Virus and Spyware Removal Guides, uninstall instructions

What is ywfiof[.]com?

Ywfiof[.]com is but one of many rogue sites on the Web; wholeactualjournal.com, bigclik.club, and aloha-news.net are some examples of webpages similar to it. Visitors to such pages are presented with questionable content and/or redirected to other unreliable and possibly malicious websites. Most users access sites of this kind via redirects caused by intrusive adverts or installed PUAs (Potentially Unwanted Applications).

These apps can be installed onto devices without user permission. PUAs are designed to cause redirects, run intrusive advertisement campaigns, and collect data relating to browsing activity.

What is wholeactualjournal[.]com?

Wholeactualjournal[.]com is one of the many websites designed to display questionable, often deceptive content and promote a variety of shady pages (its functionality depends on visitor's IP address). It is similar to bigclik[.]club, akemewelsu[.]biz, gate15[.]xyz, and a great deal of other pages.

Most of these websites get opened through unreliable sites, dubious advertisements or potentially unwanted applications (PUAs) that most users download or install unknowingly. In other words, it is uncommon for pages like wholeactualjournal[.]com to be visited on purpose.

What kind of malware is the Prometheus ransomware?

Prometheus is a ransomware-type malicious program. It is designed to encrypt data (render files inaccessible/unusable) and demand ransoms to be paid for the decryption (data access/use recovery). During the encryption process, filenames of the affected files are appended with an extension, which consists of the ID assigned to the victim.

For example, a file initially tilted "1.jpg" would appear as something similar to "1.jpg.[LZG-ZNM-YDNM]" - after encryption. Once this process is complete, ransom notes are created/displayed in a pop-up window ("RESTORE_FILES_INFO.hta") and "RESTORE_FILES_INFO.txt" text files, which are dropped into the compromised folders.

What is Custom Look?

Custom Look is described as a color inverted for Chrome web browsers. However, this app is classified as adware not without reason - Custom Look generates unwanted advertisements while users browse the web (it displays ads on websites users visit).

It is known that this application collects browsing data as well. Typically, users download and install apps like Custom Look (adware-type apps) unintentionally. Apps that get downloaded or installed by users without them knowing about that are called potentially unwanted applications (PUAs).

What is Whiz Reader?

Whiz Reader is a browser extension endorsed as a tool to aid reading by increasing website legibility through highlighted text. However, this piece of software operates as adware; it delivers intrusive advertisement campaigns and collects browsing-related information.

Since most users download/install adware unintentionally, products within this classification are also deemed to be PUAs (Potentially Unwanted Applications).

What is Lockussss?

Ransomware is a type of malware designed to deny a victim access to files on their computer by encrypting them. Usually, ransomware encrypts files and renames them, and generates a ransom note.

Lockussss is part of the MedusaLocker ransomware family. This ransomware variant renames encrypted files by appending the ".lockussss" extension, for example, it renames "1.jpg" to "1.jpg.lockussss", "2.jpg" to "2.jpg.lockussss", and so on.

It creates the "Recovery_Instructions.html" HTML file as its ransom note. This file can be found in any folder that contains encrypted files.

What is SearchWebMesh?

SearchWebMesh is an adware-type application that has three purposes: to generate advertisements, promote a fake search engine and collect various data. It has characteristics of both advertising-supported software and a browser hijacker (it promotes a fake search engine by changing the browser's settings).

It is known that SearchWebMesh's installer is designed to look like the installer for Adobe Flash Player - this app is distributed using a fake installer.

Apps that are distributed using deceptive techniques are called potentially unwanted applications (PUAs). Most PUAs get downloaded and installed unintentionally.

What is Ehiz?

Ransomware is malicious software that encrypts files to make them inaccessible for victims until they decrypt them with a tool that the attackers offer to purchase from them. There is a great number of different ransomware variants and various ransomware families.

Ehiz belongs to the ransomware family called Djvu. It encrypts files and appends the ".ehiz" extension to their filenames.

For example, it renames a file named "1.jpg" to "1.jpg.ehiz", "2.jpg" to "2.jpg.ehiz", and so on. Most ransomware variants create or display a ransom note, Ehiz creates the "_readme.txt" file as its ransom note.

What is FatalRAT?

FatalRAT is the name of a Remote Access Trojan (RAT). A RAT is a type of malware that allows the attacker to remotely control the infected computer and use it for various purposes.

Typically, RATs are used to access files and other data, watch computing activities on the screen and capture screenshots, steal sensitive information (e.g., login credentials, credit card details).

There are many legitimate remote administration/access tools on the Internet. It is common that cybercriminals use those tools with malicious intent too.

What is the "Debit Card" scam email?

"Debit Card email scam" refers to a large-scale operation during which deceptive emails are sent by the thousand. The letters distributed through this campaign claim that recipients have a debit card programmed on their name.

This fake card supposedly contains a ludicrous sum. It must be emphasized that all of the claims made by these scam emails - are false, and they are in no way associated with Mastercard or VISA Incorporated.

The aim of this spam campaign is to gain and abuse recipients' trust for financial gain.