Virus and Spyware Removal Guides, uninstall instructions

What is Free File Converter Pro?

Free File Converter Pro is rogue software classified as adware. It is endorsed as a tool capable of and quickly converting and editing various files.

Free File Converter Pro can supposedly convert/edit more than one hundred file formats. In fact, this adware operates by running intrusive advertisement campaigns and collecting browsing-related information. Due to the dubious methods used to proliferate Free File Converter Pro, it is also classified as a Potentially Unwanted Application (PUA).

What is XINOF ransomware?

Discovered by dnwls0719, XINOF is a new variant of Fonix ransomware. Systems infected with this malware experience data encryption and users receive ransom demands for decryption. When this ransomware encrypts, all affected files are renamed according to this pattern: original filename, cyber criminals' email address, unique ID and the ".XINOF" extension.

For example, a file like "1.jpg" would appear as something similar to "1.jpg.Email=[Thunder@fonix.email]ID=[7F73A645].XINOF" following encryption. After this process is complete, ransom messages are created in a pop-up window ("How To Decrypt Files.hta") and text files ("Help.txt"), which are dropped into compromised folders.

What is Repl ransomware?

Repl is malicious software belonging to the Djvu ransomware family. It is designed to encrypt data and demand payment for decryption tools/software. During the encryption process, the filenames of affected files are appended with the ".repl" extension. For example, a file originally named something like "1.jpg" would appear as "1.jpg.repl" following encryption.

Once this process is complete, a ransom-demand message is created in text files named "_readme.txt".

What is the paluns[.]xyz site?

paluns[.]xyz is a deceptive website designed to promote various scams. At the time of research, this site ran desktop and mobile version scams. One of the schemes warned users of viruses (actually nonexistent) on their devices,  which is something no web page can detect.

Others claimed that a VPN app is necessary to continue watching videos online. All of the information provided by paluns[.]xyz is false and designed to trick visitors into downloading/installing dubious software (e.g. fake anti-virus tools, adware, browser hijackers, etc.).

Typically, sites such as paluns[.]xyz are entered unintentionally - most users are redirected to them by intrusive advertisements or Potentially Unwanted Applications (PUAs) already installed onto their devices.

What is EssentialCommand adware?

EssentialCommand is an adware-type application that also has browser hijacker traits. Following successful infiltration, it delivers intrusive advertisement campaigns, makes modifications to browser settings and promotes fake search engines.

Most adware and browser hijackers gather browsing-related information, and it is highly likely that EssentialCommand does so as well. Since most users download/install this app unintentionally, it is classified as a Potentially Unwanted Application (PUA). EssentialCommand has been observed being distributed via bogus Adobe Flash Player updates.

Note that fake software updaters/installers are used to proliferate various PUAs and malware (e.g. Trojans, ransomware, etc.).

What is WizApp?

WizApp belongs to the Pirrit adware family. Adware is a type of software that serves advertisements. Typically, displayed ads conceal underlying content of visited websites and can be very annoying. Adware-type apps are often designed to gather various user information.

WizApp installs another Pirrit adware infection called MacPerformance. Furthermore, it displays pop-up windows that offer to update software with fake updating tools. These pop-ups might be used to distribute other unwanted apps.

What is PromoteMethod adware?

PromoteMethod is dubious software categorized as adware and also possessing browser hijacker traits. It operates by running intrusive advertisement campaigns, making modifications to browser settings and promoting fake search engines. PromoteMethod promotes Safe Finder through akamaihd.net in this manner.

Additionally, most adware and browser hijackers gather browsing-related information. Due to the dubious methods used to proliferate PromoteMethod, it is classified as a Potentially Unwanted Application (PUA).

What is Felix ransomware?

Discovered by Jakub Kroustek, Felix is a malicious program belonging to the Dharma ransomware family. Systems infected with this malware have their data encrypted and users receive ransom demands for decryption.

During the encryption process, all affected files are renamed according to this pattern: original filename, unique ID, cyber criminals' email address and the ".felix" extension. For example, a file such as "1.jpg" would appear as something similar to "1.jpg.id-1E857D00.[felix@countermail.com].felix" following encryption.

Once this process is finished, ransom messages are created in a pop-up window and the "FILES ENCRYPTED.txt" file.

What is Null?

As the title of this article suggests, Null belongs to a family of ransomware called Dharma. This particular ransomware was discovered by Jakub Kroustek. It is designed to change the name of every encrypted file by adding the victim's ID, nullcipher@cock.li email address and appending the ".null" extension.

For example, Null would rename a file called "1.jpg" to "1.jpg.id-9CFA2D20.[nullcipher@cock.li].null", "2.jpg" to "2.jpg.id-9CFA2D20.[nullcipher@cock.li].null", etc. This ransomware also displays a pop-up window and creates a "FILES ENCRYPTED.txt" text file.

What is PhaseSearch?

PhaseSearch is one of many applications that display various advertisements and collect details relating to browsing activities. Software of this type is called adware. People do not generally download or install adware intentionally - they are tricked into it. For this reason, PhaseSearch is known ad adware and a potentially unwanted application (PUA).