Virus and Spyware Removal Guides, uninstall instructions

What is news-central[.]me?

It is uncommon for pages like news-central[.]me to be visited intentionally. Usually, they get opened by installed potentially unwanted applications (PUAs), through deceptive advertisements or other unreliable web pages.

It is worth mentioning that the aforementioned apps are called potentially unwanted because most users download and install them unknowingly. There are many pages like news-central[.]me on the Internet.

Some examples are udsignation[.]biz, linstersbig[.]com, and turboflash[.]me. Depending on visitor's geolocation, these pages either load deceptive content or open two, three other shady sites.

What is the "Contech" scam email?

"Contech email virus" refers to a malware-spreading spam campaign. The term "spam campaign" defines a mass-scale operation during which deceptive/scam emails are sent by the thousand.

The letters distributed through this campaign are presented as urgent purchase orders. However, the fake Excel documents attached to these emails do not contain information relating to any purchases.

In fact, the attachment is an archived executable. When this file is opened - it triggers download/installation of the Ave Maria trojan.

What is Cryp0?

Ransomware is a type of malware that denies access to files on the infected computer - it encrypts files and demands payment for decryption (displays or creates a ransom note). Cryp0 ransomware renames encrypted files by appending the ".cryp0" extension, for example, it renames a file named "1.jpg" to "1.jpg.cryp0", "2.jpg" to "2.jpg.cryp0", and so on.

Cryp0's ransom notes are its wallpaper (it changes the victim's desktop wallpaper) and the "README-contact-hightearsupreme@keemail.me.txt" text file.

What is udsignation[.]biz?

udsignation[.]biz is similar to linstersbig[.]com, turboflash[.]me, chultoux[.]com, and many other websites designed to trick visitors into allowing them to show notifications or to open a couple of other shady pages. What these pages do when they get visited depends on the geolocation (IP address) of their visitors.

In one way or another, udsignation[.]biz and other pages of this type cannot be trusted. As a rule, users visit them accidentally - through clicked deceptive ads, visited untrustworthy pages.

It is also common that browsers open pages like udsignation[.]biz because they have some potentially unwanted application (PUA) installed on them.

What is icotocotac[.]biz?

Icotocotac[.]biz is designed to trick visitors into agreeing to receive its notifications (it loads deceptive content) or to open a couple of other potentially malicious pages. It checks the visitor's IP address and then loads its content or opens other pages.

In most cases, websites like icotocotac[.]biz are promoted through other untrustworthy pages, deceptive advertisements, or potentially unwanted applications (PUAs) that users download and install on their browsers or computers unknowingly. Either way, it is uncommon for pages like icotocotac[.]biz to be opened on purpose.

What kind of malware is RYK?

There are many ransomware-type computer infections available online, including RYK, which was discovered by MalwareHunterTeam. This is a new variant of RYUK Ransomware.

RYK encrypts data using a cryptography algorithm, thereby rendering files stored on a computer unusable. It appends the ".RYK" extension to each encrypted file, thus renaming all affected files. For example, "1.jpg" becomes "1.jpg.RYK". RYK also places a "RyukReadMe.txt" text file (ransom-demand message) in every folder that contains encrypted files.

What is the read-the-news[.]online site?

Read-the-news[.]online is but one of many rogue websites on the Internet. There are thousands of such sites; linstersbig.com, chultoux.com, red-video.fun - are a few examples. They operate by presenting visitors with dubious content and/or redirecting them to other untrustworthy or possibly malicious pages.

Furthermore, these websites are seldom accessed intentionally. Most users get redirected to them by intrusive advertisements or PUAs (Potentially Unwanted Applications) already installed onto their devices. These apps do not need explicit user permission to infiltrate systems. PUAs are designed to cause redirects, run intrusive ad campaigns, and collect browsing-related information.

What is njnxhh[.]com?

Njnxhh[.]com is a rogue website sharing many similarities with linstersbig.com, turboflash.me, chultoux.com, and thousands of others. It operates by loading dubious content and/or redirecting visitors to untrustworthy/malicious sites.

This type of webpage is seldom entered intentionally; most users get redirected to such sites by intrusive advertisements or installed PUAs (Potentially Unwanted Applications). This software can infiltrate systems without express user permission.

PUAs are designed to force-open various websites, run intrusive advert campaigns, and collect browsing-related information.

What is Mini-Redline?

As a rule, information stealers are designed to gather information such as login credentials (like usernames, email addresses, passwords), credit card details, and other data that could be used to steal personal accounts, identities, make unauthorized purchases, transactions, etc.

Mini-Redline information stealer is the name of a minimized RedLine stealer designed to steal sensitive data from web browsers. Research shows that cybercriminals use pay-per-click Google advertisements to promote fake Anydesk download pages signed with Cloudflare certificates and used to trick users into downloading Mini-Redline.

It is important to mention that one of their fake AnyDesk download pages is used to distribute another stealer called Taurus.

What is yt1s[.]com?

Yt1s[.]com is a highly untrustworthy site offering the service of YouTube content downloading. To elaborate, this webpage can convert YouTube video links to MP3, MP4, and 3GP format files, which users can download.

In addition to infringing copyright laws, yt1s[.]com also uses rogue advertising networks. Visitors to this website can have questionable and malicious pages force-opened or be redirected to them.

Therefore, it is strongly advised against visiting and/or using yt1s[.]com and similar sites.