Virus and Spyware Removal Guides, uninstall instructions

What is NanoSearch?

NanoSearch is rogue software classified as a browser hijacker. It operates by making alterations to browsers to promote nano-search.com, a fake search engine. Additionally, most browser hijackers have data tracking capabilities, which are employed to monitor users' browsing activity.

It is highly likely that NanoSearch has such capabilities as well. Due to the dubious methods used to proliferate NanoSearch, it is also classified as a Potentially Unwanted Application (PUA).

What is youtubetomp3music[.]com?

youtubetomp3music[.]com is an untrusted website designed to allow users to download MP3 files by converting YouTube videos from links and keywords/tags. As well as infringing copyright laws, youtubetomp3music[.]com also uses rogue advertising networks for monetization. Therefore, when visited/used, the website redirects to other dubious or malicious pages.

What is WebSecurerr?

WebSecurerr (also known as WebSecurerr Browser Protection) is rogue software categorized as a browser hijacker.

It modifies browser settings to promote searchsecurer.com (a fake search engine). Additionally, this browser hijacker monitors users' browsing activity. Due to the dubious methods used to proliferate WebSecurerr, it is also classified as a Potentially Unwanted Application (PUA).

What is VidSearch?

VidSearch is a typical browser hijacker: it promotes the address of a fake search engine by modifying certain browser settings. In this case, it assigns them to vid-search.com. As well as hijacking browsers, these apps often record data. Browser hijackers are categorized as potentially unwanted applications (PUAs), since people often download and install them inadvertently.

What is Nuzzero?

Nuzzero hijacks web browsers by changing certain settings to nuzzero.com (the address of a fake search engine). It is also likely that this app collects information relating to users' browsing habits. Generally, people download and install browser hijackers inadvertently and, therefore, they are categorized as potentially unwanted applications (PUAs).

What is Wabot malware?

Wabot is a malicious program, malware classified as an Internet Relay Chat (IRC) worm. Software within the worm classification is typically self-proliferating. I.e., it copies itself from one location to another, such as from directories, drives, systems or networks, to other corresponding locations.

IRC worms usually need the infected device to contain a specific client (e.g. application) to continue spreading.

What is TheMaskSearch?

TheMaskSearch is a browser hijacker which promotes themasksearch.com by changing certain browser settings. Like most URLs promoted by apps of this type, themasksearch.com is the address of a fake search engine. In most cases, browser hijackers gather browsing-related (and other) information.

Users often download and install these apps inadvertently and, therefore, they are categorized as potentially unwanted applications (PUAs).

What is "Audit and Assurance Email Virus"?

This malspam campaign is disguised as a message from a global audit, accounting and consulting group called Mazars. In fact, this company has nothing to do with this bogus email. The main purpose of this campaign is to trick recipients into opening the attached file, a malicious HTML file disguised as an invoice.

When opened, this file downloads another file designed to infect computers with SDBBot, a Remote Administration Trojan (RAT).

What kind of malware is Upatre?

Upatre is a malicious program which operates as a backdoor Trojan (opens a 'backdoor' for other malware). Therefore, this rogue software can download and install additional malware (cause chain infections). These malicious programs are installed onto the compromised system and their actions depend on the goals and modus operandi of the cyber criminals using Upatre.

This is deemed to be a highly dangerous piece of software, and therefore Upatre must be removed from operating systems immediately upon detection.

What is Dungeon?

Discovered by Michael Gillespie, Dungeon belongs to the Xorist ransomware family. Like most other malware of this type, Dungeon encrypts files, changes filenames and creates a ransom message containing instructions about how to contact the cyber criminals, and various other details.

This ransomware also changes the desktop wallpaper. Dungeon renames encrypted files by appending the ".([dungeon]-0_0)" extension to filenames. For example, it would rename "1.jpg" to "1.jpg.([dungeon]-0_0)", "2.jpg" to "2.jpg.([dungeon]-0_0)", etc. It drops a ransom message ("HOW TO DECRYPT FILES.txt" file) into every folder that contains encrypted data.