Virus and Spyware Removal Guides, uninstall instructions

What is the newstorg[.]cc site?

Sharing similarities with worldlifestylez.com, lotsnippier.cam, smartklick.biz, and countless others, newstorg[.]cc is an untrustworthy website. Visitors to this page are presented with dubious content and/or redirected to unreliable/malicious sites.

Webpages of this type are seldom accessed intentionally; most users get redirected to them by intrusive adverts or installed PUAs (Potentially Unwanted Applications). These apps do not need explicit user consent to infiltrate systems, and they can force-open websites, run intrusive advertisement campaigns, and collect browsing-related information.

What is the fake "Romanian Post" email?

"Romanian Post email virus" is the name of a malware-proliferating spam campaign - a large-scale operation during which deceptive emails are sent by the thousand. The letters distributed through this campaign - are disguised as notifications from the national Romanian Post (Poșta Română) and target Romanian users.

It must be emphasized that despite their legitimate appearance, these emails are fraudulent and in no way associated with the real Romanian Post. The scam letters claim that recipients have a package addressed to them waiting in one of the postal offices.

To receive the nonexistent parcel, the emails instruct recipients to print the recipient attached to them and use it in any of the offices. The fake receipt attachment contains FormBook malware's executable file, which initiates this malicious program's download/installation upon opening.

What is MailEx scam?

Scammers behind this phishing campaign use email to trick users into providing personal information. They send emails offering users to participate in a fake survey and get a certain prize in return.

After completing a survey, visitors are asked to enter personal information to claim their "reward". It is important to mention that such scams can be used to trick users into providing financial information, paying "transaction", "processing" fees as well.

Either way, it is strongly recommended to ignore emails of this type and not to trust websites that they promote/enter any personal information on them.

What is worldlifestylez[.]com?

Worldlifestylez[.]com is a rogue website, visitors to which are presented with questionable content and/or get redirected to other untrustworthy and malicious sites. Users tend to access such pages inadvertently.

Most get redirected to them by intrusive adverts or installed PUAs (Potentially Unwanted Applications). This software does not require permission to infiltrate systems; hence, users may be unaware of its presence.

These apps can have heinous functionalities, including - causing redirects, delivering intrusive advertisement campaigns, and collecting browsing-related information. The Internet is rife with webpages like worldlifestylez[.]com; lotsnippier.cam, smartklick.biz, topnewsfresh.xyz, and ddyuei.com are just a few examples.

What is Lookfornewitguy?

Ransomware is a form of malware that infects computers to block access to files by encrypting them. Usually, ransomware encrypts files, modifies their filenames, and generates a ransom note. Lookfornewitguy belongs to the Phobos ransomware family.

It renames files by appending the victim's ID, ICQ_Lookfornewitguy (ICQ username), and the ".Lookfornewitguy" extension to their filenames.

For example, it changes a file named "1.jpg" to "1.jpg.id[C279F237-3203].[ICQ_Lookfornewitguy].Lookfornewitguy", "2.jpg" to "2.jpg.id[C279F237-3203].[ICQ_Lookfornewitguy].Lookfornewitguy", and so on. It creates two ransom notes: "info.hta" and "info.txt".

What is "Instagram Password Hacker"?

"Instagram Password Hacker" is a scam run on various deceptive websites. This scheme is presented as a hacking service allowing users to steal Instagram social media accounts by entering their usernames.

The aim of "Instagram Password Hacker" is to promote untrustworthy and malicious sites, namely phishing webpages. Typically, users access deceptive/scam sites via mistyped URLs, redirects caused by intrusive advertisements, or have them force-opened by installed PUAs (Potentially Unwanted Applications).

What is Shipping Survey Reward scam?

It is common that scammers use fake online surveys to trick unsuspecting visitors into providing personal or financial information. They use provided information to commit identity theft, sell it to third parties, or monetize it in some other way.

It is important to mention that scammers behind these online survey scams impersonate legitimate companies. In this particular case, scammers promote their survey via email - they send emails disguised as letters from UPS regarding user experience survey.

It is strongly recommended to ignore emails of this type and, more importantly, not to provide personal information on pages that these emails promote.

What is Kfuald ransomware?

Discovered by Petrovic, Kfuald is a malicious program classified as ransomware. It operates by encrypting data (rendering files inaccessible/useless) and making ransom demands for the decryption (access/use recovery).

During the encryption process, affected files are appended with the ".kfuald" extension. For example, a file originally named something like "1.jpg" would appear as "1.jpg.kfuald", "2.jpg" as "2.jpg.kfuald", "3.jpg" as "3.jpg.kfuald", and so forth.

After this process is complete, a pop-up window is displayed, which contains the ransom note.

What is the "this is not a formal email" scam letter?

"This is not a formal email" is the name of a scam campaign - a large-scale operation during which thousands of deceptive emails are sent. This campaign uses the sextortion scam model. In other words, the letter sender proclaims to have made an explicit, compromising video of the recipient - and threatens to publicize it unless they are paid.

It must be be emphasized that none of the information provided by these emails - is true. Most importantly, the recording does not actually exist. Hence, the "this is not a formal email" letters have to be ignored.

What is Bdev?

Ransomware is a type of malicious software that prevents victims from using their files by encrypting them. Usually, victims cannot decrypt their files without the right decryption tool.

Ransomware generates a ransom note with instructions on how to purchase that tool. It is very common that malware of this type modifies the filenames of all encrypted files.

Bdev appends the victim's ID, bad_dev@tuta.io email address, and ".bdev" extension to their filenames. For example, it renames a file named "1.jpg" to "1.jpg.id-C279F237.[bad_dev@tuta.io].bdev", "2.jpg" to "2.jpg.id-C279F237.[bad_dev@tuta.io].bdev", and so on.

Bdev generates two ransom notes: displays a pop-up window and creates the "info.txt" text file. This ransomware variant is part of the Dharma family.