Virus and Spyware Removal Guides, uninstall instructions

What kind of scam is "I monitored your device on the net for a long time"?

Sextortion emails are scams whereby scammers claim to have hacked into computers and recorded humiliating videos of recipients watching adult videos. Generally, scammers threaten to send the videos to other people on their contact lists unless recipients pay ransoms (usually in cryptocurrencies).

Ignore these emails, especially when computers have no webcam connected or integrated with them.

What is anitube[.]site?

anitube[.]site is an untrusted anime streaming website. As well as infringing copyright laws, this site uses rogue advertising networks. Web pages that employ this monetization technique promote various dubious, misleading, deceptive/scam, and even malicious sites. Therefore, you are strongly advised against visiting or using anitube[.]site.

What is BKGHJ ransomware?

BKGHJ is a malicious program that belongs to the Makop ransomware group. Systems infected with this malware have their data encrypted, the filenames of affected files are altered, and victims receive ransom demands for decryption.

During encryption, files are renamed following this pattern: original filename, unique ID assigned to the victims, cyber criminals' email address, and the ".BKGHJ" extension. For example, a file originally named "1.jpg" would appear as something similar to "1.jpg.[9B83AE23].[toddmhickey@outlook.com].BKGHJ" following encryption.

After this process is complete, ransom messages within "readme-warning.txt" files are dropped into compromised folders.

What is OriginalModule?

People do not often download or install the OriginalModule app intentionally, since its installer is disguised as the Adobe Flash Player installer. Therefore, OriginalModule is categorized as a potentially unwanted application (PUA).

This app is designed to modify browser settings (to promote a fake search engine), generate advertisements, and collect browsing-related and possibly sensitive information. In this way, OriginalModule functions as adware and a browser hijacker.

What is Sn0wsLogger?

Sn0wsLogger is malicious software, which is classified as a stealer. The primary purpose of this type of malware is to steal various sensitive and confidential information. Stealers have various capabilities, enabling them to carry out this purpose, however, in addition to being a serious privacy concern, these malicious programs also pose a threat to device safety.

What is VASA LOCKER?

VASA LOCKER is designed to prevent victims from accessing or using their files by employing SHA256 hashing, ChaCha8 encryption, ECDH key generation, and an algorithm to encrypt files and secure its keys.

VASA LOCKER also renames each encrypted file by appending the ".__NIST_K571__" extension to filenames. For example, "1.jpg" is renamed to "1.jpg.__NIST_K571__", "2.jpg" to "2.jpg.__NIST_K571__", and so on.

Malware of this type displays or creates ransom messages. This ransomware creates the "DECR.TXT" file, dropping it in all folders that contain encrypted data. Note that attackers behind VASA LOCKER target mainly companies and organizations, however, there is a high chance that regular users will also be targeted.

What is UpdaterSync?

UpdaterSync is an adware-type app with browser hijacker traits. It operates by running intrusive advertisement campaigns (i.e., delivering ads) and making modifications to browsers to promote fake search engines.

Due to the dubious methods used to proliferate UpdaterSync, it is also categorized as a Potentially Unwanted Application (PUA). Most PUAs have data tracking capabilities, which are employed to collect browsing-related information.

What is Cring?

Cring encrypts files and appends the ".cring" extension to filenames. For example, "1.jpg" is renamed to "1.jpg.cring", "2.jpg" to "2.jpg.cring", and so on.

Cring also creates a ransom message within a text file named "!!!!deReadMe!!!.txt", dropoing this file into all folders that contain encrypted files. Note that there are two ransom message variants.

What is ProcessBrand?

Adware generates unwanted advertisements, however, ProcessBrand also functions as a browser hijacker, changing browser settings to promote a fake search engine address. It is likely that ProcessBrand also gathers browsing data and other information.

These apps are often downloaded and installed by users unintentionally and, therefore, they are classified as potentially unwanted applications (PUAs).

What is aboutyoun[.]com?

Websites such as aboutyoun[.]com are promoted via deceptive advertisements, other untrusted pages, and potentially unwanted applications (PUAs). I.e., users do not often visit them intentionally. Many web pages are similar to aboutyoun[.]com including, for example, datingbasedspot[.]com, captchatopsource[.]com and continue-site[.]site.

Note that users do not often download or install PUAs intentionally. Apps of this type can be designed to promote untrusworthy pages, gather browsing data, and generate advertisements.