Virus and Spyware Removal Guides, uninstall instructions

What is the "Coronavirus Face Mask" email?

"Coronavirus Face Mask" is a scam email designed to proliferate Agent Tesla malware. The message uses the coronavirus pandemic to further its scheme.

The email claims that recipients can order disposable face masks and forehead thermometers, however, rather than providing information concerning these products, the attached file contains the Agent Tesla RAT (Remote Access Trojan). This is a high-risk piece of malicious software that compromises device integrity and can lead to many serious issues.

What is SearchZilla?

SearchZilla is advertised as an app which improves the browsing experience. In fact, it changes browser settings to promote feed.search-zilla.com, the address of a fake search engine. Apps that operate in this way are classified as browser hijackers. Note that, as well as promoting fake search engines, browser hijackers also gather information.

Since people often download and install apps of this type unintentionally, they are also categorized as potentially unwanted applications (PUAs).

What kind of malware is Neshta?

Neshta is malicious software that infects executable (.exe) system files and uses them to collect system information. It might also target removable storage devices and network shares. Neshta sends the information to a web server controlled by cyber criminals.

Research shows that this malware is mainly used to attack companies that specialize in finance, consumer goods, and energy. It is also used to attack the manufacturing industry. In any case, Neshta should be removed from operating systems immediately.

What is Tongda2000?

Discovered by Jirehlov, Tongda2000 is one of many ransomware-type programs designed to encrypt files, change filenames and create/display ransom messages. Tongda2000 renames all files by appending "1" to their extensions. For example, it renames a file named "1.jpg" to "1.jpg1", and so on.

It creates at least one text file named "readme_readme_readme.txt", which contains instructions about how to pay the ransom and contact Tongda2000's developers.

What is Easy File Convert Promos?

Easy File Convert Promos is advertised as a program that converts documents, images, video and audio files to various formats. In fact, it also feeds users with various advertisements and is categorized as adware. These apps are also classified as potentially unwanted applications (PUAs), since people often download and install them inadvertently.

Furthermore, adware-type apps are capable of accessing and collecting information.

What is My Login Hub?

The My Login Hub application supposedly provides quick access to various email accounts - users can supposedly access them directly from a newly opened tab. In fact, My Login Hub is actually a browser hijacker, a potentially unwanted application (PUA). Generally, browser hijackers promote the addresses of fake search engines by changing browser settings.

Furthermore, most collect browsing data. They are classed as PUAs, since people tend to download and install them unintentionally. Note that My Login Hub is installed together with another PUA called Hide My Searches.

What is Go Easy Directions Promos?

Go Easy Directions Promos is endorsed as a tool for easy access to various maps and routes, however, it is categorized as adware. Following successful infiltration, this app runs intrusive advertisement campaigns and delivers unwanted and even harmful ads.

Additionally, Go Easy Directions Promos has data tracking capabilities, which are employed to monitor users' browsing activity. Since few users install this software intentionally, it is also classified as a Potentially Unwanted Application (PUA).

What are "Mostheatdr websites?

Mostheatdr is a group of deceptive sites promoting various scams.

Web pages belonging to this group have been observed promoting the "Dear Safari User, You Are Today's Lucky Visitor" scheme, however, they might also run other scams. Typically, people access these deceptive sites via redirects caused by intrusive ads, or via Potentially Unwanted Applications (PUAs) already installed on the system

What is Heodo?

Heodo is a malicious program and another version of Emotet. Cyber criminals behind Heodo can use it to perform many malicious tasks. For example, to download and execute/install additional malware, steal various personal/sensitive information, and others. Therefore, if Heodo is installed on the operating system, remove it immediately.

What is R44s?

R44s is a new variant of Ranion ransomware. Systems infected with this malware have their data encrypted and users receive ransom demands for decryption tools/software. When this ransomware encrypts, all affected files are appended with the ".r44s" extension.

For example, a file originally named "1.jpg" would appear as "1.jpg.r44s" following encryption. Once this process is complete, a ransom message ("README_TO_DECRYPT_FILES.html") is created.