Virus and Spyware Removal Guides, uninstall instructions

Nhom10 is a piece of malicious software categorized as ransomware. It operates by encrypting data (rendering files inaccessible) and demands payment for the decryption (access recovery).

Typically, ransomware renames files as it encrypts them. However, this is not the case with Nhom10; the filenames of files affected by it - remain unchanged. After the encryption process is complete, this malware displays a pop-up window containing a ransom note in Vietnamese.

What is Sspq?

In most cases, ransomware encrypts and renames files, and generates a ransom demanding message (e.g., displays a pop-up window, creates a text file, changes desktop wallpaper). Sspq renames encrypted files by appending the ".sspq" extension.

For instance, it renames "1.jpg" to "1.jpg.sspq", "2.jpg" to "2.jpg.sspq", and so on. As its ransom note, Sspq creates a text file named "_readme.txt".

It is common that different ransomware variants are part of one or another ransomware family. Sspq belongs to the Djvu family.

What is the "Your device might have security issues" scam?

"Your device might have security issues" is a scam run on various deceptive websites. Much as its name implies, this scheme claims that users' systems may be at risk and offer to prepare a list of recommended applications, which will supposedly secure the device.

This scam aims to promote a phishing website targeting financial data. Additionally, it tricks users into enabling the rogue site's browser notifications, which are used to run intrusive advertisement campaigns.

Untrustworthy websites are seldom accessed intentionally; most users get redirected to them by intrusive ads or installed PUAs (Potentially Unwanted Applications). These apps do not need explicit permission to infiltrate systems, so users may be unaware of their presence.

What is Your device is infected with a spam virus scam?

Many deceptive websites on the Internet are designed to display fake virus notifications claiming that a computer or another device is infected and encouraging to solve the problem (remove threats) with the offered application. This particular page is designed to trick visitors into allowing it to show notifications that are likely to be used to promote potentially unwanted applications (PUAs), or even malicious apps.

It is worth mentioning that this is not the only website using a deceptive technique to trick visitors into agreeing to receive notifications from it. Typically, websites like this one are promoted through PUAs, deceptive ads, or other pages of this kind - it is unlikely for them to be visited on purpose.

What is MyStreamsSearch?

MyStreamsSearch is a browser hijacker promoting the mystreamssearch.com fake search engine. This rogue browser extension makes modifications to browser settings in order to cause redirects to mystreamssearch.com.

Additionally, MyStreamsSearch has data tracking abilities, which are employed to spy on users' browsing habits. Since most users unintentionally download/install browser hijackers, they are also categorized as PUAs (Potentially Unwanted Applications).

What is the fake "Mr Beast Giveaway"?

"Mr Beast Giveaway scam" refers to a scheme run on various deceptive websites. The scam is presented as a monetary prize giveaway eligible for every subscriber of the MrBeast YouTube channel - who visits the scheme-promoting webpage.

This fake giveaway requests users to download/install its sponsors' applications and provide the email used to register their PayPal online money-transferring account. Typically, such scams are used to extract payments from victims and to proliferate adware, browser hijackers, and other PUAs (Potentially Unwanted Applications).

In some cases, schemes of this type are also employed to spread malware (e.g., trojans, ransomware, cryptocurrency miners, etc.). It must be emphasized that the "Mr Beast Giveaway" scam is in no way associated with Jimmy Donaldson - the YouTuber known as MrBeast, his channel, or any other legitimate entity mentioned in the scheme.

Untrustworthy sites are seldom accessed intentionally; most users enter them via mistyped URLs, redirects caused by intrusive ads, or have them force-opened by installed PUAs.

What is FreeSearchConverters?

Browser hijackers are potentially unwanted applications (PUAs) designed to make changes in settings of hijacked browsers to promote some questionable address (typically, a fake search engine). Research shows that FreeSearchConverters is designed to promote the freesearchconverters.com address and collect browsing data. It is worth mentioning that browser hijackers are called PUAs because it is uncommon for them to be dowloaded and installed intentionally.

What is the lenglishiam[.]biz site?

Sharing many similarities with edinmyhomet.biz, bestdream.space, quicklisti.com, and thousands of others, lenglishiam[.]biz is a rogue website. Visitors to this page are presented with questionable content and/or redirected to different unreliable and dangerous sites.

These webpages are seldom accessed intentionally; most users enter them via redirects caused by intrusive ads or installed PUAs (Potentially Unwanted Applications). These apps can infiltrate systems without explicit user consent. PUAs are designed to force-open websites, deliver intrusive advert campaigns, and gather browsing-related information.

What is the fake "FIRST INTERNATIONAL BANK OF ISRAEL" email?

"FIRST INTERNATIONAL BANK OF ISRAEL Email Scam" refers to a spam campaign - a large-scale operation during which thousands of deceptive emails are sent. The letters distributed through this campaign are disguised as letters from the First International Bank of Israel.

It must be emphasized that these scam emails are in no way associated with the real Israel-based bank, nor is any information provided by them true. The spam letters invite recipients to participate in an unspecified project, which would involve them getting cut of an exorbitant sum of money.

What is Bonifico Effettuato?

As a rule, cybercriminals behind phishing emails attempt steal money, identities by getting recipients to reveal personal information (for example, credit card details, bank information, login credentials) on websites that pretend to be official, legitimate. It is important to mention that emails of this type are disguised as letters from reputable companies, organizations.

Typically, they contain some message and a link to a phishing website. This particular email is disguised as a letter from a company named KÜNZA. It is unlikely that KÜNZA is an existing company - there is no information about it anywhere on the Internet.