Virus and Spyware Removal Guides, uninstall instructions

What is zpredir1[.]com?

zpredir1[.]com is a rogue website sharing many similarities with biz-4u.com, thenickelpress.com, behavingsoping.club and countless others. These sites operate by presenting visitors with dubious content and/or redirecting them to other untrusted or even malicious web pages.

Few visitors access zpredir1[.]com or similar websites intentionally - most are redirected to them by intrusive ads or Potentially Unwanted Applications (PUAs) already installed onto the system. PUAs cause redirects, run intrusive ad campaigns and track browsing-related information.

What kind of malware is Eking?

Eking belongs to the Phobos ransomware family. It encrypts files, renames them, and generates a number of ransom messages. Eking renames files by adding the victim's ID, decphob@tuta.io email address, and appending the ".eking" extension to filenames.

For example, it renames "1.jpg" to "1.jpg.id[1E857D00-2275].[decphob@tuta.io].eking", "2.jpg" to "2.jpg.id[1E857D00-2275].[decphob@tuta.io].eking", and so on. It displays a ransom message in a pop-up window ("info.hta") and creates another in a text file ("info.txt").

What is Weather Online Now?

Weather Online Now is advertised as an app providing the latest forecast updates. In fact, this is a browser hijacker that promotes a fake search engine (weatheronlinenow.com) by changing browser settings. Additionally, it might collect information relating to users' browsing activity.

Typically, users download and install browser hijackers unintentionally and, therefore, Weather Online Now is categorized as a potentially unwanted application (PUA).

What is Bunitu?

Bunitu is a Trojan, which turns infected computers into proxies for remote clients. It can reduce network traffic and be used to reroute IP addresses of infected computers and misuse them for malicious purposes. If there is any reason to believe that your computer is infected with this proxy Trojan, it should be uninstalled from the operating system immediately.

What is MR.ROBOT?

Discovered by GrujaRS, MR.ROBOT is a malicious program classified as ransomware. Systems infected with this malware have their files encrypted and users receive ransom demands for decryption tools.

During the encryption process, MR.ROBOT ransomware renames files by appending them with an extension consisting of five random characters. For example, a file such as "1.jpg" would appear as something similar to "1.jpg.4b506" following encryption, and so on for all affected files.

After the encryption process is complete, identical ransom messages are created in a pop-up window and a text file titled "info.txt".

What is Free Driver Maps?

Free Driver Maps browser hijacker promotes freedrivermapstab.com and searchnewfdm.com (addresses of fake search engines) by modifying certain browser settings. This app supposedly provides access to interactive maps, directions, news, weather and email provider websites.

Commonly, apps of this type promote fake search engines and collect browsing-related information. Free Driver Maps and other similar apps are categorized as potentially unwanted applications (PUAs), since people often download and install them inadvertently.

What is Koti?

Koti is malicious software, which is part of the Djvu ransomware family. It is designed to encrypt the files of infected systems in order to make ransom demands. When this ransomware encrypts, all affected files are appended with the ".koti" extension. For example, a file originally named something like "1.jpg" would appear as "1.jpg.koti" after encryption.

Following this process, a text file ("_readme.txt") is created in every compromised folder.

What is ZoNiSoNaL?

ZoNiSoNaL is a part of the Xorist ransomware family. It encrypts files and renames them by appending the ".ZoNiSoNaL" extension.

For example, "1.jpg" becomes "1.jpg.ZoNiSoNaL", "2.jpg" becomes "2.jpg.ZoNiSoNaL", and so on. ZoNiSoNaL drops the "HOW TO DECRYPT FILES.txt" file containing a ransom message in every folder that contains encrypted files, and displays another ransom message in a pop-up window.

What is theappsparty.net?

theappsparty.net is a fake and useless search engine, which is promoted through a potentially unwanted application (PUA), a browser hijacker. Typically, apps of this type promote fake search engine addresses by changing browser settings. Furthermore, browser hijackers gather details relating to users' browsing habits.

They are categorized as PUAs, since people often download and install them inadvertently.

What is Tiger PDF?

Tiger PDF is a browser hijacker designed to promote tigerpdf-search.com (the address of a fake search engine), which displays results generated by another (legitimate) search engine. Browser hijackers promote fake search engines by modifying browser settings. They often collect browsing data as well.

Apps of this type are categorized as potentially unwanted applications (PUAs), since users tend to download and install them inadvertently.