Virus and Spyware Removal Guides, uninstall instructions

What is AdFreeVision?

AdFreeVision is described by its developers as the best extension for blocking advertisements on YouTube. Ironically, this app not blocks ads but generates them.

It is noteworthy that adware is a type of software that can be designed to gather browsing-related and other information. It is common for advertising-supported software to be distributed by its developers in deceptive ways.

Therefore, most users download and install applications like AdFreeVision unknowingly, unintentionally. Apps that users download without intention to do so are called potentially unwanted applications (PUAs).

What is Edit webpage?

Edit webpage is the name of a browser hijacker designed to promote the fxsmash.xyz address, a fake search engine. Like most apps of this type, Edit webpage promotes fxsmash.xyz by modifying browser settings.

It is known that Edit webpage can read browsing history. However, it is likely that it can read other details as well. It is noteworthy that most users download and install browser hijackers without knowing about it.

Extensions, plug-ins, add-ons, and programs of other types that users download, install accidentally, unintentionally are called potentially unwanted applications (PUAs).

What is REGSERVO?

REGSERVO is a rogue application, endorsed as a tool capable of detecting and removing threats/issues present on operating systems. Due to the dubious techniques used to distribute this app, it is classified as a PUA (Potentially Unwanted Application).

Software within this classification is typically unable to perform the promised functionalities, and it may have harmful abilities instead.

What is the "Account Service" scam email?

"Account Service email scam" refers to a spam campaign - a mass-scale operation during which deceptive emails are sent by the thousand. These letters claim that multiple emails failed delivery (i.e., did not arrive into the inbox).

The claims are false and intended to trick recipients into visiting the promoted phishing website. The site is presented as the email account sign-in page.

Information (e.g., email addresses and passwords) entered into the phishing webpage will be recorded and revealed to the scammers, thereby allowing them to steal the corresponding accounts.

What is DirectX 12 download scam?

Microsoft DirectX is a collection of application programming interfaces in Windows that allow software (especially games) to work with the audio and video hardware installed on a computer. The latest DirectX version is DirectX 12, and it is available for download on the official Microsoft page (microsoft.com).

It is known that there is a fake DirectX download website used to trick users into downloading and launching a malicious installer designed to install CryptBot. It is important to mention that this could be not the only fake DirectX download page used to distribute the aforementioned or some other malware.

What is "PayApp Reward"?

The "PayApp Reward scam" is an online scheme, which claims that users will be rewarded if they complete a short questionnaire. This scam type aims to promote unreliable, deceptive, and even malicious sites by offering fake prizes.

These schemes are run on various untrustworthy webpages, and the pages may be endorsed using a variety of questionable tactics. The "PayApp Reward" scam has been observed being promoted through spam mail, e.g., emails titled "we..got..a..surpise...for...you......3784" (may vary).

Users rarely access deceptive websites intentionally; most enter them via mistyped URLs, redirects caused by intrusive advertisements, or have them force-opened by installed PUAs (Potentially Unwanted Applications).

What is BENTLEY?

Ransomware is a type of malicious software that prevents victims from accessing their files by encrypting them and displays or creates a ransom note.

In some cases, victims cannot even access the whole operating system. Another detail about malware of this type is that most variants rename files.

BENTLEY modifies filenames of all encrypted files by appending the ".BENTLEY" extension to them. For instance, it renames a file named "1.jpg" to "1.jpg.BENTLEY", "sample.jpg" to "sample.jpg.BENTLEY", and so on.

BENTLEY creates the "BENTLEY-HELP.txt" file as its ransom note, it creates this file in all folders with affected files in them. BENTLEY belongs to the Nemty ransomware family, it was discovered by dnwls0719.

What is the "I have got two not really pleasant news for you" scam email?

"I have got two not really pleasant news for you" refers to a sextortion spam campaign. The term "spam campaign" defines a large-scale operation during which deceptive emails are sent by the thousand.

The letters distributed through this campaign - use the sextortion scam model, which states that the sender has obtained explicit recordings (of a sexual nature) featuring the recipient. It must be emphasized that the claims made by "I have got two not really pleasant news for you" emails - are false.

Hence, no compromising videos of the recipient exist, and the scammers' threats are empty. Therefore, these scam letters must be ignored.

What is captcharesolver[.]com?

Captcharesolver[.]com is one of the many deceptive websites containing shady content and opening other pages of this kind. More examples of pages like captcharesolver[.]com are captchareverse[.]com, video-notification[.]digital, and ngthatwe[.]fun.

Usually, these pages get opened through various untrustworthy pages, dubious advertisements, or potentially unwanted applications (PUAs) that users have unknowingly installed on a browser or the operating system. In other words, users do not open/visit sites like captcharesolver[.]com on purpose.

What is CryptOstonE?

CryptOstonE is a new variant of the CryptoWire ransomware. Systems infected with this malware have their data encrypted and receive ransom demands for the decryption.

In other words, the files affected by CryptOstonE are locked and rendered useless, and victims are asked to pay - to recover access to their data. During the encryption process, CryptOstonE renames files by inserting ".encrypted" in-between the filename and its extension.

For example, a file initially titled something like "1.jpg" would appear as "1.encrypted.jpg", "2.jpg" as "2.encrypted.jpg", and so on. Once this process is complete, a ransom note is displayed in a pop-up.

There is reason to believe that CryptOstonE ransomware is still in development and may have been released for testing purposes. The pop-up window lacks the cyber criminals' contact details and payment information, which prevents victims from even attempting to meet the ransom demands.