Virus and Spyware Removal Guides, uninstall instructions

What is SearchAholic?

SearchAholic is rogue software categorized as a browser hijacker. It operates by modifying browser settings and restricting/denying access to them to promote a fake search engine (search-aholic.com). Additionally, it has data tracking capabilities employed to monitor users' browsing activity.

Due to SearchAholic's dubious distribution techniques, is also classified as a potentially unwanted program (PUA).

What is MyGamesSearches?

MyGamesSearches is a browser hijacker, but advertised as a tool for easy access to various online games. It modifies browser settings and promotes gamsrch.com (a fake search engine). MyGamesSearches also monitors users' browsing habits. Since many people install this software unintentionally, it is classified as a Potentially Unwanted Application (PUA).

What is HomeGuard?

HomeGuard is endorsed as software for parental control and activity monitoring. Some of its features include a pornography filter, website blocker, keylogging (i.e., recording of keystrokes), screen-capturing based on activity, gaming time restricting, hardware (e.g. printer and USB) monitoring and blocking, and so on.

Due to the dubious proliferation methods of HomeGuard, many users download and install it unintentionally. Therefore, it is classified as an unwanted application.

What is the "Attention 22 threats found" scam?

"Attention 22 threats found" is a technical support scam run on deceptive websites. It makes claims that "22 threats" have been detected on the users' devices to trick them into calling a fake tech support line. No web page can detect threats/issues present on a visitor's system.

Any that make such statements are scams. Therefore, you are expressly advised against trusting the "Attention 22 threats found" scheme. Typically, users access these deceptive web pages though redirects caused by intrusive ads or Potentially Unwanted Applications (PUAs).

What is xHIlEgqxx?

Discovered by GrujaRS, xHIlEgqxx ransomware prevents victims from accessing and using their files by encryption with a strong encryption algorithm. It renames all encrypted files by appending the ".xHIlEgqxx" extension to filenames. For example, it would rename a file called "1.jpg" to "1.jpg.xHIlEgqxx", "2.jpg" to "2.jpg.xHIlEgqxx", and so on.

This ransomware drops a ransom message (within a text file named "ReadMe.txt") in every folder that contains encrypted files.

What is Fantasic Movies?

Fantasic Movies hijacks browsers and promotes a fake search engine (fantasicmovies.com) by modifying the settings. Commonly, apps of this type change browser settings and gather data. People often download and install browser hijackers inadvertently and, for this reason, they are categorized as potentially unwanted applications (PUAs).

What is "ProtonMail email scam"?

"ProtonMail email scam" refers to a spam campaign designed to hijack users' ProtonMail mail accounts. These messages claim that the recipient's email account has been suspended due to unspecified and unresolved errors, hence they risk losing access and suffering data deletion.

The scam urges people to address the issues immediately, however, the link presented in the email leads to a phishing website. Attempting to log-in through this site will reveal usernames and passwords to the scammers, thereby allowing them to gain access to the exposed ProtonMail accounts.

What is "ZoneAlarm Global Virus Alert"?

Like most technical support scams, this one claims that the user's personal, sensitive information is stolen and the computer is infected with malware. Its main purpose is to trick unsuspecting people into calling scammers via the provided telephone number.

Typically, scammers behind these deceptive websites seek to extort money from users by deceiving them into paying for remote "support services" software. They might also ask people to grant remote access to their computers. In any case, such scams should never be trusted.

Note that this scam mentions legitimate antivirus software called ZoneAlarm, however, neither this software, nor the internet security software company that developed it, has anything to do with this scam.

What is Geminis?

Discovered by dnwls0719, Geminis is a malicious program categorized as ransomware. Systems infected with this malware suffer data encryption and users receive ransom demands for decryption keys/software. When Geminis ransomware encrypts data, files are appended with the ".geminis3" extension.

Therefore, a file originally named something like "1.jpg" would appear as "1.jpg.geminis3 following encryption, and so on for all affected files. After this process is complete, a ransom message ("README.txt") is dropped into every compromised folder.

What is hesterinoc[.]info?

hesterinoc[.]info is one of many sites that redirect visitors to other untrusted websites or load dubious content. More examples of pages that function in this way are promodayz[.]com, overiesarticu[.]info and pushpush[.]net. Typically, these web pages are opened through dubious ads, rogue web pages or potentially unwanted applications (PUAs) installed on the browser.

Most users do not visit websites such as hesterinoc[.]info intentionally.