Virus and Spyware Removal Guides, uninstall instructions

What is Stream?

Stream hijacks browsers by changing settings to woosh.pro (the address of a fake search engine). It is also likely to collect various data. Generally, users download and install apps of this type inadvertently and, for this reason, they are categorized as potentially unwanted applications (PUAs).

What is pdfsrch.com?

pdfsrch.com is the address of a fake search engine. These bogus search tools are typically unable to provide unique results. They are promoted by Potentially Unwanted Applications (PUAs) classified as browser hijackers.

Note that pdfsrch.com has been observed being promoted by the DoctoPDF, PDF Opener, MyDocsToPDF, ViewPDF, EasyConvert and Easy Conversion browser hijackers. This rogue software makes modifications to browser settings and restricts/denies access to them.

Additionally, most browser hijackers have data tracking capabilities, which are employed to monitor users' browsing activity.

What is Tituricsec?

Tituricsec is an adware-type application designed to serve advertisements and promote a fake search engine by changing certain browser settings. Therefore, it operates both as adware and a browser hijacker. Commonly, apps such as Tituricsec collect browsing-related (and other) data.

Note that users often download and install these apps inadvertently and, therefore, they are categorized as potentially unwanted applications (PUAs). This particular app is distributed through a deceptive Adobe Flash Player.

What is Black Claw?

Black Claw (also known as BlackClaw) makes files inaccessible by encrypting them with AES and RSA encryption algorithms, renames every encrypted file, and generates two ransom messages. It renames files by adding the victim's ID (e.g., "hgcapmh02i") and appending the ".bclaw" extension to filenames.

For example, it might rename a file named "1.jpg" to "1.jpg.[hgcapmh02i].bclaw", "2.jpg" to "2.jpg.[hgcapmh02i].bclaw", and so on. Instructions about how to contact the cyber criminals behind Black Claw (and other details) are provided in the "RECOVER YOUR FILES.txt" and "RECOVER YOUR FILES.hta" files.

What is Wbqczq?

Wbqczq is malicious software belonging to the Snatch ransomware family. This malware encrypts data and demands payment for decryption. During the encryption process, all affected files are appended with the ".wbqczq" extension. For example, a file originally named something like "1.jpg" would appear as "1.jpg.wbqczq" following encryption.

After this process is complete, a ransom message ("HOW TO RESTORE YOUR FILES.TXT") is dropped into compromised folders.

What is MacAppsHD?

MacAppsHD is rogue software classified as adware. It delivers intrusive ad campaigns. Additionally, this application has browser hijacker characteristics such as browser modification and promotion of bogus search engines. Most adware apps and browser hijackers monitor users' browsing activity, and it is highly likely that MacAppsHD does so as well.

Due to its dubious proliferation methods, this app is also classified as a Potentially Unwanted Application (PUA). One of the dubious techniques used to proliferate MacAppsHD is via fake Adobe Flash Player updates. Note that bogus software updaters/installers are also used to spread Trojans, ransomware and other malware.

What is searchsnow.com?

Searchsnow.com is the address of a fake search engine. In most cases, these addresses/fake search engines are promoted through browser hijackers, which change certain browser settings. Browser hijacking apps can also collect browsing-related and other information.

People often download and install these rogue apps inadvertently and, therefore, they are categorized as potentially unwanted applications (PUAs).

What is the FRM ransomware?

Discovered by Jakub Kroustek, FRM is a malicious program belonging to the Dharma ransomware family. Systems infected with this malware experience data encryption and users receive ransom demands for decryption.

During the encryption process, FRM ransomware renames affected files according to this pattern: original filename, unique ID assigned to the victims, cyber criminals' email address and the ".FRM extension. For example, a file like "1.jpg" would appear as something similar to "1.jpg.id-1E857D00.[hitsbtc@tuta.io].FRM" after encryption.

Once this process is complete, ransom messages are created in a pop-up window and within the "FILES ENCRYPTED.txt" text file.

What is TypicalFraction?

TypicalFraction is designed to promote the Safe Finder web page via akamaihd.net (the address of a fake search engine) by changing certain browser settings and feeding users with advertisements. Therefore, it is classified as an adware-type app, which has characteristics of a browser hijacker.

Research also shows that TypicalFraction can read sensitive information. Note that, in most cases, people download and install apps of this type inadvertently and, therefore, they are categorized as potentially unwanted applications (PUAs).

What is "AKHIL Healthcare Email Virus"?

Like many other spam (malspam) campaigns, this one is disguised as an official message from a legitimate company and is sent to trick recipients into opening (executing) a malicious file. The file contains a malicious attachment, an archive file (ZIP), which contains another malicious file designed to cause installation of LokiBot, an information-stealing Trojan.

Therefore, you are strongly advised to ignore this email and, more importantly, not to execute the malicious file within the attached .rar archive file.