Virus and Spyware Removal Guides, uninstall instructions

What is ElementarySignalSearch?

ElementarySignalSearch is categorized as adware because it generates unwanted advertisements. It is known that this app changes the browser's settings to promote a fake search engine (it has characteristics of a browser hijacker) and collects information data as well.

It is uncommon for apps like ElementarySignalSearch to be downloaded and installed intentionally. For this reason, they are called potentially unwanted applications.

It is known that ElementarySignalSearch's developers use a fake installer that looks like the installer for Adobe Flash Player to trick users into downloading and installing this app.

What is RedDot ransomware?

Discovered by Jirehlov Solace, RedDot is a piece of malicious software classified as ransomware. Systems infected with malware experience data encryption (stored files are rendered inaccessible), and victims receive ransom demands for the decryption (access recovery).

During the encryption process, affected files are appended with the ".reddot" extension. For example, a file originally titled something like "1.jpg" would appear as "1.jpg.reddot", "2.jpg" as "2.jpg.reddot", "3.jpg" as "3.jpg.reddot", and so on.

Once this process is complete, ransom notes - "HOW_TO_RESTORE_MY_FILES.txt" - are dropped into compromised folders. Additionally, RedDot ransomware changes the desktop wallpaper.

What is the Pick Color browser hijacker?

Pick Color is the name of a browser hijacker, endorsed as a pop-up tool allowing users to pick (i.e., get a sample of) the colors used in websites and other online content. Software within this category typically promotes fake search engines by making modifications to browser settings.

However, Pick Color does not consistently alter browsers when promoting the fxsmash.xyz fake web searcher. Additionally, Pick Color spies on users' browsing activity. Due to the questionable techniques used to distribute browser hijackers, they are also classified as PUAs (Potentially Unwanted Applications).

What is yourwowfeed[.]com?

Yourwowfeed[.]com is one of the untrustworthy websites designed to check the IP address/geolocation and then load deceptive content or open a couple (about two, three) other pages of this kind. It is important to mention that it is uncommon for pages like yourwowfeed[.]com to be visited intentionally.

In most cases, users open them by clicking shady ads, visiting questionable websites. Also, pages like yourwowfeed[.]com can be opened by installed potentially unwanted applications (PUAs).

More examples of websites that are similar to yourwowfeed[.]com are ncurrentlyd[.]biz, oossautsid[.]com, and acancyfopl[.]biz.

What is "E-mail Blacklist scam"?

"E-mail Blacklist scam" refers to a spam campaign - a large-scale operation during which deceptive emails are sent by the thousand. The letters spread through this campaign - claim that recipients' email accounts have been blacklisted.

Allegedly, unless the accounts are updated - they will be permanently suspended. It must be emphasized that these emails are fake and all of the information provided by them is false. The "E-mail Blacklist" scam letters aim to promote a phishing website, which is designed to record email account log-in credentials (i.e., email addresses and passwords) provided to it.

Therefore, by trying to sign in via this site, users can have their email accounts stolen by the scammers behind this spam campaign.

What is Lama ransomware?

Lama is the name of a malicious program, which is part of the VoidCrypt ransomware family. This malware is designed to encrypt data and demand payment for the decryption tools/software.

To elaborate, systems infected with Lama ransomware have the files stored on them rendered inaccessible and unusable. Afterwards, this malicious program creates ransom notes, which ask victims to pay - in order to recover access/use of their data.

During the encryption process, affected files are renamed according to this pattern: original filename, cyber criminals' email address, unique ID assigned to the victims, and ".Lama" extension. For example, a file initially titled "1.jpg" would appear as something similar to "1.jpg.[badlamadec@gmail.com][MJ-KL5067341892].Lama" - following encryption.

Once this process is complete, ransom-demanding messages - "Decrypt-info.txt" - are dropped into compromised folders.

What is Emails Rejected On Admin Server scam?

It is common that scammers use email to trick recipients into giving them their personal information (for example, credit card details, passwords, emails and other login credentials, social security numbers), or transferring money. In order to give their emails legitimacy, they pretend to be legitimate companies, organizations.

Quite often, scammers attempt to trick recipients into opening provided website links and providing sensitive information on the opened websites.

What is Gpay?

Ransomware is a type of malware that encrypts files and generates a ransom note (or multiple ransom notes). It blocks access to data unless a ransom is paid. Gpay encrypts and renames files, it appends the ".gpay" extension to their filenames (e.g., it renames a file named "1.jpg" to "1.jpg.gpay", "2.jpg" to "2.jpg.gpay", and so on).

Gpay's ransom note is a file named "!!!HOW_TO_DECRYPT!!!.mht", victims can find this file in all folders containing encrypted files.

What is the "Air Sea Land" scam email?

"Air Sea Land email virus" refers to a malware-proliferating spam campaign. The term "spam campaign" describes a mass-scale operation during which deceptive/scam emails are sent by the thousand.

The fake "Air Sea Land" letters supposedly concern order payments. This spam mail aims to spread malicious software. Therefore, when recipients open the files attached to these emails - malware download/installation is initiated.

What is SkinnyBoy?

It is known that SkinnyBoy was used in targeted attacks (in spear phishing campaigns targeting military and government institutions). At the current moment this malware is delivered using emails that contain malicious Microsoft Word document.

SkinnyBoy is designed to collect information about the victims and distribute other malicious software. Although, it is unknown what type of malware SkinnyBoy is used to install.

It could be ransomware, a remote access trojan, cryptocurrency miner, or some another malicious software.