Virus and Spyware Removal Guides, uninstall instructions

What is the "DENTIN METAL ENGINEERING" scam email?

"DENTIN METAL ENGINEERING" is a spam campaign, a large-scale operation during which deceptive emails are sent by the thousand. The messages distributed through this campaign are presented as invoice notifications.

These scam emails aim to promote a phishing website, which is disguised as a Microsoft Office Excel file. To view the fake document, users are asked to sign-in using their email accounts. Phishing sites are designed to record the information entered into them, in this case, email account passwords.

What is the Nyan Worm malware?

Nyan Worm is a malicious program classified as a Remote Access Trojan (RAT). Malware of this type is designed to enable stealthy access and control over an infected machine. These trojans can have a certain level of control over the device's hardware, software, and stored content and information.

RATs have a wide variety of malicious capabilities and the threats posed by them are likewise varied.

Nyan Worm is also considered to be 'backdoor' malware. This term refers to a piece of software capable of opening a "backdoor" for additional malicious programs. I.e., Nyan Worm can download/install trojans, ransomware, cryptocurrency miners, and different malware.

What is the "Your free trial period is almost over" email scam?

Commonly, scammers/cyber criminals use emails to trick recipients into transferring money, providing sensitive information, and even installing malware onto their computers.

Typically, cyber criminals disguise their emails as urgent, important, official messages from legitimate companies, organizations or other entities. When emails are used to deliver malware, they contain a website link or attachment.

What is LulzDecryptor?

Discovered by MalwareHunterTeam, LulzDecryptor is a ransomware-type program. It operates by encrypting data and demanding payment for decryption.

Malicious programs of this type typically append affected files with extensions or otherwise rename them, however, the filenames of files affected by LulzDecryptor remain unchanged. After the encryption process is complete, a ransom message is created in a pop-up window.

LulzDecryptor ransomware is deemed to be skidware, a piece of malicious software created by individuals severely lacking the necessary skills.

Furthermore, this malware is decryptable. The decryption key is "4aEWaAMtxGnHPcvGnuxtEWYCPb5AxuC3ABcLRmz7AQZ2wdVpreduKK9C7LU7" (without the quotation marks).

What is the Napoli Merda ransomware?

Napoli Merda is a ransomware-type program designed to encrypt data and demand payment for decryption. I.e., the files affected by this malware are rendered inaccessible and victims are asked to pay to recover access to them.

Typically, ransomware renames encrypted files, however, this is not the case with Napoli Merda. Once the encryption process is complete, this ransomware displays a pop-up window containing a ransom message in Italian.

Napoli Merda is considered to be skidware: malicious software created by individuals severely lacking the necessary skills. This program is decryptable and the password to initiate the decryption process is "password123" (without the quotation marks).

What is the fake "GoDaddy" email?

"GoDaddy email scam" refers to a spam campaign, a mass-scale operation during which deceptive emails are sent by the thousand.

The emails distributed through this campaign are presented as notifications from GoDaddy, a publicly traded internet domain registrar and web hosting company. These scam messages inform of an upcoming upgrade to the recipients' emails and ask them to verify their email accounts.

This mail promotes a phishing website designed to record entered account log-in credentials (i.e., passwords). Note that all of the information provided by these emails is false, and they are in no way associated with the genuine GoDaddy, Inc.

What is Xtreme?

Xtreme is a Remote Access Trojan (RAT), which grants access and control of infected machines to facilitate various malicious actions.

This malware has been used globally, targeting governments and governmental organizations, financial institutions, large private corporations, telecommunication companies and media outlets, however, while it primarily targeted representatives and employees of the aforementioned entities, smaller businesses or average users are often targeted.

What is the hanksforyou[.]biz site?

hanksforyou[.]biz is a rogue website designed to deliver dubious content and redirect visitors to other untrusted, possibly malicious web pages.

Users rarely access hanksforyou[.]biz and similar sites intentionally - most are redirected to them by intrusive advertisements or installed Potentially Unwanted Applications (PUAs). This software does not need explicit permission to infiltrate systems, and thus users may be unaware of its presence.

PUAs are designed to cause redirects, run intrusive advertisement campaigns, and collect browsing-related data. The internet is full of rogue websites including fastcaptcharesolve.com, allowsuccess.org, ardoppoprus.biz, and thedailyrobotcheck.site as just some examples.

What is the "Facebook Lottery" scam email?

"Facebook Lottery" is a spam email campaign, a large-scale operation during which deceptive email messages are sent by the thousand. This campaign is in no way associated with Facebook, Inc. and all of the information provided by these emails is false.

The scam messages claim that recipients have been selected as one of the three winners of a fake lottery. This spam mail operates as a phishing scam. I.e., the purpose is to extract sensitive/personal information and use it for nefarious purposes.

What is Search Button?

Search Button is a browser hijacker promoting the keysearchs.com bogus search engine. Typically, software within this classification modifies browser settings to promote its associated search engines, however, Search Button does not always make alterations to the settings when promoting the keysearchs.com web searcher (see below).

Additionally, Search Button has data tracking capabilities, which are used to monitor users' browsing habits. Since most users download/install browser hijackers inadvertently, they are also classified as Potentially Unwanted Applications (PUAs).