Virus and Spyware Removal Guides, uninstall instructions

What is Package Tracking Tab?

Package Tracking Tab is a potentially unwanted application, a browser hijacker which promotes packagetrackingtab.com (a fake search engine). Like most apps of this type, it achieves this by modifying certain browser settings. Browser hijackers also collect data relating to users' browsing activities.

They are categorized as potentially unwanted programs (PUAs), since people often download and install them inadvertently. Note that Package Tracking Tab is distributed with another PUA called Safeplex Search.

What is Media Convert Pro Promos?

Media Convert Pro Promos is software endorsed as a tool for easy access to file format conversion services. In fact, it operates by delivering intrusive advertisement campaigns and is therefore categorized as adware. Media Convert Pro Promos delivers various unwanted and even harmful ads.

Additionally, this adware has data tracking capabilities, which are employed to gather sensitive information derived from browsing activity. Since most users install Media Convert Pro Promos inadvertently, it is also classified as a Potentially Unwanted Application (PUA).

What is "2020 Visitor Feedback Survey"?

"2020 Visitor Feedback Survey" is one of many online scams whereby visitors of a deceptive website are offered rewards for completing a survey. This survey scam is used to promote various phishing websites on which visitors are asked to provide personal information - they can then supposedly claim the chosen reward.

The pages might also be designed to deceive visitors into transferring money and/or purchasing products. In any case, do not trust this survey scam or any web pages promoted through it.

What is filez[.]top?

filez[.]top is an untrusted file sharing website that employs rogue advertising networks. Therefore, visitors to filez[.]top are redirected to other dubious, deceptive and even malicious web pages through direct and indirect interaction with the content that it presents.

Additionally, this website employs browser notifications, which promote dubious and potentially harmful content. You are strongly advised against visiting or using filez[.]top.

What is Social Search?

Social Search operates as a browser hijacker and changes certain browser settings to socialsearch.com (the address of a search engine, which displays results generated by ask.com). Commonly, users download and install these apps unintentionally and, for this reason, they are categorized as potentially unwanted applications (PUAs).

What is Template Creator Tab?

Template Creator Tab is a rogue application endorsed as a tool for easy access to various templates and template creation services. In fact, this app operates by making modifications to browser settings to promote ttemplatecreator.co (a bogus search engine).

Therefore, Template Creator Tab is classified as a browser hijacker. Additionally, most software within this classification monitors users' browsing activity, and it is highly likely that Template Creator Tab has this function. Since most users download/install this browser hijacker inadvertently, it is also classified as a Potentially Unwanted Application (PUA).

What is the Unicorn ransomware?

Discovered by JamesWT, Unicorn is malicious software categorized as ransomware. Systems infected with this malware experience data encryption and users receive ransom demands for decryption.

During the encryption process, the filenames of all affected files are appended with an extension consisting of a curse-word (note, it is partially censored, and hence the asterisk symbols are not part of the actual extension), followed by the word "unicorn", and a string of random characters - none of the parts are separated with spaces (e.g. .fu**unicorn[random_string]).

For example, a file entitled "1.jpg" would appear as something similar to "1.jpg.fu**unicornhtrhrtjrjy" following encryption. After this process is complete, a text file ("READ_IT.txt") containing a ransom message in Italian is created. Unicorn ransomware also changes the desktop wallpaper with text presented in English.

Additionally, this malware might display a Coronavirus/COVID-19 pandemic map.

What is s3arch.page?

s3arch.page is a fake search engine promoted via the Suls APP browser hijacker (the site might be promoted by other hijackers as well).

Software within this category operates by modifying browser setting to promote fake search engines. In this case, the s3arch.page search engine. Additionally, this browser hijacker monitors users' browsing activity. Due to the dubious techniques used to proliferate s3arch.page, it is also classified as a Potentially Unwanted Application (PUA).

What is Get Online Recipes?

As its name suggests, Get Online Recipes apparently provides quick access to various recipe websites. In fact, this app promotes a fake search engine (search.getrecipesonlinetab1.com) by modifying certain browser settings. Browser hijackers also collect information relating to users' browsing habits.

People often download and install these apps type inadvertently and, therefore, they are categorized as potentially unwanted applications (PUAs).

What is payB?

Discovered by dnwls0719, payB is a malicious program belonging to the Dharma ransomware family. This ransomware operates by encrypting data and demanding payment for decryption.

During the encryption process, all affected files are renamed according to this pattern: original filename, unique ID assigned to the victim, cyber criminals' email address and the ".payB" extension. For example, a file named "1.jpg" would appear as something similar to "1.jpg.id-1E857D00.[paybit@aol.com].payB" following encryption.

After this process is complete, ransom messages are created in a pop-up window and text file ("FILES ENCRYPTED.txt").