Virus and Spyware Removal Guides, uninstall instructions

What is allfreshposts[.]com?

allfreshposts[.]com is designed to promote bogus websites or load dubious content. There are many other websites of this kind including, for example, thewowfeed[.]com, hipermovies[.]icu, and gdanstum[.]net.

Typically, users do not visit these web pages intentionally - they are opened through deceptive advertisements, other dubious sites, or by installed potentially unwanted applications (PUAs), which are often downloaded and installed inadvertently.

What is the CORE ransomware?

CORE is a malicious program belonging to the Matrix ransomware family. It is designed to encrypt data and demand payment for decryption.

During the encryption process, files are renamed following this pattern: "[BatHelp@protonmail.com].[random_string].CORE", which consists of the cyber criminals' email address, a random character string and the ".CORE" extension. For example, a file originally named "1.jpg" would appear as something similar to "[BatHelp@protonmail.com].4bq9EwfK-hPgYPJMc.CORE".

After this process is complete, ransom-demand messages in "#CORE_README#.rtf" files are dropped into compromised folders.

What is ANN?

ANN is part of the Matrix ransomware family. It is designed to rename all encrypted files by changing filenames to the AskHelp@protonmail.com email address, a string of random characters and appending the ".ANN" extension.

For example, it would rename a file called "1.jpg" to "[AskHelp@protonmail.com].[A9ZAsOrF-QArIuVgU].ANN", "2.jpg" to "[AskHelp@protonmail.com].[B7XBd9gT-WEgLgKpD].ANN", and so on. ANN also creates the "#ANN_README#.rtf" file (containing a ransom message) in all folders that contain encrypted files.

What is FunSearchToday?

FunSearchToday is rogue software classified as a browser hijacker. It operates by making alterations to browser settings to promote funsearchtoday.com (a fake search engine). Furthermore, most browser hijackers monitor users' browsing activity, and it is highly likely that this is the case with FunSearchToday.

Due the dubious methods used to proliferate this browser hijacker, it is also classified as a Potentially Unwanted Application (PUA).

What is MegaAp?

MegaAp is a browser hijacker which promotes toksearches.xyz (the address of a fake search engine) by modifying certain browser settings. Most browser hijackers also collect information relating to users' browsing activities.

Typically, users download and install apps such as MegaAp unintentionally and, for this reason, they are classified as potentially unwanted applications (PUAs).

What is Gold ransomware?

Gold is the name of a malicious program belonging to the Dharma ransomware group. It is designed to encrypt data and demand payment for decryption. During the encryption process, all affected files are renamed following this pattern: original filename, unique ID assigned to the victims, cyber criminals' email address and the ".gold" extension.

For example, a file called "1.jpg" would appear as something similar to "1.jpg.id-C279F237.[goldmind@tuta.io].gold" after encryption. Once this process is complete, ransom messages are created in a pop-up window and "FILES ENCRYPTED.txt" text file.

What is ExploreParameter?

ExploreParameter is an adware-type app with browser hijacker traits. Following successful installation, it runs intrusive advertisement campaigns (i.e. delivers ads), makes modifications to browser settings and promotes fake search engines. ExploreParameter promotes 0yrvtrh.com on Safari browsers, and search.adjustablesample.com on Google Chrome browsers.

Additionally, most adware and browser hijackers monitor users' browsing habits and collect data of interest. Since users typically download/install ExploreParameter inadvertently, it is also classified as a Potentially Unwanted Application (PUA).

What is Error (Dharma)?

Like most malicious programs of this type, Error ransomware is designed to encrypt files, rename them and provide victims with instructions about how to contact the developers. It belongs to the family of ransomware-type programs called Dharma.

Error renames encrypted files by adding the victim's ID, datahelp@techmail.info email address and appending the ".error" extension to filenames.

For example, it would rename "1.jpg" to "1.jpg.id-C279F237.[datahelp@techmail.info].error", "2.jpg" to "2.jpg.id-C279F237.[datahelp@techmail.info].error", etc. It also creates the "FILES ENCRYPTED.txt" text file and displays a pop-up window, both of which are ransom messages.

What is the Arena ransomware?

Arena is a malicious program and part of the Dharma ransomware family. Systems infected with this malware have their data encrypted and users receive ransom demands for decryption tools/software. During the encryption process, all affected files are renamed following this pattern: original filename, unique ID, cyber criminals' email address and the ".arena" extension.

For example, a file named "1.jpg" would appear as something similar to "1.jpg.id-C279F237.[Macgregor@aolonline.top].arena" following encryption. Once this process is complete, ransom messages are created in a pop-up window and "FILES ENCRYPTED.txt" text file.

What is GeneralBoardSearch?

GeneralBoardSearch is designed to display advertisements and promote the address of a fake search engine by modifying certain browser settings. This app is classified as adware and a browser hijacker.

In most cases, users download and install apps of this type inadvertently and, for this reason, GeneralBoardSearch is categorized as a potentially unwanted application (PUA). Note that apps such as GeneralBoardSearch can also gather browsing data. Research shows that this app is distributed through a deceptive installer, which supposedly installs Adobe Flash Player.