Virus and Spyware Removal Guides, uninstall instructions

What is Wise Mac Care?

Wise Mac Care is advertised as a tool that helps users to keep their Mac computers clean and healthy. Users can download this application through various channels, however, this app is distributed via a deceptive installer, which appears similar to an installer for Adobe Flash Player.

Applications that are distributed in this way should not be trusted. Commonly, people download and install them inadvertently and, therefore, they are categorized as potentially unwanted applications (PUAs)

What is WebAdviseSearch?

WebAdviseSearch is an adware-type application, which has features of a browser hijacker: it serves ads and changes certain browser settings to promote the address of a fake search engine. It is likely that it will also collect browsing data and other details.

Users often download and install WebAdviseSearch and similar apps inadvertently and, for this reason, they are classified as potentially unwanted applications (PUAs). This app is distributed via a fake installer, which is supposedly an installer for Adobe Flash Player.

What is YAYA ransomware?

YAYA is a malicious program and part of the GlobeImposter ransomware family. Systems infected with this ransomware experience data encryption (stored files are locked and renamed) and ransom demands are made for decryption. During the encryption process, all affected files are appended with the ".YAYA" extension.

For example, a file originally named something like "1.jpg" would appear as "1.jpg.YAYA" following encryption. After this process is complete, ransom-demand messages in "how_to_back_files.html" files are dropped into compromised folders.

What is DevModule?

This application is designed to function as adware, browser hijacker, and a data collector. More precisely, it serves advertisements, promotes a fake search engine address, and records private, sensitive information.

Frequently, users download and install apps such as DevModule inadvertently and, therefore, they are classified as potentially unwanted applications (PUAs).

What is the "Transcrop Bank" scam email?

"Transcrop Bank" refers to a malware-spreading spam email campaign. The term "spam campaign" is used to define a mass-scale operation, during which thousands of deceptive/scam emails are sent.

The "Transcrop Bank" scam messages claim that recipients have a large incoming transfer into their bank accounts and ask them to review the attached documents to confirm the data provided therein. Rather than containing this information, the archive files contain malicious executables of the Agent Tesla RAT (Remote Access Trojan).

This type of Trojan enables stealthy remote access and control over the compromised device. RATs have a wide variety of dangerous functionality, which can lead to likewise varied issues.

What is Bepabepababy?

This malware infection is part of the GlobeImposter ransomware family. Like other malware of this type, it encrypts files, renames them and creates a ransom message. Bepabepababy renames files by appending ".bepabepababy1@protonmail.com" to filenames.

For example, "1.jpg" is renamed to "1.jpg.bepabepababy1@protonmail.com", "2.jpg" to "2.jpg.bepabepababy1@protonmail.com", and so on. Bepabepababy creates a ransom message within the "how_to_back_files.html" HTML file in all folders that contain encrypted files.

What is securesearch.me?

securesearch.me is fake search engine that is promoted via a browser hijacker. Typically, browser hijackers promote fake search engines by making certain modifications to browser settings. They can also collect details relating to browsing activities. In this particular case, the browser hijacker adds the "Managed by your organization" feature to Chrome browsers.

Note that, in most cases, users download and install browser hijackers inadvertently. Therefore, they are categorized as potentially unwanted applications (PUAs).

What is Hupstore ransomware?

Hupstore is malicious software belonging to the GlobeImposter ransomware family. Systems infected with this malware have their data encrypted and users receive ransom demands for decryption. During the encryption process, all affected files are appended with the ".(hupstore@keemail.me)" extension following encryption.

For example, a file originally named something like "1.jpg" would appear as "1.jpg.(hupstore@keemail.me)", "2.jpg" as "2.jpg.(hupstore@keemail.me)", and so on. At the end of this process, ransom messages within "Read Me!.HTA" files are dropped into compromised folders.

What is Xxx ransomware?

Xxx is a malicious program that belongs to the GlobeImposter ransomware family. Like most ransomware-type programs, Xxx encrypts and renames files, and provides instructions about how to contact the developers. It renames files by appending the ".xxx" extension to filenames.

For example, "1.jpg" is renamed to "1.jpg.xxx", "2.jpg" to "2.jpg.xxx", and so on. Xxx creates a ransom message within the "how_to_back_files.html" file in all folders that contain encrypted files.

What is NetInput?

NetInput is a rogue application categorized as adware and possessing browser hijacker characteristics. Following successful installation, NetInput delivers intrusive advertisement campaigns and makes alterations to browser settings to promote bogus search engines.

Additionally, most adware-type apps and browser hijackers collect browsing-related information. Since many users download/install NetInput inadvertently, it is also classified as a Potentially Unwanted Application (PUA).