Virus and Spyware Removal Guides, uninstall instructions

What is Ravack?

Discovered by dnwls0719, Ravack is malicious software belonging to the Hakbit ransomware family. It has been known to proliferate via fake Movavi Video Editor 20 Plus installers. Systems infected with this malware have their data encrypted and users receive ransom demands for decryption.

During the encryption process, all affected files are appended with the ".ravack" extension. For example, a file originally named something like "1.jpg" would appear as "1.jpg.ravack" following encryption.

Once this process is finished, Ravack ransomware drops a ransom message (within "HELP_ME_RECOVER_MY_FILES.txt") onto the victim's desktop, the wallpaper of which is also changed.

What is Game Finder Pro?

The Game Finder Pro app supposedly provides quick access to various online games, however, this application is categorized as a potentially unwanted application (PUA), a browser hijacker.

It promotes a fake search engine (via the search.hgamefinderpro.com and hp.hgamefinderpro.com addresses) by changing browser settings. Typically, browser hijackers gather various information and are classified as PUAs, since people usually download and install them inadvertently.

What is youtubetomp3[.]biz?

youtubetomp3[.]biz is an untrusted website offering a service that infringes copyright laws: conversion of YouTube videos to MP3 and MP4 file formats. The site also uses rogue advertising networks. Therefore, visitors to this site are redirected to other dubious and potentially malicious web pages.

This is a common monetization tactic of such websites. You are strongly advised against visiting or using youtubetomp3[.]biz or other, similar websites.

What is ryseconomi[.]info?

ryseconomi[.]info is the address of a website that redirects visitors to other dubious sites or loads dubious content. There are many other web pages of this type on the internet. Some examples are goodbase[.]biz, 1000-dollar[.]cash and thefastpush[.]com.

They are opened by potentially unwanted apps (PUAs) installed on the browser or operating system. Therefore, people do not generally visit sites such as ryseconomi[.]info intentionally. Note that PUAs often record browsing data and display intrusive ads.

What is the PC Power Speed application?

PC Power Speed software is classified as a Potentially Unwanted Application (PUA). It is promoted as a top-rated operating system cleaner and optimizer. Amongst the functions promised are system speed boosting, maximization of disk and memory space, system error repair and many others.

In fact, most users download and install this application intentionally due to its dubious proliferation methods, hence its classification as a PUA.

What is Assist_decoder?

Assist_decoder was discovered by Amigo-A and is part of the Cryakl ransomware family. Malicious programs of this type are designed to encrypt files, rename them and create and/or display ransom messages.

Assist_decoder renames encrypted files by adding the 3335799@protonmail.com_sel1 email address, the victim's ID, and appending an extension of three random characters to filenames.

For example, it would rename a file such as "1.jpg" to "1.jpg[3335799@protonmail.com_sel1][59436244-F9E4D68F].vjy", "2.jpeg" to "2.jpeg[3335799@protonmail.com_sel1][59436244-F9E4D68F].spq", and so on. Assist_decoder drops a text file ("README.txt") containing a ransom message in all folders that contain encrypted data.

What is TV Search?

TV Search is a browser hijacker endorsed as a tool supposedly capable of providing access to various free TV and movie streaming services. This software modifies browser settings to promote services.gettvsearch-svc.org (a fake search engine). Furthermore, it monitors users' browsing activity.

Due to the dubious methods used to proliferate the TV Search browser hijacker, it is also classed as a Potentially Unwanted Application (PUA).

What is Cheetah keylogger?

Cheetah is a keylogger (keystroke logger), which is sold for $30/month, $65/three months, and $110/year. Software of this type records keys pressed on the keyboard (keyboard input).

Typically, cyber criminals attempt to trick people installing keyloggers on their computers so that they can steal their personal, sensitive information, which is then used to generate revenue in various ways. If you believe that Cheetah (or another program of this type) is installed on the operating system, remove it immediately.

What are the Winprizes sites?

Winprizes is a group of deceptive websites, which promote various scams. For example, these web pages have been observed promoting "Latest version of Adobe Flash Player" and "Dear Chrome User, Congratulations!" scams. Note that different schemes or other dubious content might also be accessed via these web pages.

Most users access such websites unintentionally - they are redirected to them by intrusive advertisements or Potentially Unwanted Applications (PUAs) already infiltrated into the system. These apps do not need explicit permission to be installed onto devices.

What is Rxx?

Rxx is malicious software belonging to the Dharma ransomware family. This malware was discovered by Jakub Kroustek and operates by encrypting data in order to demand payment for decryption tools/software.

During the encryption process, all compromised files are renamed according to the following pattern: original filename, unique ID, cyber criminals' email address and ".rxx" extension. For example, a file such as "1.jpg" would appear as something similar to "1.jpg.id-1E857D00.[back_data@foxmail.com].rxx" following encryption.

Once this process is finished, a pop-up window is displayed and a text file ("FILES ENCRYPTED.txt") is created.