Virus and Spyware Removal Guides, uninstall instructions

What is Your System Detected Some Unusual Activity?

There are many fake error messages that are displayed when users visit deceptive/untrustworthy websites. These include "Your System Detected Some Unusual Activity", a fake virus alert message that is displayed in text format and also plays an audio message.

Typically, people arrive at these deceptive websites unintentionally - they are redirected by potentially unwanted applications (PUAs). These apps infiltrate systems without users' direct permission, deliver intrusive ads, and record browsing-related information.

What is DominantCommand?

DominantCommand generates ads and promotes a fake search engine by modifying browser settings. Therefore, this app is classified as adware and a browser hijacker. Note that apps like DominantCommand are capable of accessing sensitive information.

Both adware-type apps and browser hijackers are classified as potentially unwanted applications (PUAs) because users rarely download or install them intentionally.

What is the "Banca Sella" scam email?

"Banca Sella email scam" refers to a spam campaign. This term defines a mass-scale operation during which thousands of deceptive emails are sent. The scam messages sent through this campaign are presented as emails from Banca Sella, a genuine Italian bank based in Biella, Piedmont.

The fake messages claim that recipients have an important message waiting for them. The scammers behind this spam campaign aim to gain access/control over recipients' Banca Sella bank accounts by promoting a phishing website disguised as a sign-in page.

What is "Chrome search contest 2021"?

Practically identical to "You've Made The 5-billionth Search", "Chrome search contest 2021" is a scam promoted on various deceptive websites. This scheme claims that users have been selected as winners to win valuable prizes.

All scams aim to generate revenue for their designers, yet how they profit differs. Typically, scams like "Chrome search contest 2021" ask victims to pay to receive fake prizes and/or operate as phishing schemes (collect sensitive/personal data).

Users rarely access these deceptive sites intentionally - most are redirected to them by intrusive advertisements or installed Potentially Unwanted Applications (PUAs). This software can have dangerous functionality, and users may be unaware of its presence as it does not require explicit permission to infiltrate systems.

What is Conf Search?

Conf Search is a browser hijacker which changes certain browser settings to conf-search.com, the address of a fake search engine. This app also adds the "Managed by your organization" feature (on Chrome browsers).

Note that most browser hijackers collect details relating to web browsing activity, and this is also likely to be the case with Conf Search.

Typically, users download browser hijackers unintentionally and, therefore, Conf Search and other apps of this type are classified as potentially unwanted applications (PUAs).

What is Search Monster?

Search Monster is rogue software categorized as a browser hijacker. It is designed to promote the search.wemakemonsters.it bogus search engine by making modifications to browser settings. Search Monster also adds the "Managed by your organization" feature to Google Chrome browsers.

Furthermore, most browser hijackers have data tracking capabilities, which are used to monitor users' browsing activity. Search Monster likely has this functionality as well. Due to the dubious distribution techniques used to proliferate browser hijackers, they are classified as Potentially Unwanted Applications (PUAs).

What is FuuCry ransomware?

FuuCry is a malicious program, which is categorized as ransomware. Systems infected with this malware have their data encrypted (rendered inaccessible) and users receive ransom demands for decryption (access recovery).

During the encryption process, affected files are appended with the ".cry" extension. For example, a file originally named something like "1.jpg" would appear as "1.jpg.cry", "2.jpg" as "2.jpg.cry", "3.jpg" as "3.jpg.cry", and so on.

After this process is complete, ransom-demand messages are created in the decryption window, pop-up, and "READ ME FOR DECRYPT.txt" text files, which are dropped into compromised folders.

What kind of malware is Acuna?

Ransomware encrypts files and creates ransom messages, blocking access to files stored on the infected computer and providing instructions about how to recover them. Note that Acuna ransomware belongs to the Phobos ransomware family.

In addition to encrypting files, Acuna renames them by adding the victim's ID and cusapool@firemail.cc email address to their filenames and appending ".Acuna" as the file extension. For example, "1.jpg" is renamed to "1.jpg.id[C279F237-3163].[Cusapool@firemail.cc].Acuna", "2.jpg" to "2.jpg.id[C279F237-3163].[Cusapool@firemail.cc].Acuna", and so on.

Acuna also displays a pop-up window and creates the "info.txt" file, both of which are ransom messages.

What is "FedEx Express Email Virus"?

"FedEx Express Email Virus" is yet another spam email campaign disguised as a shipment arrival notification from the FedEx company.

The main purpose of this campaign is to give the impression of legitimacy and trick recipients into opening a malicious attachment (typically, an archive file). Once opened/executed, the attachment injects LokiBot trojan into the system.

LokiBot is high-risk malware designed to gather various data and save it to a remote server.

What is Direct Search?

Browser hijackers promote fake search engines by changing the settings of hijacked browsers. Direct Search promotes the search-direct.net address in this way. It also adds the "Managed by your organization" feature to Chrome browsers.

This app is virtually identical to another browser hijacker called Storm Search.

These rogue apps are not often downloaded or installed intentionally and, for this reason, they are categorized as potentially unwanted applications (PUAs). Note also that Direct Search collects browsing-related information.