Virus and Spyware Removal Guides, uninstall instructions

What is qlopx.xyz?

qlopx.xyz is the address of a fake search engine promoted through a potentially unwanted application (PUA), a browser hijacker called SApp+ (or Smash App+). It is possible that other apps also promote qlopx.xyz. Generally, apps of this type promote the addresses of fake search engines by changing browser settings.

Browser hijackers also gather information. They are classified as PUAs, since people usually download and install them unintentionally.

What is Anon?

Discovered by malware researcher Raby, Anon is a malicious program classified as ransomware. Systems infected with this malware suffer data encryption and users receive ransom demands for decryption. During the encryption process, all affected files are appended with the ".anon000" extension.

For example, "1.jpg" would appear as "1.jpg.anon000". After this process is complete, Anon ransomware displays a pop-up window, which contains the ransom message.

What is MuchLove?

MuchLove is a ransomware-type infection based on HiddenTear. It renames all encrypted files by appending the ".encrypted" extension to filenames. For example, it renames "1.jpg" to "1.jpg.encrypted", and so on. MuchLove also creates a ransom message within the "READ_IT.txt" file, which can be found in folders that contain encrypted data.

What is Rezm?

Rezm is a ransomware-type program that belongs to the Djvu family. It encrypts files that are stored on the infected computer, renames them and creates a ransom message. This ransomware renames all files by appending the ".rezm" extension to filenames.

For example, Rezm renames a file named "1.jpg" to "1.jpg.rezm", and so on. The ransom message created by Rezm is within a text file named "_readme.txt".

What kind of malware is Dewar?

Dewar is a malicious program belonging to the Phobos ransomware family. Systems infected with this malware have their data encrypted and users receive ransom demands for decryption. During the encryption process, all affected files are renamed according to the following pattern: original filename, unique ID, developer's email address and the ".dewar" extension.

For example, a file like "1.jpg" would appear as something similar to "1.jpg.id[1E857D00-2718].[kryzikrut@airmail.cc].dewar".

What is Speed Test Guide?

Speed Test Guide is a browser hijacker and endorsed as a free tool capable of internet speed testing, access to previous tests and speed improvement tips, etc. In fact, Speed Test Guide operates by altering browser settings to promote a fake search engine (speedtest-guide.com).

Furthermore, it has data tracking capabilities, which are employed to monitor users' browsing habits. Due to its dubious proliferation methods, Speed Test Guide is also classified as a Potentially Unwanted Application (PUA).

What is PDF Opener?

The PDF Opener browser hijacker promotes pdfsrch.com, the address of a fake search engine. Like most apps of this type, PDF Opener achieves this by changing browser settings. Furthermore, browser hijackers usually gather details relating to users' browsing habits.

These apps are categorized as potentially unwanted applications (PUAs), since people tend to download and install them inadvertently.

What is Sorena?

Discovered by Jirehlov, Sorena is malicious software categorized as ransomware. Systems infected with this malware have their data encrypted and users receive ransom demands for decryption. During the encryption process, all affected files are renamed with the following pattern: original filename, cyber criminals' email address, unique ID and the ".sorena" extension.

For example, a file such as "1.jpg" would appear as something similar to "1.jpg.Email=[MasterFile001@protonmail.com]ID=[GKKUEMKNJJOXPKVDEPIO].sorena" after encryption. Once this process is complete, a ransom message within the "how_to_decrypt.txt" file is created.

What is Kiss?

Kiss is a part of Phobos, a family of ransomware-type malicious programs. It changes filenames of all encrypted files, displays a ransom message and creates another in a text file. Kiss renames files by adding the victim's ID, 2katrin@tuta.io email address and appending the ".kiss" extension to filenames.

For example, "1.jpg" might become "1.jpg.id[1e857d00-2641].[2katrin@tuta.io].kiss", and so on. It creates a text file named "info.txt" and displays another ransom message in a pop-up window from the created "info.hta" file.

What is the World Events Today browser hijacker?

World Events Today is a rogue application classified as a browser hijacker and a Potentially Unwanted Application (PUA). It is advertised as a tool capable of providing easy access to the latest news. As a browser hijacker, World Events Today operates by modifying browsers to promote the search.hworldeventstoday.com (or hp.hworldeventstoday.com) fake search engine.

Additionally, it has data tracking capabilities, which are employed to monitor users' browsing activity. This app is classified as a PUA, since most users install it inadvertently. Note that World Events Today is frequently distributed together with another PUA called Hide My History.