Virus and Spyware Removal Guides, uninstall instructions

What is the news-runytuh[.]cc website?

Sharing similarities with chicheet.com, bro, rtenmy.com, oundoutth.biz, and many others, news-runytuh[.]cc is a rogue webpage. It operates by delivering questionable content and/or redirecting visitors to untrustworthy/malicious sites.

This website type is seldom accessed inadvertently; most users get redirected to these pages by intrusive advertisements or installed PUAs (Potentially Unwanted Applications). Software within this classification can infiltrate systems without user consent.

PUAs cause redirects, deliver intrusive advert campaigns, and collect browsing-related and sensitive information.

What is BazarCall scam?

BazarCall is the name of the email campaign used with the purpose to trick recipients into installing malware on their computers. Cybercriminals behind this campaign send subscription-themed emails encouraging recipients to call the provided phone number to cancel or renew a subscription plan.

After calling the provided number, recipients are usually asked to visit a malicious website and download a file designed to install malware. Research shows that the BazarCall campaign is used to distribute BazarLoader malware that provides the attackers backdoor access to the infected computers.

It is possible that this campaign is used to deliver other malicious software as well.

What is Telamon Cleaner?

Telamon Cleaner is a piece of software endorsed as a tool capable of removing various threats and unwanted content (e.g., temporary, junk files, etc.) from operating systems. However, this application is deemed to be untrustworthy due to the questionable techniques used to distribute it.

Since most users download/install Telamon Cleaner inadvertently, it is classified as a PUA (Potentially Unwanted Application). Software products within this classification often cannot perform the advertised abilities and may have unmentioned harmful functionalities.

What are the Bro sites?

Bro is a group of rogue websites with domains, including bro1[.]biz; bro2[.]biz; bro3[.]biz; bro4[.]biz; bro5[.]biz, etc. Visitors to these sites are presented with dubious content and/or redirected to untrustworthy and possibly malicious sites.

The Internet is rife with such webpages; chicheet.com, onterralink.xyz, and earntthatyo.biz are just a few examples. Users usually access rogue pages unintentionally.

Most enter them via redirects caused by intrusive adverts or installed PUAs (Potentially Unwanted Applications). These apps can infiltrate systems stealthily. Hence users may be unaware of their presence.

PUAs are designed to cause redirects, run intrusive advertisement campaigns, and collect browsing-related data.

What is ExploreSync?

ExploreSync adware is a form of unwanted software that generates advertisements, changes browser's settings, and collects data. It is designed to function as adware and a browser hijacker.

Typically, users do not download and install apps of this type on purpose. To trick users into installing ExploreSync, its developers use a fake Adobe Flash Player installer.

Apps that users download, install unknowingly (without intention) are called potentially unwanted applications (PUAs). It is highly advisable not to have software like ExploreSync installed on a browser or the operating system.

What is Ad Video Blocker?

Ad Video Blocker is the name of a potentially unwanted application (PUA) that generates advertisements. In other words, Ad Video Blocker is an advertising-supported software (adware).

As a rule, users download and install apps of this type accidentally. That is the reason why they are called potentially unwanted.

Another common problem with apps like Ad Video Blocker is that they can be designed to collect information related to web browsing activities or other data. Either way, it is highly advisable not to trust apps like Ad Video Blocker.

What is "Free Xbox Codes 2021- Xbox Gift card codes"?

"Free Xbox Codes 2021- Xbox Gift card codes" is a browser extension, which promises to generate Xbox video gaming brand gift-card codes for free. It is classified as adware due to running intrusive advertisement campaigns (i.e., delivering various adverts).

Additionally, software within this classification usually has data tracking abilities that are employed to spy on users' browsing activity. Adware products are seldom downloaded/installed intentionally; hence, they are also categorized as PUAs (Potentially Unwanted Applications).

What is Boss ransomware?

Boss ransomware belongs to the ransomware family called Makop. Typically, malware of this type encrypts files, changes their extension, and generates a ransom note.

Boss renames files by appending a string of random characters (likely a victim's ID), the pay_btc2021@protonmail.com email address, and ".Boss" extension to their filenames. For example: it renames "1.jpg" to "1.jpg.[9B83AE23].[pay_btc2021@protonmail.com].Boss", "2.jpg" to "2.jpg.[9B83AE23].[pay_btc2021@protonmail.com].Boss", and so on.

Boss creates the "readme-warning.txt" file as its ransom note. It creates this file in all folders containing encrypted files.

What kind of website is searchmarquis.com?

Searchmarquis.com is the address of a fake search engine designed to generate unique results and enhance the overall browsing experience. This may seem to be a regular search engine (such as Yahoo, Google, etc.), however, it is advertised through rogue download/installation set-ups.

Typically, these set-ups change browser settings. Furthermore, most fake search engines collect various details relating to browsing activities. Note that searchmarquis.com is identical to searchitnow.info.

What kind of malware is Datalock?

Datalock is a ransomware-type program, designed to encrypt data and demand payment for the decryption tools. In other words, this malware renders files inaccessible and demands a ransom to be paid for access recovery to the data.

During the encryption process, affected files are appended with the ".datalock" extension. For example, a file initially named something like "1.jpg" would appear as "1.jpg.datalock", "2.jpg" as "2.jpg.datalock", etc.

Once this process is complete, ransom-demanding messages - "Recovery_Instructions.html" - are dropped into compromised folders. Datalock belongs to the MedusaLocker ransomware family.