Virus and Spyware Removal Guides, uninstall instructions

What is therightwaytofindplayering[.]pro?

therightwaytofindplayering[.]pro is a deceptive site running a scam claiming that Adobe Flash Player is outdated and must be updated immediately. In fact, this site promotes a fake Flash Player updater. These updaters are commonly used to proliferate untrustworthy and malicious content (e.g. trojans, ransomware and other malware).

At the time of research, the updater was bundled with the following untrusted applications: AnonymizerGadget version 4; CodecsSetup version 6.3.; nproject version 1.3, and; WebDiscover Browser 4.28.2.

Most users do not access scam web pages (including therightwaytofindplayering[.]pro) intentionally - they are redirected to them by intrusive advertisements or Potentially Unwanted Applications (PUAs) already infiltrated into the system.

What is Nosu?

Nosu is a part of the Djvu ransomware family. Like most programs of this type, Nosu is designed to prevent victims from accessing their files unless a ransom is paid. It encrypts data, creates a ransom message ("_readme.txt" text file) and appends the ".nosu" extension to the name of each encrypted file. For example, it renames "1.jpg" to "1.jpg.nosu", and so on.

What is Z9?

Z9 belongs to the Dharma ransomware family and was discovered by Raby. Ransomware-type programs generally encrypt victims' files, change associated filenames and create and/or display ransom messages. Z9 renames encrypted files by adding the victim's ID, the help.me24@protonmail.com email address, and appending the ".Z9" extension to filenames.

For example, "1.jpg" might be renamed to a filename such as "1.jpg.id-1E857D00.[help.me24@protonmail.com].Z9", and so on. Furthermore, this ransomware creates a ransom with a text file ("FILES ENCRYPTED.txt") and displays a pop-up window. Both contain instructions about how to contact the cyber criminals behind this ransomware.

What is thesafesoftwarevideoplayers[.]best?

thesafesoftwarevideoplayers[.]best is one of many untrustworthy websites designed by scammers who seek to deceive visitors into installing unwanted (potentially malicious) software through a fake Adobe Flash Player installer.

Typically, websites such as thesafesoftwarevideoplayers[.]best download a file, which is the installer of a browser hijacker, adware or other potentially unwanted application (PUA). These installers sometimes infect systems with Trojans, ransomware or other malicious software. In any case, never trust thesafesoftwarevideoplayers[.]best or other, similar sites.

What is search.genieosearch.com?

Identical to search.anilopo.com, search.pardessov.com, and many others, search.genieosearch.com is a fake search engine that supposedly enhances the browsing experience by generating improved results. Judging on appearance alone, search.genieosearch.com barely differs from Google, Yahoo, Bing, and other legitimate search engines.

Therefore, many users believe that it is also legitimate, however, developers promote this site using browser-hijacking downloaders/installers that modify browser options without users’ permission. In addition, search.genieosearch.com continually records information relating to web browsing activity.

What is thesafesoftwarevideoflash[.]best?

Thesafesoftwarevideoflash[.]best is a website designed by scammers who attempt to trick visitors into installing some potentially unwanted application (PUA) like adware, browser hijacker (or other app of this kind) through a fake installer of Adobe Flash Player.

In some cases such installers are designed to infect systems with malicious software like ransomware, Trojan, or other malware. In one way or another, neither thesafesoftwarevideoflash[.]best or any other similar website can be trusted.

Quite often websites of this type get opened through deceptive ads, other untrustworthy pages or by some PUA that is already installed on user's browser and/or operating system.

What is centersourceoffreeupgrades[.]best?

centersourceoffreeupgrades[.]best is a deceptive website claiming that visitors' Adobe Flash Player software is out-of-date. The purpose of this scam is to trick users into downloading/installing a fake Flash Player updater. Rogue software updates are commonly used to promote various untrustworthy and even malicious content.

For example, Potentially Unwanted Applications (PUAs) such as adware and browser hijackers. They can even proliferate malware (e.g. trojans, ransomware, etc.). Typically, scam pages are accessed via redirects caused by intrusive advertisements and/or PUAs already infiltrated into the system.

What is ActionHow?

ActionHow software is promoted as improving the browsing experience. It is supposedly capable of providing fast searches, accurate results, and so on. In fact, this adware diminishes the browsing experience by running intrusive advertisement campaigns (i.e., delivering unwanted and even harmful ads).

Most adware-type apps also have data tracking capabilities. Due to its dubious proliferation methods, ActionHow is also categorized as a Potentially Unwanted Application (PUA).

What is search.pricklybears.com?

search.pricklybears.com is the address of a fake search engine. Typically, fake search engines are promoted through various potentially unwanted applications (PUAs), browser hijackers. Applications of this type promote fake search engines by changing certain browser settings.

Furthermore, most gather various information relating to users' browsing habits. Browser hijackers are classified as PUAs, since people often download and install them inadvertently.

What is Kodc?

Discovered by Michael Gillespie, Kodc is a malicious program belonging to the Stop/Djvu ransomware family. Systems infected with this malware have data encrypted and their respective users receive ransom demands for decryption. When Kodc ransomware encrypts, all files are appended with the ".kodc" extension.

For example, a filename such as "1.jpg" appears as "1.jpg.kodc" following encryption, and so on for all affected files. After this process is finished, a text file ("_readme.txt") is created on the desktop.