Virus and Spyware Removal Guides, uninstall instructions

What is Foqe ransomware?

Foqe is malicious software belonging to the Djvu ransomware group. It is designed to encrypt data and demand payment for decryption. The files stored on the compromised system are rendered inaccessible. During the encryption process, all affected files are appended with the ".foqe" extension.

For example, a file originally named something like "1.jpg" would appear as "1.jpg.foqe", "2.jpg" as "2.jpg.foqe", "3.jpg" as "3.jpg.foqe", and so on. After this process is complete, a ransom message is created in a text file called "_readme.txt".

What is MERIN?

MERIN encrypts files, appends its extension to their filenames and creates ransom messages with instructions about how to contact the developers. This ransomware appends the ".MERIN" extension to the filenames of encrypted files. For example, "1.jpg" is renamed to "1.jpg.MERIN", "2.jpg" to "2.jpg.MERIN", and so on.

It also creates text files named "MERIN-DECRYPTING.txt" in all folders that contain encrypted files. MERIN was discovered by S!Ri and belongs to the ransomware family called NEPHILIM.

What is HDStreamSearch?

HDStreamSearch promotes hdstreamsearch.com (a fake search engine) by changing certain browser settings and collects information relating to users' browsing activities. Note that browser hijackers are classified as potentially unwanted applications (PUAs), since users tend to download and install them inadvertently.

What is Easycool web?

Easycool web is a typical browser hijacker - it changes certain browser settings to the address of a fake search engine (tailsearch.com). Additionally, it can read information relating to users' browsing habits. People often download and install browser hijackers inadvertently and, for this reason, Easycool web is categorized as a potentially unwanted application (PUA).

What is OptimalState?

OptimalState is a rogue application classified as adware. It also possesses browser hijacker traits. This browser hijacker operates by making modifications to browser settings and promotes bogus search engines. On Safari browsers, it promotes d2sri.com, however, it might promote other search engines on different browsers.

Furthermore, most adware-type and browser hijackers can monitor users' browsing activity, which makes them a serious privacy concern. Due to the dubious methods used to proliferate OptimalState, it is classified as a Potentially Unwanted Application (PUA).

One of the distribution techniques employed for OptimalState is proliferation via fake Adobe Flash Player updates. Note that bogus software updaters/installers are used to spread PUAs, Trojans, ransomware and other malware.

What is allowandgo[.]com?

allowandgo[.]com and many similar sites promote untrusted, bogus websites or load dubious content. They should not be visited or trusted. Commonly, they are opened by potentially unwanted applications (PUAs) that users have installed on their browsers and computers inadvertently.

I.e., people do not often visit pages such as allowandgo[.]com intentionally. More examples of similar web pages of this type are helgminers[.]com, studience[.]club and greendsign[.]com.

What is Ranzy Locker?

Ranzy Locker encrypts victims' files, changes their filenames, and creates the "id.key" and "readme.txt" files in all folders that contain encrypted files. It renames files by appending the ".RNZ" extension to filenames. For example, "1.jpg" is renamed to "1.jpg.RNZ" and "2.jpg" to "2.jpg.RNZ".

The "readme.txt" file contains instructions about how to contact the developers and various other details. This ransomware is identical to another ransomware infection called ThunderX.

What is LiveStreamingSearch?

LiveStreamingSearch is rogue software categorized as a browser hijacker. Following successful installation, it makes alterations to browser settings to promote livestreamingsearch.com (a fake search engine). Additionally, this browser hijacker has data tracking capabilities, which are employed to monitor users' browsing activity.

Due to the dubious techniques used to proliferate LiveStreamingSearch, it is also classified as a Potentially Unwanted Application (PUA).

What is PDFConverterSearchHQ?

The main purpose of browser hijackers is to promote fake search engine addresses by modifying certain browser settings. PDFConverterSearchHQ promotes pdfconvertersearchhq.com in this way. Most browser hijackers also monitor and record data.

In most cases, users download and install PDFConverterSearchHQ and similar apps inadvertently and, therefore, they are classified as potentially unwanted applications (PUAs).

What is Gyxtkrpb?

Gyxtkrpb belongs to the Snatch ransomware family. It encrypts files, appends an extension to the filenames of encrypted files, and creates a ransom message in all folders that contain compromised files. Gyxtkrpb appends the ".gyxtkrpb" extension to filenames.

For example, "1.jpg" is renamed to "1.jpg.gyxtkrpb", "2.jpg" to "2.jpg.gyxtkrpb", and so on. Instructions about how to contact cyber criminals behind this ransomware are provided in text files named "HOW TO RESTORE YOUR FILES.TXT".