Virus and Spyware Removal Guides, uninstall instructions

What is SearchThatMovie?

SearchThatMovie is a typical browser hijacker. It promotes a fake search engine (the searchthatmovie.com) by changing certain browser settings and might also be designed to collect information relating to users' browsing activities.

Generally, users download and install browser hijackers unintentionally and, for this reason, SearchThatMovie and all the other apps of this type are categorized as potentially unwanted applications (PUAs).

What is Mcauwpjib?

Belonging to the family of ransomware called Snatch, Mcauwpjib encrypts files, modifies their filenames and creates a ransom message. It renames encrypted files by appending the ".mcauwpjib" extension to their filenames. For example, a file named "1.jpg" becomes "1.jpg.mcauwpjib", "2.jpg" becomes "2.jpg.mcauwpjib", and so on, after encryption by Mcauwpjib.

This ransomware also creates the "HOW TO RESTORE YOUR FILES.TXT" text file (the ransom message), which can be found in all folders that contain encrypted data.

What kind of application is StreamSpotSearch?

StreamSpotSearch is a browser hijacker, which makes modifications to browser settings to promote streamspotsearch.com (a fake search engine). Furthermore, most browser hijackers track and record browsing-related information. Typically, their developers use dubious methods to proliferate them.

What is Dmmcpsshl ransomware?

Dmmcpsshl is a malicious program belonging to the Snatch ransomware family. It is designed to encrypt data and demand payment for decryption. During the encryption process, all affected files are appended with the ".dmmcpsshl" extension. For example, a file originally named something like "1.jpg" would appear as "1.jpg.dmmcpsshl" after encryption.

Once this process is complete, ransom-demand messages within "HOW TO RESTORE YOUR FILES.TXT" files are dropped into compromised folders.

What kind of malware is Hexadecimal?

Hexadecimal (also known as Crypt888) encrypts files, modifies their filenames, changes the desktop wallpaper to display a ransom message, and displays another in a pop-up window (in Korean). It renames encrypted files by prepending "Lock" to filenames.

For example, after encryption, Hexadecimal would rename a file called "1.jpg" to "Lock.1.jpg", "2.jpg" to "Lock.2.jpg", and so on.

What is StreamsBros?

StreamsBros hijacks browsers by changing certain settings to streamsbros.com (the address of a fake search engine). Commonly, apps of this type collect information relating to users' browsing habits. Users often download and install browser hijackers unintentionally and, therefore, StreamsBros is categorized as a potentially unwanted application (PUA).

What is StreamsMob?

StreamsMob is dubious software categorized as a browser hijacker. It operates by modifying browsers to promote streamsmob.com (a bogus search engine). Most browser hijackers have data tracking capabilities, which are used to monitor users' browsing activity - it is highly likely that StreamsMob also has this functionality.

Due to the dubious methods employed to proliferate this browser hijacker, it is also classified as a Potentially Unwanted Application (PUA).

What is Fxmwtv ransomware?

Belonging to the Snatch ransomware family, Fxmwtv encrypts files, changes their filenames and creates a ransom message. It renames encrypted files by appending the ".fxmwtv" extension to filenames. For example, it would rename a file called "1.jpg" to "1.jpg.fxmwtv", "2.jpg" to "2.jpg.fxmwtv", and so on.

This ransomware creates the "HOW TO RESTORE YOUR FILES.TXT" file (containing a ransom message) in all folders that hold encrypted files.

What is Secure (Sorena) ransomware?

Discovered by dnwls0719, Secure (Sorena) is a ransomware-type program. Systems infected with this malware experience data encryption and users receive ransom demands for decryption. During the encryption process, all compromised files are appended with ".Id-[random_string].secure".

For example, a file originally named "1.jpg" would appear as something similar to "1.jpg.Id-KCQJMGNP.secure" following encryption. Once this process is complete, identical ransom messages within "HELP_DECRYPT_YOUR_FILES.tx" and "HELP_DECRYPT_YOUR_FILES.html" files are created.

What is Eco Search?

Eco Search browser hijacker is designed to promote the ecosearch.club address (fake search engine) by changing some of the browser settings and collect browsing-related information. It is common that users download and install browser hijackers unintentionally, therefore, apps of this type are categorized as potentially unwanted applications (PUAs).