Virus and Spyware Removal Guides, uninstall instructions

What is Bomba?

Bomba is malicious software belonging to the Scarab ransomware family. Systems infected with this malware have their data encrypted and users receive ransom demands for decryption tools/software. During the encryption process, all affected flies are appended with the ".bomba" extension.

For example, a file originally named something like "1.jpg" would appear as "1.jpg.bomba" following encryption. Once this process is finished, a ransom message within the "HOW TO RECOVER ENCRYPTED FILES.TXT" text file is dropped into every compromised folder. Additionally, Bomba ransomware disables Windows Task Manager.

What is iMacCleaner?

iMacCleaner is advertised as a software which improves computer performance by cleaning unwanted files and the browser cache, and uninstalling unwanted software.

In fact, this app is categorized as a potentially unwanted application (PUA) due to the method that developers use to distribute it: they include iMacCleaner as an additional offer into the set-ups of other programs. Commonly, people download and install these apps inadvertently.

What is RecognitionAssist?

RecognitionAssist is a potentially unwanted application (PUA) designed to operate both as a browser hijacker and adware. It changes certain browser settings to the address of a fake search engine and feeds users with advertisements. This app promotes the Safe Finder web page by opening it via akamaihd.net, another bogus address.

Apps such as RecognitionAssist are often designed to gather information relating to users' browsing habits. The main reason why these apps are categorized as PUAs is since people tend to download and install them unintentionally.

What is SIGARETA?

SIGARETA is a malicious program belonging to the NEFILIM ransomware family. This particular ransomware infection was discovered by GrujaRS. Typically, malware of this type encrypts files, modifies filenames, and creates and/or displays ransom messages.

SIGARETA renames encrypted files by appending the ".SIGARETA" extension to filenames. For example, it renames "1.jpg" to "1.jpg.SIGARETA", "2.jpg" to "2.jpg.SIGARETA", and so on. Instructions about how to contact the cyber criminals behind SIGARETA can be found in the "SIGARETA-RESTORE.txt" text file/ransom message.

What is Enced?

Discovered by Amigo-A, Enced (also known as PedoFinder/PedoTrap ransomware) is a ransomware-type malicious program. Typically, malware classified as ransomware encrypts data and demands payment for decryption tools. At the time of research, however, Enced did not encrypt the data of infected systems.

Following successful infiltration, this malware creates a ransom message named "READ_ME.html". The message within threatens users with exposing them as paedophiles and publicizing their identity, unless they pay a ransom.

What is Sdkkxbh?

Sdkkxbh is a part of the Snatch ransomware family and was discovered by Joakim Kennedy. Like most programs of this type, this ransomware encrypts files, modifies filenames and provides victims with instructions about how to contact the developers through a ransom message.

Sdkkxbh renames encrypted files by appending the ".sdkkxbh" extension to filenames. For example, it renames "1.jpg" to "1.jpg.sdkkxbh", "2.jpg" to "2.jpg.sdkkxbh", etc. It also drops the "HOW TO RESTORE YOUR FILES.TXT" ransom message in every folder that contains encrypted files.

What is Task Manager Tab?

Task Manager Tab is a potentially unwanted application (PUA) advertised as a tool that supposedly includes features such as an online calculator, calendar and 'to do' list. In fact, its primary goal is to change certain browser settings to taskmanagertab.com to promote a fake search engine.

These apps often collect information relating to users' browsing activities as well. Browser hijackers are categorized as PUAs, since people often download and install them inadvertently.

What is File Conversion Now?

File Conversion Now is a rogue application advertised as an easy access tool for file format converters. It is categorized as a browser hijacker, due to the modifications it makes to browsers to promote hfileconversionnow.com (a bogus search engine). This app also possesses data tracking capabilities, which are employed to monitor users' browsing activity.

Software programs that are distributed via dubious methods are classified as Potentially Unwanted Applications (PUAs), and this includes File Conversion Now. File Conversion Now is often installed together with another PUA called Hide My History.

What is Get Quick Directions?

Get Quick Directions is browser hijacker which promotes getquickdirections.com (the address of a fake search engine) by modifying certain browser settings. It might also track and record various data. Generally, people download and install apps of this type inadvertently and, therefore, they are categorized as potentially unwanted applications (PUAs).

What is "Institut za zdravstvo Srbije"?

Cyber criminals increasingly attempt to exploit the coronavirus crisis in various ways. This malspam campaign is disguised as a COVID-19-themed message from Institute of Health of Serbia regarding distribution of protective equipment.

Cyber criminals responsible attempt to trick recipients into infecting their computers with GuLoader through the malicious executable in the attached archive file. Therefore, do not trust this email and leave its attachment unopened.