Virus and Spyware Removal Guides, uninstall instructions

What is Pants ransomware?

Pants ransomware belongs to the GlobeImposter family and is designed to encrypt files, rename them, and create HTML files (ransom messages) in all folders that contain encrypted files. This ransomware renames files by appending the ".pants" extension to filenames. For example, it would rename "1.jpg" to "1.jpg.pants", "2.jpg" to "2.jpg.pants", and so on.

What is unfurlable[.]com?

Sharing many similarities with the-best-casino-bonus.com, hopsigna.com, message-inbox.icu and countless others, unfurlable[.]com is a rogue website. It operates by presenting visitors with dubious content and/or by redirecting them to other dubious and possibly malicious pages.

Few visitors to unfurlable[.]com (and sites akin to it) access this web page intentionally - most are redirected to it by intrusive advertisements or Potentially Unwanted Applications (PUAs). These apps do not need explicit user consent to be installed onto devices. PUAs cause redirects, run intrusive ad campaigns and collect information relating to browsing.

What is the My Converter Tab browser hijacker?

My Converter Tab is a rogue application endorsed as a tool for quick access to file format conversion services. It it classified as a browser hijacker, due to the modifications it makes to browsers to promote hmyconverter.co (a fake search engine). My Converter Tab is highly likely to monitor browsing activity, as this is typical behavior of browser hijackers.

Additionally, due to the dubious methods used to proliferate My Converter Tab, it is classified as a Potentially Unwanted Application (PUA).

What is 7mono[.]biz?

7mono[.]biz is virtually identical to hopsigna[.]com, message-inbox[.]icu, broindifferd[.]club and many other rogue, untrusted websites. Typically, they open other pages of this kind or load dubious content.

Note that users do not often visit sites such as 7mono[.]biz intentionally - they are opened through untrusted advertisements, dubious web pages or by installed potentially unwanted applications (PUAs).

What is PracticalProcesser?

PracticalProcesser is a browser hijacker and aware-type app: it changes certain browser settings to 0yrvtrh.com or adjustablesample.com, and serves advertisements.

PracticalProcesser can also access sensitive information. In most cases, users download and install adware and browser hijackers inadvertently and, therefore, apps of this type are categorized as potentially unwanted applications (PUAs).

What is the Stream-Searchs browser hijacker?

Stream-Searchs is dubious software categorized as a browse hijacker. It operates by making changes to browser settings to promote streamssearch.com, a bogus search engine. Additionally, this browser hijacker monitors browsing activity. Due to the dubious tactics used to spread Stream-Searchs, it is also classified as a Potentially Unwanted Application (PUA).

What is TapPIF?

Discovered by xiaopao, TapPIF (also known as TapRiF and TAF.F) ransomware prevents victims from accessing their files by encryption, renames every encrypted file, creates a text file named "note.txt", and an executable file named "@Please_Read_Me@.exe" (ransom messages).

It renames encrypted files by appending the ".ehre" extension. For example, it would rename a file called "1.jpg" to "1.jpg.ehre", "2.jpg" to "2.jpg.ehre", and so on.

What is WinWord64 ransomware?

Discovered by MalwareHunterTeam, WinWord64 is a malicious program categorized as ransomware. This malware is designed to encrypt data and demand payment for decryption. During the encryption process, all affected files are appended with the ".encrypted" extension.

For example, a file originally named something like "1.jpg" would appear as "1.jpg.encrypted", "2.jpg" as "2.jpg.encrypted", and so on. After this process is complete, WinWord64 ransomware displays a command prompt window and a pop-up, which contains the ransom message.

What is Invoice Email virus?

"Invoice Email Virus" (also known as "Outstanding Invoice Email Virus") is a malspam campaign used to proliferate a high-risk trojan called TrickBot. This campaign shares many similarities with a number of other spam campaigns, such as (for example), eFax, Important Documents IRS, and especially HM Revenue & Customs Outstanding Amount.

The text within these emails might differ, even though the delivered message is essentially identical: the user has supposedly received an invoice (via an MS Word attachment) and must pay. Be aware, however, that the attached file is malicious and designed to download and install TrickBot malware.

What is MyPDFSearch?

The MyPDFSearch browser hijacker promotes mypdf-search.com (the address of a fake search engine) by modifying certain browser settings. Commonly, apps of this type gather browsing-related (and other) information. Browser hijackers are categorized as potentially unwanted applications (PUAs), since users often download and install them inadvertently.