Virus and Spyware Removal Guides, uninstall instructions

What is nicyaboyenan[.]com scam?

Nicyaboyenan[.]com is a website that uses scare tactics to trick visitors into installing some potentially unwanted application (PUA). Usually, websites of this type display fake virus notifications claiming that a device is infected and offer to remove detected malware with some app.

What is the secure-support[.]space site?

Secure-support[.]space is a deceptive website running various scams. At the of research, this page ran a scheme targeting iPhone users. The scam claims that visitors' iPhones have been infected and recommends installing a free protection tool.

Typically, such schemes push untrustworthy software, e.g., fake anti-viruses, adware, browser hijackers, and other PUAs (Potentially Unwanted Applications). In seldom cases, scams of this kind are used to proliferate malware (e.g., trojans, ransomware, cryptominers, etc.).

Sites like secure-support[.]space are usually accessed via mistyped URLs or redirects caused by rogue webpages, intrusive ads, or installed PUAs.

What is Zvw5k ransomware?

Zvw5k encrypts files and modifies their filenames. It adds a string of random characters and the ".zvw5k" extension to filenames. For instance, Zvw5k renames "1.jpg" to "1.jpg.NZ4g08eQk3TfLo_4PSAQQ7ff0o9pcKspQmt1rhxGnTj_IAC1NfcI0680.zvw5k", "2.jpg" to "2.jpg.NZ4g08eQk3TfLo_4PSAQQ7ff0o9pcKspQmt1rhxGnTj_IAC1NfcI0680.zvw5k".

Also, Zvw5k creates a text file named "Hw44_HOW_TO_DECRYPT.txt". This file contains instructions on how to contact the attackers for data decryption and some other details.

What is the captchafilter[.]top site?

Captchafilter[.]top is an untrustworthy website designed to load questionable content, push its browser notifications, and/or redirect visitors to other (likely unreliable or malicious) pages.

The Internet is rife with such sites; onestoreblog.com, news-themes.com, and brokenbad.biz are but a few examples. Users typically access such rogue webpages via redirects caused by suspect sites, intrusive advertisements, or installed PUAs (Potentially Unwanted Applications).

What is eruthoxup[.]com site?

Eruthoxup[.]com asks for permission to show notifications and promotes potentially malicious pages. It is promoted through other pages of this kind, shady advertisements, and (or) potentially unwanted applications (PUAs). Eruthoxup[.]com is similar to oataltaul[.]com, onestoreblog[.]com, news-themes[.]com, and many other pages.

What is ConnectedPlatform?

ConnectedPlatform is a rogue app classified as adware. It also has browser hijacker qualities. Furthermore, due to the questionable techniques used to distribute products within these classifications, they are also considered to be PUAs (Potentially Unwanted Applications).

What is WOLF ransomware?

WOLF is part of the Dharma ransomware family. It is designed to block access to files (to keep them encrypted) until a sum of money is paid. WOLF also renames files and generates two ransom notes (displays a pop-up window and creates the "info.txt" file).

WOLF renames files by appending the victim's ID, seawolf@onionmail.org email address and ".WOLF" extension. For example, it renames "1.jpg" to "1.jpg.id-C279F237.[seawolf@onionmail.org].WOLF", "2.jpg" to "2.jpg.id-C279F237.[seawolf@onionmail.org].WOLF", and so on.

What is BadSiteDefender?

BadSiteDefender is a browser extension promoted as a tool capable of preventing malicious websites from being opened. Instead, this rogue piece of software operates as adware. Due to the dubious methods used to distribute adware-type products, they are also categorized as PUAs (Potentially Unwanted Applications).

What is onestoreblog[.]com?

Similar to news-themes.com, tionalmorei.online, allhotfeed.com, fast-travel.org, and countless others, onestoreblog[.]com is a rogue website. It operates by loading dubious content and/or redirecting visitors to various (likely untrustworthy or malicious) sites.

Users typically access such webpages via redirects caused by suspect websites, intrusive ads, or installed PUAs (Potentially Unwanted Applications).

What is RTX ransomware?

RTX is one of the ransomware variants that are part of the VoidCrypt family. RTX encrypts files and modifies their filenames. For instance, it renames "1.jpg" file to "1.jpg.[hoti2020@tutanota.com][MJ-ZS8512639047].RTX", "2.jpg" to "2.jpg.[hoti2020@tutanota.com][MJ-ZS8512639047].RTX". It also creates the "Read-this.txt" file (a ransom note).