Virus and Spyware Removal Guides, uninstall instructions

What is USAA email scam?

Commonly, phishing emails such as this example are used to trick recipients into providing sensitive information such as credit card details, login credentials (emails, usernames, passwords) or other details, which could be misused for malicious purposes.

Generally, cyber criminals attempt to trick recipients into proving this information by disguising their emails as important and official and/or by exploiting names of legitimate companies. In this particular case, an email is disguised as a message from USAA, a legitimate financial services company.

What is Abaddon?

Abaddon is a Remote Access Trojan (RAT) that receives commands via Discord. I.e., this RAT uses Discord as its Command and Control (C2) server. Additionally, Abaddon has a ransomware feature and could be used to execute commands to encrypt files.

Therefore, cyber criminals might use this malware to collect sensitive information and also to prevent victims from accessing their system and force them to pay a ransom.

What is Iiss?

Belonging to the Djvu ransomware family, Iiss encrypts files, modifies their filenames by appending its extension and creates a ransom message in all folders that contain encrypted files. It renames encrypted files by appending the ".iiss" extension to filenames.

For example, "1.jpg" is renamed to "1.jpg.iiss", "2.jpg" to "2.jpg.iiss", and so on. Instructions about how to contact Iiss's developers and other details are provided in "_readme.txt" text files (the ransom message).

What is Take mytab?

Take mytab is a browser hijacker. Following successful infiltration, this piece of rogue software changes browser settings to promote keysearchs.com (a fake search engine). Rogue search engines cannot provide unique results, and so they redirect to genuine sites.

Where Take mytab redirects to depends on users' geolocations. Additionally, this browser hijacker monitors browsing activity. Due to the dubious techniques used to proliferate Take mytab, it is also classified as a Potentially Unwanted Application (PUA).

What is AllStreamSearch?

Like most browser hijackers, AllStreamSearch promotes a fake search engine. In this case, by changing certain browser settings to allstreamsearch.com. It also records data relating to users' browsing habits. Commonly, users download and install browser hijackers inadvertently and, therefore, apps of this type are categorized as potentially unwanted applications (PUAs).

What is _encrypted (RRansom) ransomware?

Discovered by xiaopao, _encrypted (RRansom) is a malicious program classified as ransomware. Systems infected with this malware experience data encryption and users receive ransom demands for decryption. During the encryption process, files are appended with the "_encrypted" extension.

For example, a file originally named something like "1.jpg" would appear as "1.jpg_encrypted" following encryption. After this process is complete, a ransom message within the "README_encrypted.txt" file is created.

What is Evil?

Evil is malware belonging to the Jigsaw ransomware family. It is designed to encrypt victims' files, modify their filenames and display a pop-up window (containing a ransom message). Evil renames files by appending the ".evil" extension. For example, "1.jpg" is renamed to "1.jpg.evil", "2.jpg" to "2.jpg.evil", etc.

What is Cyber Search?

Cyber Search is a browser hijacker which changes certain browser settings to cybersearch.xyz, adds the "Managed by your organization" feature to Google Chrome browsers, and collects private, sensitive information. Generally, users download and install apps such as Cyber Search (browser hijackers) inadvertently.

This particular app is distributed via a fake installer for Adobe Flash Player and, therefore, is categorized as a potentially unwanted application (PUA).

What is PDFConverterSearch4Free?

PDFConverterSearch4Free is rogue software categorized as a browser hijacker. It operates by making changes to browser settings to promote pdfconvertersearch4free.com (a fake search engine). Additionally, most browser hijackers have data tracking capabilities, which are employed to monitor users' browsing activity - PDFConverterSearch4Free is no exception to this.

Due to the dubious techniques used to proliferate browser hijackers, they are also classified as Potentially Unwanted Applications (PUAs).

What is Szymekk ransomware?

Discovered by GrujaRS, Szymekk is a malicious program and a new variant of Cobra Locker ransomware. Following successful infiltration, this malware encrypts data and locks the device's screen in order to demand ransoms for decryption and restoration of access.

During the encryption process, all affected files are appended with the ".Szymekk" extension. For example, a file originally named something like "1.jpg" would appear as "1.jpg.Szymekk" following encryption. After this process is complete, the screen is locked and a message is displayed on it.