internet is rife with websites that use rogue advertising networks; zippyshare.com, yifymovies.pro, naijawide.com, and 320ytmp3.com are but a few examples.

What kind of page is protectnconnection[.]icu?

The purpose of protectnconnection[.]icu page is to trick its visitors into downloading (and then installing) a potentially unwanted application (PUA) that is supposed to remove detected viruses. Protectnconnection[.]icu is an untrustworthy page that uses a scare tactic to promote questionable software.

What is UnitNetwork?

UnitNetwork is a rogue app classified as adware. It also operates as a browser hijacker. Since most users inadvertently download/install such apps, they are also considered to be PUAs (Potentially Unwanted Applications).

What kind of application is AddSystem?

AddSystem displays advertisements and changes web browser's settings to promote a fake search engine. This app functions as adware and a browser hijacker. A big part of apps of this kind gets installed unintentionally. Thus, AddSystem and similar apps are categorized as potentially unwanted applications (PUAs).

What is Futm ransomware?

Futm is a malicious program belonging to the Djvu ransomware family. It operates by encrypting data (locking files) and demanding payment for the decryption.

Affected files are appended with the ".futm" extension. For example, a file initially named "1.jpg" would appear as "1.jpg.futm", "2.jpg" as "2.jpg.futm" "3.jpg" as "3.jpg.futm", and so on. After this process is complete, a ransom note titled "_readme.txt" is created.