Virus and Spyware Removal Guides, uninstall instructions

What is Lookfornewitguy?

Ransomware is a form of malware that infects computers to block access to files by encrypting them. Usually, ransomware encrypts files, modifies their filenames, and generates a ransom note. Lookfornewitguy belongs to the Phobos ransomware family.

It renames files by appending the victim's ID, ICQ_Lookfornewitguy (ICQ username), and the ".Lookfornewitguy" extension to their filenames.

For example, it changes a file named "1.jpg" to "1.jpg.id[C279F237-3203].[ICQ_Lookfornewitguy].Lookfornewitguy", "2.jpg" to "2.jpg.id[C279F237-3203].[ICQ_Lookfornewitguy].Lookfornewitguy", and so on. It creates two ransom notes: "info.hta" and "info.txt".

What is "Instagram Password Hacker"?

"Instagram Password Hacker" is a scam run on various deceptive websites. This scheme is presented as a hacking service allowing users to steal Instagram social media accounts by entering their usernames.

The aim of "Instagram Password Hacker" is to promote untrustworthy and malicious sites, namely phishing webpages. Typically, users access deceptive/scam sites via mistyped URLs, redirects caused by intrusive advertisements, or have them force-opened by installed PUAs (Potentially Unwanted Applications).

What is Shipping Survey Reward scam?

It is common that scammers use fake online surveys to trick unsuspecting visitors into providing personal or financial information. They use provided information to commit identity theft, sell it to third parties, or monetize it in some other way.

It is important to mention that scammers behind these online survey scams impersonate legitimate companies. In this particular case, scammers promote their survey via email - they send emails disguised as letters from UPS regarding user experience survey.

It is strongly recommended to ignore emails of this type and, more importantly, not to provide personal information on pages that these emails promote.

What is Kfuald ransomware?

Discovered by Petrovic, Kfuald is a malicious program classified as ransomware. It operates by encrypting data (rendering files inaccessible/useless) and making ransom demands for the decryption (access/use recovery).

During the encryption process, affected files are appended with the ".kfuald" extension. For example, a file originally named something like "1.jpg" would appear as "1.jpg.kfuald", "2.jpg" as "2.jpg.kfuald", "3.jpg" as "3.jpg.kfuald", and so forth.

After this process is complete, a pop-up window is displayed, which contains the ransom note.

What is the "this is not a formal email" scam letter?

"This is not a formal email" is the name of a scam campaign - a large-scale operation during which thousands of deceptive emails are sent. This campaign uses the sextortion scam model. In other words, the letter sender proclaims to have made an explicit, compromising video of the recipient - and threatens to publicize it unless they are paid.

It must be be emphasized that none of the information provided by these emails - is true. Most importantly, the recording does not actually exist. Hence, the "this is not a formal email" letters have to be ignored.

What is Bdev?

Ransomware is a type of malicious software that prevents victims from using their files by encrypting them. Usually, victims cannot decrypt their files without the right decryption tool.

Ransomware generates a ransom note with instructions on how to purchase that tool. It is very common that malware of this type modifies the filenames of all encrypted files.

Bdev appends the victim's ID, bad_dev@tuta.io email address, and ".bdev" extension to their filenames. For example, it renames a file named "1.jpg" to "1.jpg.id-C279F237.[bad_dev@tuta.io].bdev", "2.jpg" to "2.jpg.id-C279F237.[bad_dev@tuta.io].bdev", and so on.

Bdev generates two ransom notes: displays a pop-up window and creates the "info.txt" text file. This ransomware variant is part of the Dharma family.

What is UltraWebFormat?

UltraWebFormat is a piece of rogue software categorized as a browser hijacker. It operates by promoting (causing redirects to) the search.7ax6.com fake search engine - by making changes to browser settings.

Additionally, UltraWebFormat adds the "Managed by your organization" feature to Google Chrome browsers. Typically, software within this category also has data tracking abilities, which are employed to spy on users' browsing habits.

UltraWebFormat likely has such functionalities as well. Since most users download/install browser hijackers inadvertently, they are classified as PUAs (Potentially Unwanted Applications) as well.

What is the lotsnippier[.]cam site?

Sharing similarities with smartklick.biz, wholecoolstories.com, ddyuei.com, and many others, lotsnippier[.]cam is an untrustworthy website. It is designed to deliver dubious content and/or redirect visitors to other unreliable/malicious pages.

Sites of this type are usually accessed unintentionally; most users enter them through redirects caused by intrusive advertisements or installed PUAs (Potentially Unwanted Applications). These apps do not require explicit user consent to infiltrate systems.

PUAs operate by causing redirects, running intrusive advertisement campaigns, and collecting browsing-related information.

What is SimpleProjectSearch?

SimpleProjectSearch is classified as adware and a browser hijacker - it generates advertisements and promotes a fake search engine (by making certain changes in settings of a web browser). It is common that both adware-type apps and browser hijackers gather information about users as well.

It is noteworthy that most of the times, apps of this kind get downloaded and installed by users without them knowing about it because they are distributed using questionable, deceptive methods.

Therefore, SimpleProjectSearch and other apps of this kind are called potentially unwanted applications (PUAs). It is known that SimpleProjectSearch is distributed via a fake Adobe Flash Player installer.

What is You Are Our Winner Today!?

"You Are Our Winner Today!" is a deceptive pop-up message displayed by various rogue sites. Research shows that, in most cases, users visit these sites inadvertently - they are redirected by various PUPs (potentially unwanted programs) and intrusive ads delivered by other sites.

Furthermore, potentially unwanted programs typically infiltrate systems without permission, deliver intrusive ads, and record sensitive information.