Virus and Spyware Removal Guides, uninstall instructions

What is the node Quota Exceeded email scam?

Commonly, cyber criminals use emails to trick recipients into providing personal information (such as credit card details, name, surname, bank account number), installing malware on the operating system (e.g., ransomware, Trojan), and transferring money.

Generally, they send emails purporting to be from a legitimate company, organization or other entity. This particular email is disguised as a final notice message from cPanel (web hosting control panel software developer) stating that a specific domain has reached its Inode quota (a website has reached maximum allowed resources).

What is Nin9?

Ransomware encrypts files and keeps them inaccessible unless victims decrypt them with a specific decryption key or software. It also displays/creates ransom messages.

Nin9 encrypts and renames files, appending the ".nin9" extension to filenames. For example, "1.jpg" is renamed to "1.jpg.nin9", "2.jpg" to "2.jpg.nin9", and so on. It also creates the "HOW TO DECRYPT FILES.txt" text file, displays a pop-up message, and changes the desktop wallpaper.

Note that this ransomware variant belongs to the Xorist ransomware family.

What is Newtab browser hijacker?

Newtab is dubious software that promotes the fxsmash.xyz fake search engine by modifying browser settings. Therefore, Newtab is classified as a browser hijacker. Additionally, Newtab collects browsing-related information.

Since most users download/install browser hijackers inadvertently, they are also categorized as Potentially Unwanted Applications (PUAs).

What is Ujvxadjxkoz ransomware

Ujvxadjxkoz is a ransomware-type program designed to encrypt data and demand payment for decryption. Victims lose access and use of files affected by Ujvxadjxkoz, and they are asked to pay a ransom to recover access to their data.

During the encryption process, files are appended with the ".ujvxadjxkoz" extension. For example, a file initially named something like "1.jpg" would appear as "1.jpg.ujvxadjxkoz", "2.jpg" as "2.jpg.ujvxadjxkoz", "3.jpg" as "3.jpg.ujvxadjxkoz", and so on.

After this process is complete, ransom messages within "HOW TO RESTORE YOUR FILES.TXT" files are dropped into compromised folders.

Note that the Ujvxadjxkoz malicious program belongs to the Snatch ransomware family.

What is Movieapp Search?

Apps such as Movieapp Search (also known as Search for Movieapp) are classified as browser hijackers because they change browser settings to promote fake search engines. This particular app promotes search.movieapp.net.

Note that browser hijackers can be used to collect data as well.

Commonly, users download and install apps of this type unintentionally and, therefore, they are classified as potentially unwanted applications (PUAs).

What is ablotadom[.]com?

Sharing many similarities with hanksforyou.biz, fastcaptcharesolve.com, allowsuccess.org, ardoppoprus.biz, and thousands of others, ablotadom[.]com is a rogue website. This page is designed to present visitors with dubious content and/or redirect them to other bogus/malicious sites.

Typically, users enter these web pages via redirects caused by intrusive ads or installed Potentially Unwanted Applications (PUAs). These apps operate by causing redirects, running intrusive advertisement campaigns, and collecting browsing-related information.

What is X-FILES malware?

X-FILES (also known as XFiles) is an information stealer. Cyber criminals are offering three subscription plans for their potential users: 50 RUB for seven days; 500 RUB for one month, and; 1500 RUB for a lifetime.

X-FILES is advertised on hacker forums. It is written in the C# programming language and can be controlled through Telegram (the seller host). Like most information stealers, X-FILES targets sensitive information (passwords, credit card details, and so on).

What is the "DENTIN METAL ENGINEERING" scam email?

"DENTIN METAL ENGINEERING" is a spam campaign, a large-scale operation during which deceptive emails are sent by the thousand. The messages distributed through this campaign are presented as invoice notifications.

These scam emails aim to promote a phishing website, which is disguised as a Microsoft Office Excel file. To view the fake document, users are asked to sign-in using their email accounts. Phishing sites are designed to record the information entered into them, in this case, email account passwords.

What is the Nyan Worm malware?

Nyan Worm is a malicious program classified as a Remote Access Trojan (RAT). Malware of this type is designed to enable stealthy access and control over an infected machine. These trojans can have a certain level of control over the device's hardware, software, and stored content and information.

RATs have a wide variety of malicious capabilities and the threats posed by them are likewise varied.

Nyan Worm is also considered to be 'backdoor' malware. This term refers to a piece of software capable of opening a "backdoor" for additional malicious programs. I.e., Nyan Worm can download/install trojans, ransomware, cryptocurrency miners, and different malware.

What is the "Your free trial period is almost over" email scam?

Commonly, scammers/cyber criminals use emails to trick recipients into transferring money, providing sensitive information, and even installing malware onto their computers.

Typically, cyber criminals disguise their emails as urgent, important, official messages from legitimate companies, organizations or other entities. When emails are used to deliver malware, they contain a website link or attachment.