Virus and Spyware Removal Guides, uninstall instructions

What is the rdsb21[.]club site?

Rdsb21[.]club is a rogue website sharing similarities with bengekoo.com, spleasedon.fun, pyiera.com, and many others. This page is designed to present visitors with questionable content and/or redirect them to untrustworthy/malicious sites. Users tend to access such websites inadvertently; they usually get redirected to them by intrusive advertisements or installed PUAs (Potentially Unwanted Applications).

These apps do not require explicit user permission to infiltrate systems. PUAs can have heinous functionalities, including causing redirects, running intrusive advertisement campaigns, and collecting browsing-related information.

What is Ad Skip Now?

Ad Skip Now is a rogue browser extension categorized as adware. This piece of software falsely promises to block advertisements, which play at the start of online videos. Instead, Ad Skip Now runs intrusive advertisement campaigns.

Additionally, Ad Skip Now has data tracking abilities that are used to collect browsing-related information.

Since most users download/install adware products unintentionally, they are also classified as PUAs (Potentially Unwanted Applications).

What is Bengalcat?

Bengalcat is the name of a malicious program classified as ransomware. Systems infected with this malware experience data encryption and receive ransom demands for the decryption.

In other words, victims cannot access the files affected by Bengalcat, and they are asked to pay - to recover access to their data.

During the encryption process, files are appended with the ".777" extension. For example, a file initially titled something like "1.jpg" would appear as "1.jpg.777", "2.jpg" as "2.jpg.777", and so forth.

Once the encryption process is complete, ransom-demanding messages - "read_it.txt" - are dropped into compromised folders.

What is AccessibleTask?

AccessibleTask is a piece of rogue software. It is classified as adware, and it has browser hijacker qualities.

Following successful installation, this app delivers intrusive advertisement campaigns and promotes fake search engines through modifications to browser settings. Additionally, AccessibleTask likely has data tracking abilities, as they are common for adware and browser hijackers.

Due to the questionable methods used to distribute AccessibleTask, it is also classified as a PUA (Potentially Unwanted Application). One of the techniques observed in use for this app is proliferation via fake Adobe Flash Player updates. It is noteworthy that illegitimate updaters/installers are used to spread not only PUAs but malware (e.g., trojans, ransomware, cryptominers, etc.) as well.

What is Jupyter?

Jupyter (also known as SolarMarker) is the name of malware that functions ad information stealer that has capabilities of a backdoor Trojan. It can be used to steal sensitive information from certain browsers, infect computers with additional malware, execute PowerShell scripts, commands, and hollow processes.

If there is any reason to think that Jupyter is already installed on the operating system, then it should be uninstalled immediately.

What is NetMovieSearch?

NetMovieSearch is a browser hijacker promoting the netmoviesearch.com illegitimate search engine. Following successful installation, this piece of software modifies browser settings in order to promote the netmoviesearch.com web searcher.

Additionally, most browser hijackers have data tracking abilities that are used to spy on users' browsing activity. Hence, NetMovieSearch likely has such functionalities as well.

Due to the questionable methods used to distribute browser hijackers, they are also classified as PUAs (Potentially Unwanted Applications).

What is trking[.]xyz?

Trking[.]xyz is more or less similar to convmusic[.]com, 1music-online[.]me, theactualstories[.]com, and plenty of other websites designed to promote shady pages and display deceptive content. Another thing that these pages have in common is that users do not visit them intentionally.

What is Poliex?

Discovered by dnwls0719, Poliex is a ransomware-type program. It operates by encrypting data (rendering files inaccessible) and demanding payment for the decryption (access recovery).

During the encryption process, affected files are appended with the ".Poliex" extension. For example, a file originally titled "1.jpg" would appear as "1.jpg.Poliex", "2.jpg" as "2.jpg.Poliex", "3.jpg" as "3.jpg.Poliex", and so forth.

After the encryption process is complete, Poliex ransomware drops a ransom note - "README.txt".

What is Start Movie DS?

Start Movie DS is a browser hijacker designed to change a browser's settings to search.movieapp.net (to promote a fake search engine). Browser hijackers are called potentially unwanted applications (PUAs) - users rarely download and install them knowingly, intentionally.

What is "Olmetex email virus"?

"Olmetex email virus" refers to a malware-proliferating spam campaign - a large-scale operation during which thousands of deceptive/scam emails are sent.

The letters distributed through this campaign are disguised as purchase orders from Olmetex. This name belongs to a genuine company specializing in high-performance technical fabrics aimed at the fashion industry. It must be emphasized that these scam emails are in no way associated with Olmetex, and none of the information provided by them is true.

This spam campaign aims to infect recipients' devices with FormBook malware. The primary functionality of this malicious software is data theft.