Virus and Spyware Removal Guides, uninstall instructions

What is MyShortcutTab?

MyShortcutTab is classified as a browser hijacker, since it promotes a fake search engine (it assigns certain browser settings to search-find.net). Generally, apps of this type also collect details relating to users' browsing activities. Users often download and install browser hijackers inadvertently and, therefore, they are categorized as potentially unwanted applications (PUAs).

What is Lxhlp?

Discovered by Jakub Kroustek, Lxhlp is a malicious program belonging to the Dharma ransomware family. This malware operates by encrypting files and demanding payment for decryption.

During the encryption process, all compromised files are renamed following this pattern: original filename, unique ID assigned to the victim, cyber criminals' email address and the ".lxhlp" extension. For example, a file like "1.jpg" would appear as something similar to "1.jpg.id-1E857D00.[lxhlp@protonmail.com].lxhlp" after encryption.

Once this process is complete, ransom-demand messages are created in a pop-up window and "FILES ENCRYPTED.txt" text file.

What is Mountains?

The Mountains browser hijacker changes certain browser settings to mountainsext.store (the address of a fake search engine). Typically, apps of this type are designed to modify settings and collect various data. Browser hijackers are categorized as potentially unwanted applications (PUAs), since users often download and install them inadvertently.

What is the "Free up some memory urgently" scam?

"Free up some memory urgently" is a scam run on deceptive websites. It promote the Kalox APP browser hijacker, however, the scheme might also promote different browser hijackers, adware and other Potentially Unwanted Applications (PUAs). This scam could potentially also promote malware (e.g. ransomware, Trojans, etc.).

Like the name suggests, the scheme claims that users' devices are overloaded and states that they must immediately free up memory.

Note that no web page can detect issues or threats present in systems - any that make such claims are scams. Typically, users access these websites unintentionally - they are redirected to them by intrusive advertisements or PUAs already infiltrated into the device.

What is .support?

.support belongs to the MedusaLocker ransomware family and was discovered by Petrovic. It is designed to encrypt files, modify their filenames and create an HTML file named "Recovery_Instructions.html" (the ransom message). This ransomware places the ransom message in all folders that contain encrypted files.

It also renames files by appending the ".support" extension. For example, "1.jpg" would change to "1.jpg.support", "2.jpg" to "2.jpg.support", etc.

What is My Smart Converter?

My Smart Converter hijacks browsers by changing certain settings to mysmartconverter.com, the address of a fake search engine. It possible that this app will also record various browsing-related data. People do not often download or install browser hijackers intentionally and, for this reason, they are categorized as potentially unwanted applications (PUAs).

What is "Office had a contact with a coronavirus infected people"?

Cyber criminals behind this malspam campaign attempt to trick recipients into believing their office has been exposed to the coronavirus and reviewing (opening) the attached document. This email contains a malicious Microsoft Excel document causing installation on TrickBot, which is Trojan-type malware.

What is Zida ransomware?

Zida is malicious software belonging to the Djvu ransomware family. Systems infected with this malware experience data encryption and users receive ransom demands for decryption tools. During the encryption process, all affected files are appended with the ".zida" extension.

For example, a file originally named something like "1.jpg" would appear as "1.jpg.zida" following encryption. After this process is complete, ransom messages within "_readme.txt" files are dropped into compromised folders.

What is .HOW ransomware?

Discovered by Jakub Kroustek, .HOW belongs to the Dharma ransomware family. This malware encrypts files, changes filenames, and generates ransom messages. It renames encrypted files by adding the victim's ID, how_decrypt@aol.com email address and appending the ".HOW" extension to filenames.

For example, it renames "1.jpg" to "1.jpg.id-1E857D00.[how_decrypt@aol.com].HOW", "2.jpg" to "2.jpg.id-1E857D00.[how_decrypt@aol.com].HOW", and so on. Instructions about how to contact cyber criminals behind .HOW are in a displayed pop-up window and text file named "FILES ENCRYPTED.txt".

What is hp.myway.com?

MyAudioTab is a browser hijacker designed by Mindspark Interactive Network. It supposedly provides quick access to various audio conversion tools. In fact, its main purpose is to promote hp.myway.com (the address of a fake search engine) by changing certain browser settings.

Typically, apps of this type collect browsing data and other information. People do not often download or install browser hijackers intentionally and, therefore, they are categorized as potentially unwanted applications (PUAs).