Virus and Spyware Removal Guides, uninstall instructions

What is substandid[.]space?

Substandid[.]space is designed to load deceptive content and promote other (mainly questionable) websites. Its functionality depends on the IP address of its visitors. Typically, users do not visit pages like substandid[.]space on purpose - these pages get opened through deceptive ads, potentially unwanted apps (PUAs) or other shady sites.

What is Mail Delivery Failure scam?

Usually, scammers use phishing emails to extract sensitive information (for example, usernames, passwords, or other login credentials, credit card details, social security numbers). It is common that they send emails containing links to phishing websites. This particular email is disguised as a letter from the mail delivery system.

BIOPASS virus removal guide

What is BIOPASS?

BIOPASS is a malicious program classified as a RAT (Remote Access Trojan). Malware within this classification operates by enabling remote access and control over infected machines. The BIOPASS trojan possesses the aforementioned abilities, and it also has extensive data-stealing functionalities.

This malicious program has been noted targeting Chinese online gambling companies through compromised websites that host trojanized Microsoft Silverlight and Adobe Flash Player installation setups (e.g., fake Flash Player updates).

What is HandShake ransomware?

Typically, ransomware encrypts files, modifies their filenames (appends its extension to the filenames of encrypted files) and generates a ransom note (for example, creates a text file). HandShake encrypts files but leaves their filenames unchanged. As its ransom note, HandShake displays a pop-up window.

What is L16 ransomware?

Part of the MedusaLocker ransomware family, L16 is a malicious program designed to encrypt data and demand payment for the decryption. In other words, this malware renders victims' files inaccessible/unusable and asks them to pay for data access/use recovery.

During the encryption process, affected files are appended with the ".L16" extension. For example, a file initially titled something like "1.jpg" would appear as "1.jpg.L16", "2.jpg" as "2.jpg.L16", "3.jpg" as "3.jpg.L16", "4.jpg" as "4.jpg.L16", and so forth.

After the encryption process is complete, a ransom note - "HOW_TO_RECOVER_DATA.html" - is dropped onto the desktop.

What is Browse Safely?

Browse Safely is called a browser hijacker because it promotes a fake search engine (the browsesafelysearch.com address) by changing web browser's settings and does not allow to revert those changes. It is very common for browser hijackers to be downloaded and installed inadvertently, for this reason they are called potentially unwanted apps (PUAs).

What is Gujd ransomware?

Gujd is part of the Djvu ransomware family. It encrypts files and appends the ".gujd" extension to their filenames. For example, Gujd renames a file named "1.jpg" to "1.jpg.gujd", "2.jpg" to "2.jpg.gujd", and so on. To provide instructions on how to contact the attackers (and other details), Gujd creates a ransom note (the "_readme.txt" file).

What is "CONGRATULATIONS, YOU ARE THE VISITOR NO. 1.000.000"?

"CONGRATULATIONS, YOU ARE THE VISITOR NO. 1.000.000" is a scam promoted on various deceptive websites. This scheme congratulates the users for being the millionth visitor to access the site. And as part of their weekly promotion, the user has been selected to win a prize.

The goal of this scam is to trick users into providing personal and sensitive information. Furthermore, it must be emphasized that even if users follow the instructions provided by the scheme - they will not receive any prizes or rewards.

Untrustworthy websites are rarely accessed intentionally. Most users enter them via mistyped URLs, redirects caused by untrustworthy sites, intrusive advertisements, or PUAs (Potentially Unwanted Applications) installed onto their systems.

What is "Anti-spam policy violation Email Scam"?

"Anti-spam policy violation Email Scam" is the name of a spam campaign - a large-scale operation during which thousands of deceptive emails are sent. These letters aim to promote a phishing website, which targets recipients' email accounts.

The scam emails make fake claims that the recipients' email accounts have been detected being in use for spam distribution. The letters try to trick recipients to log into their email accounts through a phishing site that is designed to record information (i.e., passwords) entered into it.

What is UpgradeFilter?

UpgradeFilter is a rogue application, categorized as adware. Additionally, this app has browser hijacker qualities. It operates by running intrusive advertisement campaigns and making modifications to browser settings - to cause redirects to fake search engines.

Hence, with the UpgradeFilter application installed, users encounter undesirable/harmful adverts and are constantly redirected to illegitimate web searcher addresses. Furthermore, most adware and browser hijackers spy on users' browsing activity.

Since most users download/install UpgradeFilter inadvertently, it is classified as a PUA (Potentially Unwanted Application). This app has been distributed via fake Flash Player updates. It is noteworthy that fraudulent updaters can spread PUAs and malware (e.g., trojans, ransomware, etc.).