Virus and Spyware Removal Guides, uninstall instructions

What is Auratab?

Auratab is a browser hijacker endorsed as a tool supposedly capable of improving the browsing experience. In fact, it makes changes to browser settings to promote search.aura-search.net (a fake search engine). Most browser hijackers monitor users' browsing activity and this is likely to be the case with Auratab.

Typically, users install browser hijackers inadvertently and, due to this, they are also classified as Potentially Unwanted Applications (PUAs).

What is hp.myway.com?

Developed by Mindspark Interactive Network, EasyWebPagePrint is one of many browser hijackers, which promotes the address of a fake search engine (in this case, hp.myway.com) by changing certain browser settings. It also collects information relating to users' browsing habits.

Typically, users do not download or install browser hijackers intentionally and, for this reason, they are categorized as potentially unwanted applications (PUAs).

What is BG85 ransomware?

BG85 is a part of the Matrix ransomware family. It encrypts files using АЕS-256 and RSА-2048 encryption algorithms, renames them and creates a ransom message (within the "BG85_INFO.rtf" file) in all folders that contain encrypted.

BG85 renames encrypted files, by replacing their filenames with BobGreen85@criptext.com, a string of random characters, and appends the ".BG85" extension.

For example, it would rename a file called "1.jpg" to "[BobGreen85@criptext.com].3GULrhS5-JrDJHbaM.BG85", "2.jpg" to "[BobGreen85@criptext.com].4HIPtuO7-GdKVCmaL.BG85", and so on.

What is NOBAD ransomware?

NOBAD is the name of a malicious program, belonging to the Matrix ransomware family. Systems infected with this malware experience data encryption and receive ransom demands for the decryption tools/software.

During the encryption process, files are retitled following this pattern - "[nobad@tutamail.com].[random_string].NOBAD", which consists of the cyber criminals' email address, a random character string and the ".NOBAD" extension.

For example, a file like "1.jpg" would appear as something similar to "[nobad@tutamail.com].g0cnH7IY-Cm67ExLK.NOBAD" - following encryption. After this process is complete, ransom notes - "#NOBAD_README#.rtf" - are dropped into affected folders.

What is ConvertSearch?

ConvertSearch is rogue software, categorized as a browser hijacker. Following successful infiltration, it operates by making modifications to browser settings to promote convert-search.com (a fake search engine). Additionally, most browser hijackers monitor users' browsing habits and collect information of interest.

It is highly likely that ConvertSearch also has these data tracking capabilities. Due to the dubious methods used to proliferate ConvertSearch, it is also classified as a Potentially Unwanted Application (PUA).

What is FrequencyProgress?

FrequencyProgress is classified as adware because it serves various advertisements. It is also designed to promote z6airr.com and adjustablesample.com (addresses of fake search engines) by modifying certain browser settings. Therefore, FrequencyProgress functions as adware and a browser hijacker. 

Furthermore, this app can access and record sensitive information. Commonly, users download and install adware and browser hijackers inadvertently. For this reason, FrequencyProgress and other apps of this kind are categorized as potentially unwanted applications (PUAs).

What is UGMH ransomware?

Discovered by xiaopao, UGMH is malicious software classified as ransomware. This malware is based on the Hidden Tear open-source project. Systems infected with UGMH have their data encrypted.

Ransomware, as the name implies, typically encrypts files for the purpose of making ransom demands for decryption tools/software, however, this is not the case with UGMH. This suggests that the malicious program may still be in development and/or has been released for testing purposes.

During the encryption process, UGMH ransomware appends all compromised files with the ".UGMH" extension. For example, a file originally named something like "1.jpg" would appear as "1.jpg.UGMH", "2.jpg" as "2.jpg.UGMH", and so on. After this process is complete, text files named "Pwned.txt" are dropped into affected folders.

What is SearchThatMovie?

SearchThatMovie is a typical browser hijacker. It promotes a fake search engine (the searchthatmovie.com) by changing certain browser settings and might also be designed to collect information relating to users' browsing activities.

Generally, users download and install browser hijackers unintentionally and, for this reason, SearchThatMovie and all the other apps of this type are categorized as potentially unwanted applications (PUAs).

What is Mcauwpjib?

Belonging to the family of ransomware called Snatch, Mcauwpjib encrypts files, modifies their filenames and creates a ransom message. It renames encrypted files by appending the ".mcauwpjib" extension to their filenames. For example, a file named "1.jpg" becomes "1.jpg.mcauwpjib", "2.jpg" becomes "2.jpg.mcauwpjib", and so on, after encryption by Mcauwpjib.

This ransomware also creates the "HOW TO RESTORE YOUR FILES.TXT" text file (the ransom message), which can be found in all folders that contain encrypted data.

What kind of application is StreamSpotSearch?

StreamSpotSearch is a browser hijacker, which makes modifications to browser settings to promote streamspotsearch.com (a fake search engine). Furthermore, most browser hijackers track and record browsing-related information. Typically, their developers use dubious methods to proliferate them.