Virus and Spyware Removal Guides, uninstall instructions

What kind of software is Manuals Directory Search?

Manuals Directory Search is a potentially unwanted application (PUA), a browser hijacker that promotes the search.manualsdirectory-api.org fake search engine by modifying browser settings.

It is categorized as a PUA, since people often download and install this type of browser hijacker inadvertently. Note that, as well as promoting fake search engines, these apps collect information relating to users' browsing activities.

What is "ShareFile Attachment Email Scam"?

This is one of many phishing emails disguised as legitimate messages and distributed to trick unsuspecting recipients into providing the requested information: ShareFile login credentials (email address and password). Cyber criminals behind this email attempt to steal ShareFile accounts and might also use the provided information to steal other accounts.

You are strongly advised to ignore this email. Do not to enter the requested details on the deceptive website.

What is the "COVID-19 test" email?

"COVID-19 test" is yet another Coronavirus/COVID-19-themed spam email campaign. There are several variants of these deceptive emails, however, the common thread is that they all offer free coronavirus testing to recipients.

The messages claim that the attached files are forms/applications, however, the Excel spreadsheets initiate an infection chain: download/installation of the TrickBot Trojan. The primary purpose of this malware is to steal data such as banking information, cryptowallets and other private data.

What is Solider?

Solider was discovered by Amigo-A. This ransomware encrypts files, renames them by appending an extension, and generates ransom messages. Solider appends the ".xsmb" extension to a name of each encrypted file. For example, it renames a file named "1.jpg" to "1.jpg.xsmb", "2.jpg" to "2.jpg.xsmb", and so on.

It drops ransom messages ("contact.txt" and "contact.png") in all folders that contain encrypted data.

What is SearchHD?

SearchHD is software categorized as a browser hijacker that modifies browser settings to promote search-hd.com (a fake search engine). Furthermore, it monitors users' browsing activity. Since most users download/install SearchHD unintentionally, it is also classified as a Potentially Unwanted Application (PUA).

What is the "BBVA" email?

"BBVA" is a deceptive email designed to proliferate the Agent Tesla RAT (Remote Access Trojan). The text presented in these messages is in Spanish, and hence the intended targets are Spanish-speaking users. The email claims to contain information concerning due invoice payments.

Instead, the attached archived file contains the Agent Tesla malicious executable. RAT-type malware enables remote access and control over an infected system, thereby posing a serious threat to device and user safety.

What is yts[.]mx?

yts[.]mx is one of many torrent websites. It is not safe to use these websites to download software, files or other content, since they are often used by cyber criminals to proliferate malicious programs. Furthermore, it is illegal to download copyrighted content via torrent web pages.

Research shows that this particular website uses rogue advertising networks, which lead visitors to other dubious, potentially malicious pages.

What is Sekhmet?

Discovered by dnwls0719, Sekhmet is ransomware. This malicious program operates by encrypting data and demanding ransom payments for decryption. During the encryption process, all affected files are appended with an extension, consisting of random characters (e.g. ".HrUSsw", ".WNgh", ".NdWfEr", etc.).

Note that these extensions do not differ simply from infection to infection, they can be different on the same device. Therefore, victims might find that some of their files have one extension, whilst others are different. After the encryption process is complete, a ransom message ( "RECOVER-FILES.txt") is dropped into every compromised folder.

What is WinOptimizer?

As its name suggests, WinOptimizer is software that supposedly analyzes and optimizes Windows computers. Like most programs of this type, it suggests that people can scan their computers for unnecessary files, registry entries and running services, invalid shortcuts, etc.

In fact, this program is categorized as a potentially unwanted application (PUA), since developers distribute it through the set-ups of other programs. Commonly, users download and install PUAs inadvertently.

What is Ramsay?

Ramsay is malware capable of scanning computers, removable drives and network shares/drives, which are isolated from unsecured networks (such as public internet, unsecured local area networks), for files such as Microsoft Office documents, PDF documents and ZIP archives.

In this way, it can steal files from compromised devices. Research shows that Ramsay is capable of spreading itself onto other computers as well.