Virus and Spyware Removal Guides, uninstall instructions

What is rtenmy[.]com?

Rtenmy[.]com is a rogue website sharing similarities with oundoutth.biz, pplyforthe.biz, allcommonblog.com, and countless others. Visitors to this webpage are presented with questionable content and/or redirected to unreliable and possibly malicious sites.

Users rarely access such pages inadvertently; most get redirected to them by intrusive adverts or PUAs (Potentially Unwanted Applications) already installed onto their devices.

These apps do not require explicit user permission to be installed onto systems. PUAs are designed to force-open websites, run intrusive advertisement campaigns, and gather browsing-related data.

What is Img Preview?

Img Preview is a potentially unwanted application (PUA), a browser hijacker that changes browser's settings to fxsmash.xyz - address of a fake search engine. Img Preview is called a PUA because users do not download and install browser hijackers intentionally.

It is common that apps of this type are designed to gather information about their users (for example, details related to web browsing activities).

Apps of this type cannot be trusted. Therefore, it is highly advisable not to have any of them installed on browsers or the operating system.

What is "Facebook account hack 2021 #1 fb hack app"?

"Facebook account hack 2021 #1 fb hack app" is a browser extension, falsely claiming to be able to allow unauthorized access to (i.e. hack) Facebook social networking accounts within one minute. Instead, this piece of software delivers various advertisements and likely collects browsing-related information.

Due to this behavior, "Facebook account hack 2021 #1 fb hack app" is classified as adware. Software products within this classification are also deemed to be PUAs (Potentially Unwanted Applications).

What is Rabobank email scam?

It is common that scammers send fraudulent emails to trick recipients into providing sensitive information (for example, credit card details, login credentials, social security numbers), transferring money. Typically, they pretend to be legitimate companies (for example, banks, couriers, telecommunications, and internet service providers) to give legitimacy to their emails.

Scammers behind this scam pretend to be Rabobank, a Dutch multinational banking and financial services company. It is likely that the purpose of this scam campaign is to trick recipients into providing login credentials for Rabobank account.

What is the "NOTICE OF ACCOUNT CLOSURE FOR AUDIT" scam email?

"NOTICE OF ACCOUNT CLOSURE FOR AUDIT" is the name of a malware-proliferating spam campaign. This term defines a mass-scale operation during which thousands of deceptive emails are sent.

The letters distributed through this campaign - address the recipient as a supplier/service provider and request them to review their account and payment statements. However, instead of containing this documentation, the email attachment is designed to infect systems with the NanoCore RAT (Remote Access Trojan) - upon opening.

Malware within this classification operates by enabling remote access and control over compromised machines. These trojans can have a wide variety of heinous functionalities, which pose a broad range of serious threats.

What is Sick ransomware?

Ransomware is a type of malware that makes files inaccessible/unusable by encrypting them. It is common that ransomware not only encrypts files but also renames them.

Additionally, it generates a ransom note. Sick ransomware was discovered by dnwls0719. It encrypts file and append the ".sick" extension to their filenames.

For instance, it renames "1.jpg" to "1.jpg.sick", "sample.jpg" to "sample.jpg.sick", etc. Sick creates its ransom note (the "HELP.txt" file) on victim's desktop.

What kind of malware is Venus?

Discovered by malware researcher S!Ri, Venus is a ransomware-type program. It is designed to encrypt data and demand payment for the decryption.

In other words, this malicious program locks files, thereby rendering them inaccessible and useless; afterwards, victims are asked to pay - to unlock their data.

During the encryption process, affected files are appended with the ".venus" extension. For example, a file originally named something like "1.jpg" would appear as "1.jpg.venus", "2.jpg" as "2.jpg.venus", "3.jpg" as "3.jpg.venus", and so on.

Once this process is complete, a ransom note - "README.txt" - is created. Additionally, Venus ransomware changes the desktop wallpaper.

What is Ytviewer?

Ytviewer is an adware-type browser extension. Following successful installation, this piece of rogue software runs intrusive advertisement campaigns.

In other words, it delivers various misleading and even malicious ads. Furthermore, Ytviewer has data tracking abilities, which are used to spy on users' browsing activity.

Due to the questionable techniques used to distribute adware-types, they are classified as PUAs (Potentially Unwanted Applications).

What is oundoutth[.]biz?

It is highly advisable not to trust oundoutth[.]biz or websites it promotes. There are many sites like this on the Internet, for example, wholecommonposts[.]com, besty-deals[.]com, and n02[.]biz.

Usually, users do not visit such sites on purpose. These pages get opened through deceptive advertisements, other untrustworthy sites, or potentially unwanted applications (PUAs).

It is uncommon for PUAs to be downloaded and installed intentionally. That is the reason why they are called potentially unwanted.

It is noteworthy that apps of this kind can be designed to collect various data and (or) display advertisements.

What is Ducky ransomware?

Discovered by dnwls0719, Ducky is the name of a ransomware-type program. Systems infected with this malware experience data encryption and receive ransom demands for the decryption.

In other words, this software renders files inaccessible, and victims are asked to pay - to recover access to their data. During the encryption process, all of the affected files are appended with the ".ducky" extension.

For example, a file initially titled something like "1.jpg" would appear as "1.jpg.ducky", "2.jpg" as "2.jpg.ducky", and so forth. Once this process is complete, ransom notes are created/displayed in a pop-up window ("RECOVER YOUR FILES.hta") and "RECOVER YOUR FILES.txt" text files, which are dropped into compromised folders.