Virus and Spyware Removal Guides, uninstall instructions

What is thenicenewz[.]com?

thenicenewz[.]com is a rogue website designed to deliver dubious content and redirect visitors to other untrusted/malicious pages. The internet is full of rogue web pages including leasedtohe.biz, ablotadom.com, and pu.biz (just some examples).

Users rarely access sites of this kind intentionally - most are redirected to them by intrusive ads or installed Potentially Unwanted Applications (PUAs). This software does not require express permission to be installed onto systems, and thus users may be unaware of its presence.

These apps operate by causing redirects, running intrusive advertisement campaigns, and collecting browsing-related data.

What is leasedtohe[.]biz?

leasedtohe[.]biz is an untrusted website, sharing many similarities with pu.biz, news-central.org, hanksforyou.biz, and countless others. This web page presents visitors with dubious material and redirects them to other rogue/malicious sites.

Typically, leasedtohe[.]biz and similar websites are accessed inadvertently. Most users are redirected to them by intrusive advertisements or Potentially Unwanted Applications (PUAs) already infiltrated into systems. These apps do not need explicit user consent to be installed onto devices. PUAs cause redirects, run intrusive ad campaigns, and gather browsing-related information.

What is Cypress?

An information stealer is a type of malware that is designed to gather login information (e.g., usernames, passwords), credit card details, bank account numbers, or other sensitive information that the attackers can monetize in various ways.

Cypress is an information stealer that targets a wide range of data and is advertised as the most powerful stealer for its cost. Cypress malware costs US$100 and is for sale on hacker forums. The developers have written this stealer using the C computer programming language.

Once installed, Cypress stores its data in RAM and does not write anything to the hard drive, which makes it virtually untraceable.

What is kind of malware is Spectre RAT?

Spectre is a malicious program classified as a Remote Access Trojan (RAT). Malware of this type enables stealthy remote access and control over an infected machine. RATs can have a wide variety of dangerous functionality, which can be used in likewise varied ways.

Spectre operates as an information stealer, keylogger, clipper/swapper, backdoor, and it also has certain botnet features. This piece of malicious software is highly dangerous, and as such, these infections must be removed immediately upon detection.

What is Bagli?

Ransomware is a type of malicious software that encrypts files and generate ransom messages. Malware of this type renames encrypted files as well. Bagli renames files by appending the ".bagli" extension to their filenames. For example, "1.jpg" is renamed to "1.jpg.bagli", "2.jpg" to "2.jpg.bagli", and so on.

Note that Bagli does not actually encrypt files - it overwrites file content (damages data to make it unusable) and creates the "oxu.txt" text file (a ransom message) in all folders containing affected data.

What is StreamSearchWeb?

StreamSearchWeb is rogue software classified as a browser hijacker. It promotes the streamsearchweb.com fake search engine by making modifications to browser settings.

Furthermore, browser hijackers typically monitor users' browsing activity, and it is likely that StreamSearchWeb has these data tracking capabilities. Due to the dubious techniques used to proliferate browser hijackers, they are also categorized as Potentially Unwanted Applications (PUAs).

What is "Norton Antivirus 2021 Update"?

"Norton Antivirus 2021 Update" refers to a scam run on various untrusted web pages. The scheme is presented an alert concerning a new update to the Norton anti-virus, which users are urged to install.

Note that "Norton Antivirus 2021 Update" is not a genuine message from NortonLifeLock, the software developers of Norton AntiVirus. The "small print" even states that it is an "Advertisement by an independent affiliate of Norton", though the claim of affiliation is untrue.

The purpose of these schemes is to endorse various products. It is especially rare for scams to promote legitimate tools, they are mostly used to distribute untrusted and possibly malicious software, most notably scams like "Norton Antivirus 2021 Update" promote fake anti-viruses, adware, browser hijackers, and other Potentially Unwanted Applications (PUAs). In some cases, schemes of this kind have been observed being used to proliferate malware (e.g., trojans, ransomware, cryptocurrency miners, etc.).

Deceptive sites are typically accessed inadvertently via mistyped URLs, redirects caused by intrusive advertisements, and installed PUAs.

What is Code #007d3Cx0d scam?

Typically, scammers behind tech-support scams such as this attempt to trick users into installing unwanted software, providing remote access to computers or paying for unnecessary "technical" services.

In most cases, these websites display fake virus/error notifications claiming that users must fix the problem immediately, otherwise there will be even more damage.

Users do not often visit tech-support scam websites intentionally - they are opened via deceptive advertisements, other untrusted websites, and installed potentially unwanted applications (PUAs).

What is HANTA ransomware?

HANTA is a piece of malicious software categorized as ransomware. It operates by encrypting data and demanding payment for decryption. I..e., victims cannot access/use files affected by HANTA, and receive ransom demands for access/use recovery.

During the encryption process, files are appended with the ".HANTA" extension. For example, a file initially named something like "1.jpg" would appear as "1.jpg.HANTA", "2.jpg" as "2.jpg.HANTA", "3.jpg" as "3.jpg.HANTA", and so on.

After this process is complete, a ransom message within the "how_to_recover.txt" file is created. Additionally, this ransomware changes the desktop wallpaper.

What is CrYpTeD?

Ransomware is a type of malware that encrypts files to prevent victims from accessing them until they are decrypted using a specific decryption tool (software, key). CrYpTeD ransomware variant encrypts and renames files. It appends the ".CrYpTeD" extension to their filenames.

For example, it renames a file named "1.jpg" to "1.jpg.CrYpTeD", "2.jpg" to "2.jpg.CrYpTeD", and so on. It also displays a pop-up window and creates the "КАК РАСШИФРОВАТЬ ФАЙЛЫ.txt" text file. Both pop-up message and text files are written in the Russian language.

When CrYpTeD infects computers that do not have this language installed on them, its ransom notes are written in gibberish. This ransomware is part of the family of ransomware called Xorist.