Virus and Spyware Removal Guides, uninstall instructions

What is Sqpc?

Sqpc is a malicious program that belongs to the Djvu ransomware family. It encrypts all files, renames them by appending the ".sqpc" extension (e.g., it renames "1.jpg" to "1.jpg.sqpc" "2.jpg" to "2.jpg.sqpc", etc.) and creates ransom messages within text files named "_readme.txt", which it drops into all folders that contain encrypted files.

What is apxs.xyz?

apxs.xyz is one of many fake search engines available online. Typically, their addresses are promoted by browser hijackers - potentially unwanted applications (PUAs) that promote fake search engines by changing browser settings. They are categorized as PUAs, since people often download and install them inadvertently.

Commonly, browser hijackers are designed to promote fake search engines, but also collect browsing-related information and other details.

What is searchsafelypro.com?

searchsafelypro.com is the address of a fake search engine. Generally, these URLs are promoted by potentially unwanted applications (PUAs) classified as browser hijackers. Apps of this type promote fake search engines (hijack browsers) by modifying browser settings.

Commonly, they also function as information tracking tools. Note that people often download and install browser hijackers inadvertently.

What is SearchSafe?

SearchSafe is a browser hijacker advertised as a tool designed to increase web search security and privacy. It can supposedly encrypt search queries and automatically delete them after thirty minutes of inactivity. In fact, SearchSafe operates by making modifications to browser settings to promote searchsafe.org (a fake search engine).

Additionally, this software has data tracking capabilities, which are employed to monitor users' browsing activity. Since most users install SearchSafe inadvertently, it is also classified as a Potentially Unwanted Application (PUA).

What is Nemty Special Edition?

Discovered by Anti-malware vigilante, Nemty Special Edition is a malicious program and a new variant of NEMTY REVENUE 3.1 ransomware. It encrypts data and demands payment for decryption.

During the encryption process, all affected files are appended with an extension consisting of the word "NEMTY", the underscore symbol, and a random character string (".NEMTY_[random_string]"). For example, a file originally named "1.jpg" would appear as something similar to "1.jpg.NEMTY_GAGK0TW" following encryption.

After this process is complete, a ransom message("NEMTY_[random_string]-DECRYPT.txt") is created. The same malicious executable file, used to proliferate Nemty Special Edition, also injects Vidar trojan. One of the known distribution methods of this ransomware is via spam campaigns, mainly targeting South Korean users.

What is Dacls RAT?

Dacls is a Remote Access Trojan (RAT) designed to target Mac operating systems. It is the Mac variant of the Dacls RAT, which targets Windows and Linux operating systems. Remote Access Trojans operate by allowing remote access and control over an infected device.

The level of control varies. Some RATs can grant the cyber criminals' using them user-level control over the affected machine. Usually, this type of malware is employed to steal data, however, they can also have other capabilities and features.

What is .HaCk?

.HaCk ransomware was discovered by dnwls0719 and ransomware is designed to prevent victims from accessing their files by encryption with a strong encryption algorithm, renaming them and generating a ransom message. It renames encrypted files by appending the ".HaCk" extension to filenames.

For example, it changes a file such as "1.jpg" to "1.jpg.HaCk", "2.jpg" to "2.jpg.HaCk", and so on. It also drops ransom messages (text files named "LEEME.txt") in all folders that contain encrypted files.

What is StreamingSearch?

Like most browser hijackers, StreamingSearch promotes the address of a fake search engine and gathers various data. This browser hijacker promotes streamsrch.com by changing certain browser settings. Apps of this type are categorized as potentially unwanted application (PUAs), since people often download and install them inadvertently.

What is Zemblax?

Discovered by James, Zemblax is a part of the Jigsaw ransomware family. Like most programs of this type, Zemblax blocks access to files by encryption, modifies their filenames and generates a ransom message. It renames encrypted files by appending the ".zemblax" extension to filenames.

For example, it renames "1.jpg" to "1.jpg.zemblax", "2.jpg" to "2.jpg.zemblax", etc. Instructions about how to pay for data decryption are provided in a pop-up window.

What is 0day0?

Discovered by dnwls0719, 0day0 is a malicious program belonging to the Dharma ransomware family. This malware encrypts data in order to demand ransom payments for decryption tools/software.

During the encryption process, files are renamed following this pattern: original filename, unique ID assigned to the victim, cyber criminals' email address and the ".0day0" extension. For example, a file like "1.jpg" would appear as something similar to "1.jpg.id-1E857D00.[day_0@aol.com].0day0", and so on for all affected files.

Once this process is complete, ransom messages are created in a pop-up window and the "FILES ENCRYPTED.txt" text file.