Virus and Spyware Removal Guides, uninstall instructions

What is sLoad?

sLoad (also known as StarsLord) is the name of malicious software that infects operating systems with other malware (e.g., a banking Trojan or ransomware). In this way, sLoad operates as a malware downloader/dropper. Research shows that cyber criminals proliferate sLoad via spam campaigns (emails) - i.e., through malicious documents attached to email messages.

If you believe that sLoad (and its payload) might be installed on the operating system, remove it immediately.

What is world-search.net?

world-search.net is the address of a bogus search engine. Fake web searching tools are usually promoted by rogue software classified as browser hijackers. Music World Search is a browser hijacker known to promote world-search.net. Furthermore, most bogus search engines and browser hijacker record browsing activity.

Browser hijackers are seldom installed intentionally and are, therefore, also classified as Potentially Unwanted Applications (PUAs).

What is Mpal?

Mpal is malicious software belonging to the Djvu ransomware family. It encrypts data and demands payment for decryption. During the encryption process, all affected files are appended with the ".mpal" extension. For example, a file originally named something like "1.jpg" would appear as "1.jpg.mpal" following encryption.

After this process is complete, a ransom message ("_readme.txt") is created on the desktop. Additionally, Mpal ransomware disables Windows Task Manager.

What is Php ransomware?

Discovered by Jakub Kroustek, Php is a ransomware-type infection from the Dharma malware family. After successful infiltration, Php encrypts most stored files, thereby rendering them unusable.

During encryption, Php appends filenames with the victim's unique ID, developer's email address, and ".php" extension (e.g., "sample.jpg" might be renamed to a filename such as "sample.jpg.id-1E857D00.[back_me@foxmail.com].php").

Once encryption is complete, Php generates a text file ("RETURN FILES.txt") and stores it on the desktop. In addition, Php opens a pop-up window.

What is SocialNewPages?

SocialNewPages is a browser hijacker endorsed as a tool for easy access to various popular social networking/media websites (e.g. Facebook, Twitter, LinkedIn, etc.) in addition to supposedly generating improved search results. In fact, it stealthily modifies web browser settings to promote search.socialnewpagessearch.com (a fake search engine).

Furthermore, SocialNewPages continually records data relating to browsing activity. Due to its dubious proliferation methods, this software is also categorized as a Potentially Unwanted Application (PUA).

What is allmeganews[.]com?

There are many rogue websites similar to allmeganews[.]com. Others examples include rdsb2[.]club, hesterinoc[.]info and cicort[.]com. Usually, these web pages display dubious content or redirect visitors to other untrusted, potentially malicious websites.

Commonly, they are opened by browsers that have potentially unwanted apps (PUAs) installed on them. Therefore, most users do not visit allmeganews[.]com or other, similar sites intentionally.

What is MySafeSearch?

MySafeSearch is rogue software classified as a browser hijacker. It operates by making modifications to browsers to promote my-safesearch.com (a fake search engine), which redirects to another bogus search engine (search.showmoreabout.com). Additionally, this browser hijacker monitors users' browsing activity.

Due to MySafeSearch's dubious proliferation methods, it is also classified as a Potentially Unwanted Application (PUA).

What is Decent Search?

Decent Search is advertised as an app which improves the browsing experience, however, this is a potentially unwanted application (PUA) classified as a browser hijacker.

Decent Search promotes somedecentsearch.com (a fake search engine) by changing browser settings and collecting details relating to users' browsing habits. Apps of this type are categorized as PUAs since people rarely download or install them intentionally.

What is AristotleLookup?

AristotleLookup is one of many potentially unwanted applications (PUAs) that are distributed through an Adobe Flash Player fake installer designed to serve advertisements, promote a fake search engine and gather various information. In this way, AristotleLookup functions as adware and a browser hijacker.

Apps of this type are categorized as PUAs, since users often download and install them unintentionally.

What is Pigzqbqnvbu?

Discovered by GrujaRS, Pigzqbqnvbu is a malicious program that is part of the Snatch ransomware family. This malware encrypts data in order to demand ransom payments for decryption tools/software. During the encryption process, all compromised files are appended with the ".pigzqbqnvbu" extension.

For example, a file like "1.jpg" would appear as "1.jpg.pigzqbqnvbu" following encryption. After this process is complete, a ransom-demanding message ("HOW TO RESTORE YOUR FILES.TXT") is dropped into every affected folder.