Virus and Spyware Removal Guides, uninstall instructions

What is earntthatyo[.]biz?

The earntthatyo[.]biz website can open shady websites and display its content. It depends on the visitor's IP address/geolocation.

In one way or another, earntthatyo[.]biz is not a trustworthy website. It is noteworthy that there are many pages like earntthatyo[.]biz, for example, rtenmy[.]com, oundoutth[.]biz, and pplyforthe[.]biz.

It is very uncommon for them to be visited on purpose. Quite often, browsers open them on a regular basis because they have one or another potentially unwanted application (PUA) installed on them.

Also, pages like oearntthatyo[.]biz can be promoted through untrustworthy advertisements and dubious web pages.

What is fxsmash.xyz?

Fxsmash.xyz is the URL (address) of a fake search engine. Web searchers classified as illegitimate are usually unable to provide search results and collect browsing-related information.

Search engines of this type are typically promoted by browser hijackers - through modifications this software to browser settings. The fxsmash.xyz web searcher has been observed being promoted by Make changes, Show Tabs, Newtab, GillCom, SysKey, and other browser hijackers.

Furthermore, software within this category tends to have data tracking abilities, which are used to spy on users' browsing habits. Since most users download/install browser hijackers inadvertently, they are also classified as PUAs (Potentially Unwanted Applications).

What is Steam Sheriff?

Steam Sheriff is advertised as an app designed to check URLs visited by a user to help prevent Steam phishing attacks.

However, it is known that this app generates advertisements - it functions as adware (advertising-supported software). Therefore, it is advisable not to download and install this app.

It is noteworthy that most users download and install apps like Steam Sheriff inadvertently. For this reason, they are called potentially unwanted applications (PUAs).

What is rtenmy[.]com?

Rtenmy[.]com is a rogue website sharing similarities with oundoutth.biz, pplyforthe.biz, allcommonblog.com, and countless others. Visitors to this webpage are presented with questionable content and/or redirected to unreliable and possibly malicious sites.

Users rarely access such pages inadvertently; most get redirected to them by intrusive adverts or PUAs (Potentially Unwanted Applications) already installed onto their devices.

These apps do not require explicit user permission to be installed onto systems. PUAs are designed to force-open websites, run intrusive advertisement campaigns, and gather browsing-related data.

What is Img Preview?

Img Preview is a potentially unwanted application (PUA), a browser hijacker that changes browser's settings to fxsmash.xyz - address of a fake search engine. Img Preview is called a PUA because users do not download and install browser hijackers intentionally.

It is common that apps of this type are designed to gather information about their users (for example, details related to web browsing activities).

Apps of this type cannot be trusted. Therefore, it is highly advisable not to have any of them installed on browsers or the operating system.

What is "Facebook account hack 2021 #1 fb hack app"?

"Facebook account hack 2021 #1 fb hack app" is a browser extension, falsely claiming to be able to allow unauthorized access to (i.e. hack) Facebook social networking accounts within one minute. Instead, this piece of software delivers various advertisements and likely collects browsing-related information.

Due to this behavior, "Facebook account hack 2021 #1 fb hack app" is classified as adware. Software products within this classification are also deemed to be PUAs (Potentially Unwanted Applications).

What is Rabobank email scam?

It is common that scammers send fraudulent emails to trick recipients into providing sensitive information (for example, credit card details, login credentials, social security numbers), transferring money. Typically, they pretend to be legitimate companies (for example, banks, couriers, telecommunications, and internet service providers) to give legitimacy to their emails.

Scammers behind this scam pretend to be Rabobank, a Dutch multinational banking and financial services company. It is likely that the purpose of this scam campaign is to trick recipients into providing login credentials for Rabobank account.

What is the "NOTICE OF ACCOUNT CLOSURE FOR AUDIT" scam email?

"NOTICE OF ACCOUNT CLOSURE FOR AUDIT" is the name of a malware-proliferating spam campaign. This term defines a mass-scale operation during which thousands of deceptive emails are sent.

The letters distributed through this campaign - address the recipient as a supplier/service provider and request them to review their account and payment statements. However, instead of containing this documentation, the email attachment is designed to infect systems with the NanoCore RAT (Remote Access Trojan) - upon opening.

Malware within this classification operates by enabling remote access and control over compromised machines. These trojans can have a wide variety of heinous functionalities, which pose a broad range of serious threats.

What is Sick ransomware?

Ransomware is a type of malware that makes files inaccessible/unusable by encrypting them. It is common that ransomware not only encrypts files but also renames them.

Additionally, it generates a ransom note. Sick ransomware was discovered by dnwls0719. It encrypts file and append the ".sick" extension to their filenames.

For instance, it renames "1.jpg" to "1.jpg.sick", "sample.jpg" to "sample.jpg.sick", etc. Sick creates its ransom note (the "HELP.txt" file) on victim's desktop.

What kind of malware is Venus?

Discovered by malware researcher S!Ri, Venus is a ransomware-type program. It is designed to encrypt data and demand payment for the decryption.

In other words, this malicious program locks files, thereby rendering them inaccessible and useless; afterwards, victims are asked to pay - to unlock their data.

During the encryption process, affected files are appended with the ".venus" extension. For example, a file originally named something like "1.jpg" would appear as "1.jpg.venus", "2.jpg" as "2.jpg.venus", "3.jpg" as "3.jpg.venus", and so on.

Once this process is complete, a ransom note - "README.txt" - is created. Additionally, Venus ransomware changes the desktop wallpaper.