Virus and Spyware Removal Guides, uninstall instructions

What is WinkiSearch?

The WinkiSearch browser hijacker promotes winki-search.com (a fake search engine) by changing certain browser settings. It also gathers browsing-related information. Note that users often download and install browser hijackers inadvertently and, for this reason, they are classified as potentially unwanted applications (PUAs).

What is mol[.]biz?

mol[.]biz websites (similar variations include mol1[.]biz, mol2[.]biz, mol3[.]biz, etc.) are designed to promote (open) untrusted web pages or display dubious content. There are many websites of this type, including, for example, hipermovies[.]icu, gdanstum[.]net and vviewpoint[.]biz.

Note that most users do not visit these websites intentionally - they are opened by installed potentially unwanted applications (PUAs), through deceptive advertisements, or other web pages of this kind.

What is "Xerox Scanned Document" scam email?

"Xerox Scanned Document Email Scam" refers to a phishing spam email campaign. The term "spam campaign" is used to describe a mass-scale operation, during which thousands of deceptive emails are sent.

The messages distributed through this spam campaign claim that recipients have received a scanned document and, to retrieve it, they are instructed to click the provided link. Furthermore, the scam emails are concluded with "© 2020 Microsoft Corporation.

All rights reserved", which is intended to imply that the mail is from Microsoft. These emails are in no way associated with the Microsoft Corporation. Furthermore, the messages promote a phishing website, which collects data entered into it.

What is Babax?

Babax (also known as Osno) is an information stealer targeting login credentials (usernames, emails, passwords) saved on web browsers. Cyber criminals use this malware to steal sensitive information, which could be misused to generate revenue. Research shows that Babax infects computers through other machines that are connected to the same network.

This stealer is encrypted, and thus can avoid detection by installed security suites.

What is HoudRat?

HoudRat is malware written in AutoIt and is classified as a worm and a Remote Access Trojan (RAT). It spreads through removable media (such as USB drives) and can be used by cyber criminals to execute various commands, log keystrokes, take screenshots, steal passwords, download files, and perform other actions on the victim's computer.

Research shows that the .NET controller for HoudRat was detected in the Command & Control (C&C) server used by cyber criminals behind another worm called Retadup.

What kind of malware is BitRAT?

BitRAT is a malicious program, classified as a Remote Access Trojan (RAT). Malware of this type enables remote access and control over an infected machine. RATs have a wide variety of dangerous functionality. While BitRAT is by far not the most sophisticated piece of malicious software available, nevertheless it is considered highly dangerous.

Therefore, BitRAT infections must be removed immediately upon detection. Since this Trojan is offered for sale by its developers, how it is spread depends on the methods preferred by the cyber criminals who have purchased it.

What is Morseop?

Discovered by GrujaRS, Morseop ransomware is designed to encrypt files, modify their filenames and create a ransom message. It renames files by appending ".morseop-[random_string]" to their filenames.

For example, it would rename a file called "1.jpg" to "1.jpg.morseop-7j9wrqr", "2.jpg" to "2.jpg.morseop-7j9wrqr", and so on. It creates the "how restore hurt documents.inf" file as a ransom message.

What is the hipermovies[.]icu website?

hipermovies[.]icu is an untrusted site designed to present visitors with dubious content and/or redirect them to other bogus and possibly malicious web pages. This website shares similarities with gdanstum.net, vviewpoint.biz, pushwinning.com, admnsrv.com and many others.

Few visitors to these websites enter them intentionally - most are redirected to them by intrusive advertisements or Potentially Unwanted Applications (PUAs). This software does not need express user permission to be installed onto devices. Following successful infiltration, PUAs cause redirects, run intrusive ad campaigns and collect browsing-related information.

What is OptimalSync?

Like most adware-type applications, OptimalSync is designed to generate revenue for the developers by serving advertisements. It might also be designed to operate as a browser hijacker and promote dubious addresses (e.g., those of fake search engines) by changing certain browser settings.

Note that apps such as OptimalSync often collect information relating to users' browsing habits and other data. Generally, users download and install adware (and browser hijackers) unintentionally. Therefore, these apps are categorized as potentially unwanted applications (PUAs).

What is CommonOptimization?

CommonOptimization is a rogue application classified as adware, which also has browser hijacker traits. It operates by running intrusive advertisement campaigns, making modifications to browser settings to promote fake search engines. On Safari browsers, this app promotes 0yrvtrh.com and on Google Chrome, search.adjustablesample.com.

Additionally, CommonOptimization has data tracking capabilities, which are employed to monitor users' browsing activity. Due to the dubious techniques used to spread CommonOptimization, it is classified as a Potentially Unwanted Application (PUA).