Virus and Spyware Removal Guides, uninstall instructions

What is WebFox?

WebFox is a rogue browser, based on an open-source project called Chromium. It is endorsed as a browser that offers faster and safer browsing. In addition, it has a feature that allows users to access certain browser functions straight from the desktop.

In fact, WebFox is classified as adware. It runs intrusive advertisement campaigns and delivers various misleading, deceptive and possibly malicious ads. Due to the dubious methods used to proliferate WebFox, it is also classified as a Potentially Unwanted Application (PUA). Furthermore, most PUAs have data tracking capabilities, which are employed to monitor users' browsing activity.

What is OceanLotus?

Research shows that the OceanLotus 'backdoor' targets MacOS computers. Cyber criminals behind this backdoor have already used this malware to attack human rights and media organizations, some research institutes, and maritime construction companies .

The OceanLotus backdoor is distributed via a fake Adobe Flash Player installer and a malicious Word document (it is likely that threat authors distribute the document via malspam emails).

What is .help (VoidCrypt) ransomware?

Discovered by xiaopao, .help is a malicious program that belongs to the VoidCrypt ransomware family. Systems infected with this malware experience data encryption and users receive ransom demands for decryption tools/software.

When .help (VoidCrypt) encrypts, all affected files are renamed following this pattern: original filename, cyber criminals' email address, unique ID assigned to the victims and the ".help" extension. For example, a file originally named "1.jpg" would appear as something similar to "1.jpg.[galivertones@aol.com][AT72E0MYZU5JN4Q].help" following encryption.

After this process is complete, ransom messages within "!INFO.HTA" files are dropped into compromised folders. An updated variant drops "Decrypt-me.txt" file instead.

What is ettvdl[.]com?

ettvdl[.]com is a torrent website which uses rogue advertising networks to promote various websites, including dubious ones. Commonly, websites such as ettvdl[.]com contain copyrighted content (movies, music, etc.).

Torrenting is not illegal, however, the same cannot be said about downloading copyrighted content. Therefore, you are advised not to use or visit ettvdl[.]com (or other similar pages).

What is WebDefence?

WebDefence is advertised as software that improves browsing security and the overall browsing experience. In fact, it is an advertising-supported web browser based on Chromium (free and open-source software project from Google). Therefore, WebDefence is classified as adware.

Note that, in most cases, users download and install adware inadvertently and, for this reason, apps of this type are categorized as potentially unwanted applications (PUAs).

What is GillCom?

GillCom is rogue software categorized as a browser hijacker. It operates by making changes to browser settings to promote fxsmash.xyz (a bogus search engine). In addition, GillCom has data tracking capabilities that are employed to monitor users' browsing habits.

Due to the dubious methods used to proliferate browser hijackers, they are also classified as Potentially Unwanted Applications (PUAs).

What is IncognitoSearchNet?

The main purpose of the IncognitoSearchNet browser hijacker is to force users to visit incognitosearchnet.com (a fake search engine). Like most apps of this type, it promotes the bogus address by modifying certain browser settings. IncognitoSearchNet also collects details relating to users' browsing habits.

Frequently, users download and install apps such as IncognitoSearchNet (browser hijackers) inadvertently and, for this reason, they are classified as potentially unwanted applications (PUAs).

What is the global-support[.]space site?

Global-support[.]space (apple.global-support[.]space) is a deceptive website designed to promote scams. At the time of research, this site ran a scheme targeting iPhone users, yet the web page might be accessed on other Apple devices as well.

This scam claims that users' iPhones have been infected and damaged. According to the scheme, these fake viruses can be removed by installing a recommended anti-virus tool. No website can detect threats/issues present on devices, and any that make such claims are scams.

The purpose of this scheme is to endorse untrusted software products such as Potentially Unwanted Applications (PUAs). Most users enter deceptive sites inadvertently via mistyped URLs, through redirects caused by intrusive advertisements, or by PUAs. Note that global-support[.]space has been observed being promoted via deceptive Calendar events.

What is tutupdate29[.]com?

Commonly, browsers open websites such as tutupdate29[.]com when they have potentially unwanted applications (PUAs) installed on them. I.e., users do not often visit these pages intentionally. Note tutupdate29[.]com (and similar sites) are also promoted via other dubious web pages and advertisements.

What is UpgradeCommand?

UpgradeCommand is designed to serve ads (like most adware-type apps) and promote a fake search engine. Therefore, UpgradeCommand functions both as adware and a browser hijacker. It is also likely to gather information relating to users' browsing habits and other data.

Users often download and install apps like UpgradeCommand inadvertently and, therefore, they are classified as potentially unwanted applications (PUAs).