Virus and Spyware Removal Guides, uninstall instructions

What is NetWeirdRC?

NetWeirdRC is a Remote Access Trojan (RAT), which works on macOS X 10.6 (and later), Windows, Linux, and Solaris operating systems. Typically, cyber criminals attempt to trick users into installing RATs so that they can gain control over computers remotely and perform various actions (install other malware, steal sensitive information, files, etc.).

Commonly, RATs do not appear in the list of active programs and running processes, and therefore they can be installed on the computer for an extended period of time without being detected.

What is DiskFixer?

DiskFixer software is endorsed as a tool for system optimization. It is allegedly capable of running various detection and removal processes, which supposedly enhance system performance. This program has a promotional website from which a free trial version can be downloaded and the full version purchased, however, DiskFixer also proliferates in other dubious ways.

Therefore, it is classed as a Potentially Unwanted Application (PUA).

What is Your Computer Is In Blocked State?

"Your Computer Is In Blocked State" is a fake error message displayed by a malicious website that users often visit inadvertently - they are automatically redirected by various potentially unwanted programs (PUPs). These apps infiltrate systems without permission (the "bundling" method).

As well as causing unwanted redirects, PUPs deliver intrusive online advertisements and continually record various user-system information.

What is tiktok-fun[.]com?

tiktok-fun[.]com is an untrusted website designed to load dubious content or open other pages of this kind. Some examples of similar web pages include allfreshposts[.]com, hipermovies[.]icu and gdanstum[.]net. 

Note that most users do not visit these sites intentionally - they are usually opened by installed potentially unwanted applications (PUAs), via deceptive advertisements, or through other untrusted websites.

What is Auratab?

Auratab is a browser hijacker endorsed as a tool supposedly capable of improving the browsing experience. In fact, it makes changes to browser settings to promote search.aura-search.net (a fake search engine). Most browser hijackers monitor users' browsing activity and this is likely to be the case with Auratab.

Typically, users install browser hijackers inadvertently and, due to this, they are also classified as Potentially Unwanted Applications (PUAs).

What is hp.myway.com?

Developed by Mindspark Interactive Network, EasyWebPagePrint is one of many browser hijackers, which promotes the address of a fake search engine (in this case, hp.myway.com) by changing certain browser settings. It also collects information relating to users' browsing habits.

Typically, users do not download or install browser hijackers intentionally and, for this reason, they are categorized as potentially unwanted applications (PUAs).

What is BG85 ransomware?

BG85 is a part of the Matrix ransomware family. It encrypts files using АЕS-256 and RSА-2048 encryption algorithms, renames them and creates a ransom message (within the "BG85_INFO.rtf" file) in all folders that contain encrypted.

BG85 renames encrypted files, by replacing their filenames with BobGreen85@criptext.com, a string of random characters, and appends the ".BG85" extension.

For example, it would rename a file called "1.jpg" to "[BobGreen85@criptext.com].3GULrhS5-JrDJHbaM.BG85", "2.jpg" to "[BobGreen85@criptext.com].4HIPtuO7-GdKVCmaL.BG85", and so on.

What is NOBAD ransomware?

NOBAD is the name of a malicious program, belonging to the Matrix ransomware family. Systems infected with this malware experience data encryption and receive ransom demands for the decryption tools/software.

During the encryption process, files are retitled following this pattern - "[nobad@tutamail.com].[random_string].NOBAD", which consists of the cyber criminals' email address, a random character string and the ".NOBAD" extension.

For example, a file like "1.jpg" would appear as something similar to "[nobad@tutamail.com].g0cnH7IY-Cm67ExLK.NOBAD" - following encryption. After this process is complete, ransom notes - "#NOBAD_README#.rtf" - are dropped into affected folders.

What is ConvertSearch?

ConvertSearch is rogue software, categorized as a browser hijacker. Following successful infiltration, it operates by making modifications to browser settings to promote convert-search.com (a fake search engine). Additionally, most browser hijackers monitor users' browsing habits and collect information of interest.

It is highly likely that ConvertSearch also has these data tracking capabilities. Due to the dubious methods used to proliferate ConvertSearch, it is also classified as a Potentially Unwanted Application (PUA).

What is FrequencyProgress?

FrequencyProgress is classified as adware because it serves various advertisements. It is also designed to promote z6airr.com and adjustablesample.com (addresses of fake search engines) by modifying certain browser settings. Therefore, FrequencyProgress functions as adware and a browser hijacker. 

Furthermore, this app can access and record sensitive information. Commonly, users download and install adware and browser hijackers inadvertently. For this reason, FrequencyProgress and other apps of this kind are categorized as potentially unwanted applications (PUAs).