Virus and Spyware Removal Guides, uninstall instructions

What is protected-connect[.]com?

protected-connect[.]com is a deceptive website, which runs various scams. The content presented on this page typically targets iPhone users, yet it is possible that the site may be accessed through other Apple devices.

At the time of research, protected-connect[.]com promoted a free VPN app scheme, however, it might promote variants of the "(3) Viruses have been detected on your iPhone", "Your Apple iPhone is severely damaged", or "VPN Update" scams.

The goal of these schemes is to endorse untrusted software such as fake anti-virus tools, adware, browser hijackers, and other Potentially Unwanted Applications (PUAs).

Note that this type of scam can proliferate malware (e.g., Trojans, ransomware, etc.). Websites like protected-connect[.]com are usually accessed unintentionally via mistyped URLs, redirects caused by intrusive advertisements, or installed PUAs.

What is support-notify[.]space?

support-notify[.]space is one of many scam websites which attempt to trick users into believing they must download and install certain applications to remove the viruses that have apparently been detected on their devices.

Web pages that use such scare tactics should never be trusted. All of the virus notifications/alerts issued by them are fake. Note that users do not often visit these bogus sites intentionally - they are opened after clicking dubious advertisements, through other bogus websites, or by potentially unwanted applications (PUAs) installed on devices.

What is VaPo?

VaPo is a type of malware that prevents victims from accessing their files by encryption. It also changes the desktop wallpaper, creates the "HOW TO DECRYPT FILES.txt" files in folders that contain encrypted files, and displays a pop-up window. All three contain messages demanding a ransom to restore access to files.

Additionally, VaPo renames each encrypted file by appending the ".VaPo" extension. For example, "1.jpg" is renamed to "1.jpg.VaPo", "2.jpg" to "2.jpg.VaPo", and so on.

Note that VaPo is a part of the Xorist ransomware family.

What is settings-chrome[.]com?

The internet is full of untrusted websites, including settings-chrome[.]com, which shares many similarities with thehypenewz.com, lcutterlyba.top, thehypenewz.com, and countless others. Visitors to these sites are presented with dubious content and/or are redirected to other bogus and malicious websites.

Typically, access to settings-chrome[.]com and similar sites is caused via redirects from intrusive ads or Potentially Unwanted Applications (PUAs). These apps do not need explicit consent to be installed onto systems, and thus visitors may be unaware of their presence.

PUAs have dangerous functionality, including force-opening sites, running intrusive advertisement campaigns, and collecting browsing-related information.

What is newsfeedscroller[.]com?

newsfeedscroller[.]com is an untrusted website: it promotes other bogus web pages and contains deceptive, dubious content.

These site are not often visited by people intentionally - they are opened after clicking deceptive ads, through other untrusted web pages, or by potentially unwanted applications (PUAs) that users have inadvertently installed onto their browsers or computers.

There are many pages similar to newsfeedscroller[.]com on the internet. Some examples are thehypenewz[.]com, lcutterlyba[.]top, and goodmode[.]biz.

What is ExploreActivity?

ExploreActivity is classified as a potentially unwanted application (PUA) because of the method employed for distribution: via a fake installer for Adobe Flash Player. Note that users do not often download/install ExploreActivity or similar apps intentionally.

The main purpose of ExploreActivity is to generate ads and promote a fake search engine. In this way, it functions as adware and a browser hijacker. Moreover, it is likely that this app is designed to collect information about its users.

What is JCleaner?

JCleaner is a potentially unwanted application (PUA) with an identical name as a cleaner/system optimizer from Vitsoft. PUAs are often bundled with other software by including them with downloaders and installers as "extra offers".

These programs are classified as potentially unwanted, since users often download and install them inadvertently. Applications that are distributed using dubious methods should never be trusted or used. This also applies to JCleaner. Furthermore, the installer for JCleaner is detected as a threat by more than 40 antivirus scanners on VirusTotal.

What is the arenabg[.]ch site?

arenabg[.]ch is the address of a Peer-to-Peer sharing website. It invites users to download pirated software and media via Torrent files. As well as infringing copyright laws, this site uses rogue advertising networks. Visitors to websites that employ this monetization technique are redirected to various other untrusted and malicious web pages.

Furthermore, Torrent websites can offer Potentially Unwanted Applications (PUAs) and malware (such as Trojans, ransomware, etc.) disguised as or packed with ordinary content.

What is Txziyp?

Txziyp is a type of malware that makes files inaccessible by encryption and keeps them unusable until a ransom is paid.

It also renames each encrypted file by appending the ".txziyp" extension to filenames. For example, "1.jpg" is renamed to "1.jpg.txziyp", "2.jpg" to "2.jpg.txziyp", and so on.  Txziyp also creates a ransom message (within the "HOW TO RESTORE YOUR FILES.TXT" file), placing it in all folders that contain encrypted files.

Note that Txziyp belongs to the Snatch ransomware family.

What is VideoBoxApp?

VideoBoxApp is described by its developer as a high-quality standard video player. The problem with this app is that it is distributed using a fake Adobe Flash Player installer. Therefore, there is a significant chance that users will be unaware of how this app was installed.

Apps that users download and install inadvertently are classified as potentially unwanted applications (PUAs). Note that PUAs that are distributed using fake installers often come bundled with other apps of this kind including, for example, adware, browser hijackers.