Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is FluBot?

FluBot (also known as Cabassous) is malicious software that targets Android smartphones. Cyber criminals distribute FluBot via SMS messages, which they send (in at least in three different languages such as German, Polish, and Hungarian) with links to download websites for a fake FedEx application. These websites download a malicious APK file (Android Package file) designed to install FluBot banking malware.

What is Ekvf?

This ransomware belongs to the Djvu family.

Generally, ransomware encrypts files and displays/creates ransom messages. Cyber criminals use malware of this type to prevent victims from accessing their files and force them to pay for decryption keys/software.

Ekvf also encrypts files and renames them by appending ".ekvf" as the file extension. For example, "1.jpg" is renamed to "1.jpg.ekvf", "2.jpg" to "2.jpg.ekvf", and so on. Ekvf crates its ransom message (within the "_readme.txt" text file) in all folders containing affected data.

What is Onim ransomware?

Onim is a ransomware-type program discovered by malware researcher S!Ri. Systems infected with this malware experience data encryption (i.e., affected files are rendered inaccessible) and victims receive ransom demands for decryption.

During the encryption process, files are appended with the ".aes" extension. For example, a file originally named something like "1.jpg" would appear as "1.jpg.aes" following encryption.

After this process is complete, ransom messages in "Readme.txt" files are dropped into compromised folders. Additionally, Onim changes the desktop wallpaper.

What is WebRadioSearch?

WebRadioSearch is rogue software categorized as a browser hijacker. It operates by making changes to browser settings to promote the webradiosearch.com fake search engine. Furthermore, most browser hijackers can monitor users' browsing habits. Therefore, it is likely that WebRadioSearch has these data tracking capabilities as well.

Due to the dubious techniques used to proliferate browser hijackers, they are also classified as Potentially Unwanted Applications (PUAs).

What is Pecunia?

Typically, ransomware encrypts files and generates ransom messages. Malware of this type prevents victims from accessing/using files and encourages them to purchase decryption tools.

Pecunia encrypts files, renames them, and creates the "readme-warning.txt" text file (ransom message) in folders containing affected data. It renames files by appending a string of randomly-generated characters, the pecunia0318@airmail.cc email address and ".pecunia" as the file extension to the filenames. For example, "1.jpg" is renamed to "1.jpg.[9B83A23].[pecunia0318@airmail.cc].pecunia", "2.jpg" to "2.jpg.[9B83A23].[pecunia0318@airmail.cc].pecunia", and so on.

Note that Pecunia is part of the Makop ransomware family.

What is landoseseq[.]com?

landoseseq[.]com is a deceptive website designed to scare visitors into downloading and installing a potentially unwanted application (PUA). Like most websites of this type, landoseseq[.]com claims to be an official Apple website and to have detected a Trojan on the device.

Notifications, virus alerts and other messages on websites such as landoseseq[.]com are fake and should be ignored. Typically, these web pages are promoted through other untrusted pages, deceptive advertisements, and PUAs.

What is PC CURE PRO?

PC CURE PRO is an untrusted application, promoted as an operating system optimization tool. It is supposedly capable of resolving Windows Registry issues and removing various errors.

Due to the dubious techniques used to proliferate this app, it is categorized as a Potentially Unwanted Application (PUA). Software within this category may seem legitimate, yet it is usually nonoperational.

Furthermore, PUAs often have undisclosed, dangerous capabilities.

What kind of malware is DarkCrystal?

DarkCrystal, also known as dcRAT, is a Remote Access Trojan (RAT). Malware of this type enables remote access and control over an infected device. RATs can manipulate machines in various ways and can have likewise varied functionality.

DarkCrystal is a dangerous piece of software, which poses a significant threat to device and user safety.

What is Crapsomware?

Discovered by Petrovic, Crapsomware is a ransomware-type program designed to encrypt data and demand payment for decryption tools. I.e., the files affected by Crapsomware are rendered inaccessible, and victims are asked to pay a ransom to unlock them.

During the encryption process, files are appended with the ".crap" extension. For example, a file initially named something like "1.jpg" would appear as "1.jpg.crap", "2.jpg" as "2.jpg.crap", etc.

Following the completion of this process, a ransom message is displayed in a pop-up window.

What is fastcaptcharesolve[.]com?

fastcaptcharesolve[.]com is a rogue website, sharing many similarities with thedailyrobotcheck.site, bestletherservice.me, wholefreshposts.com, and countless others. This page operates by delivering dubious content and redirecting visitors to other untrusted/malicious sites.

Users rarely access web pages of this kind intentionally - most are redirected to them by intrusive ads or installed Potentially Unwanted Applications (PUAs). This software does not require explicit permission to infiltrate systems, and thus users may be unaware of its presence.

PUAs cause redirects, run intrusive ad campaigns, and collect browsing-related information.