Virus and Spyware Removal Guides, uninstall instructions

Searches.club Redirect

What is Boi Tab?

When visited, searches.club redirects to various other dubious websites, depending on users' geolocations. Research shows that searches.club appears in browser settings when the Boi Tab app is installed, however, other apps might also promote it.

Applications that promote rogue addresses (mostly fake search engines) by changing browser settings are classified as browser hijackers. Commonly, users download and install these apps inadvertently and, therefore, Boi Tab and others are classified as potentially unwanted applications (PUAs).

   
AW46 Ransomware

What is AW46 ransomware?

AW46 is a malicious program belonging to the Matrix ransomware family. Systems infected with this malware have their data encrypted and users receive ransom demands for decryption keys/tools.

During the encryption process, all affected files are renamed following this pattern: "[alexwind46@yahoo.com].[random-string].AW46", which consists of the cyber criminals' email address, a string of random characters and the ".AW46" extension.

For example, a file originally named "1.jpg" would appear as something similar to "[alexwind46@yahoo.com].tV1MsGcR-vVr9KMQL.AW46" following encryption. After this process is complete, ransom-demand messages are created in "!AW46_INFO!.rtf" files, which are dropped into compromised folders.

   
Ment Ransomware

What is Ment?

Ment is a malicious program belonging to the TomNom ransomware family. It prevents victims from accessing their files by encryption. It also changes the filenames of encrypted files by appending the ".ment" extension. For example, a file named "1.jpg" would be changed to "1.jpg.ment", "2.jpg" to "2.jpg.ment", and so on.

Instructions about how to contact cyber criminals behind this ransomware can be found in the text file named "Desktop-HOW-TO-DECRYPT.txt".

   
Ptt Email Virus

What is "Ptt Email Virus"?

Typically, cyber criminals behind malspam campaigns such as this attempt to deceive recipients into executing (opening) a malicious file, which is attached to the email (or downloaded from a website). This particular email is disguised as a message from the Turkish post company (Ptt) and used to distribute a malicious Remote Access Trojan (RAT) called Agent Tesla.

   
Templates Discovery Tab Browser Hijacker

What is Templates Discovery Tab?

Templates Discovery Tab is a dubious application endorsed as a tool for easy access to free online templates. Following successful infiltration, however, the app makes alterations to browser settings to promote htemplatesdiscovery.com (a fake search engine).

This app also collects information relating to browsing activity. Since most users download/install Templates Discovery Tab unintentionally, it is also classified as a Potentially Unwanted Application (PUA). This browser hijacker is often distributed with another PUA called Hide My History.

   
Tiger865qq Ransomware

What is Tiger865qq?

Tiger865qq is a malicious program belonging to the GlobeImposter ransomware family. It operates by encrypting files and demanding payment for decryption. During the encryption process, all affected files are appended with the ".Tiger865qq" extension.

For example, a file originally named something like "1.jpg" would appear as "1.jpg.Tiger865qq" after encryption. Once this process is complete, ransom messages within "HOW TO BACK YOUR FILES.exe" files are dropped into compromised folders.

   
Devoe Ransomware

What is Devoe ransomware?

Devoe is a malicious program belonging to the Phobos ransomware family. This malware operates by encrypting data and demanding payment for decryption. During the encryption process, all compromised files are renamed following this pattern: original filename, unique ID assigned to the victims, cyber criminals' email address and the ".Devoe" extension.

For example, a file like "1.jpg" would appear as something similar to "1.jpg.id[1E857D00-2593].[hallome@tutanota.com].Devoe" after encryption. Once this process is complete, ransom messages are created in a pop-up window ("info.hta") and text files ("info.txt").

   
My Office Tools Browser Hijacker

What is My Office Tools browser hijacker?

My Office Tools is dubious software categorized as a browser hijacker. It operates by making modifications to browser settings to promote hmyofficetools.co (a fake search engine). Additionally, My Office Tools has data tracking capabilities, which are employed to monitor users' browsing habits.

Due to the dubious techniques used to proliferate My Office Tools, it is classified as a Potentially Unwanted Application (PUA). Note that My Office Tools is often proliferated together with the Hide My History PUA.

   
YaKo Ransomware

What is YaKo ransomware?

Discovered by xiaopao, YaKo is malicious software that belongs to the Xorist ransomware family. It is designed to encrypt data and demand payment for decryption. During the encryption process, all affected files are appended with the ".YaKo" extension. For example, a file originally named something like "1.jpg" would appear as "1.jpg.YaKo" following encryption.

After this process is complete, YaKo displays a pop-up window, changes the desktop wallpaper, and drops text files called "HOW TO DECRYPT FILES.txt" into compromised folders. The text in the pop-up, wallpaper and dropped files is a ransom-demand message, which is identical in all of them.

   
MAKB Ransomware

What is MAKB?

Discovered by xiaopao, MAKB is a malicious program belonging to the Scarab ransomware family. It renames the filenames of encrypted files to a string of random characters and appends the ".MAKB" extension. For example, it would rename "1.jpg" to "2g000000002o63SEiduTVesufmp7Ur50.MAKB", "2.jpg" to "2g000000002o75STiduTsaltarfmp7r35.MAKB", and so on.

Instructions about how to contact cyber criminals and various other details appear in the "HOW TO RECOVER ENCRYPTED FILES.TXT" text file. MAKB creates a copy of this file in every folder that contains encrypted files.

   

Page 1076 of 2106

<< Start < Prev 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 Next > End >>
About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal