Virus and Spyware Removal Guides, uninstall instructions

What is RedRum?

RedRum encrypts files, rendering them inaccessible unless victims recover them with decryption software and keys that can purchased from the cyber criminals who designed this ransomware. RedRum renames all encrypted files by adding the victim's ID and moncler@tutamail.com email address to their filenames and appending the ".redrum" extension.

For example, "1.jpg" might be changed to "1.jpg.id-1E857D00. [Moncler@tutamail.com] .redrum" or similar (updated variants append ".thanos" and ".grinch" extensions). It also stores ransom messages in the form of text files (named "decryption.txt") in all folders that contain encrypted files.

What is Chch?

Discovered by GrujaRS, Chch is a ransomware infection. This malicious software is designed to encrypt data and demand ransom payments for decryption tools/software.

When Chch encrypts, all affected files are renamed with the ".chch" extension. For example, "1.jpg" would appear as "1.jpg.chch" following encryption. After this process is complete, a text file ("READ_ME.TXT") is stored on the desktop. This file contains the ransom message.

What is preciseeditor[.]pw?

preciseeditor[.]pw is a deceptive website designed to trick people into installing unwanted software through a fake Adobe Flash Player updater. Its setup contains MyCouponsmart adware, the SearchMine browser hijacker and a rogue application called Mac Cleanup Pro.

Both of these apps are categorized as potentially unwanted applications (PUAs), since people usually do not download or install software of this kind intentionally. We strongly advise against trusting pages such as preciseeditor[.]pw or downloading software from them.

What is Bobelectron?

Discovered by dnwls0719, Bobelectron is a malicious program classified as ransomware. This malware is designed to encrypt the data of infected devices. Cyber criminals behind the infection demand ransom payments for decryption of files. When Bobelectron encrypts, all files are renamed with the ".bobelectron" extension.

Therefore, "1.jpg" would appear as "1.jpg.bobelectron", and so on for all compromised files. Following this process, an HTML file ("How_to_open_files.html") is created on the desktop.

What is AreaProduct?

AreaProduct is a potentially unwanted application (PUA), which is classified as adware. Generally, these apps serve various advertisements and collect browsing data. Few people download or install apps such as AreaProduct intentionally - another reason why they are classified as PUAs.

What is Nbes?

Belonging to the Stop/Djvu ransomware family, Nbes is malicious software designed to encrypt data and demand ransom payments for decryption.

During the encryption process, all compromised files are appended with the ".nbes" extension. Therefore, "1.jpg" would appear as "1.jpg.nbes", and so on. Once this process is finished, Nbes stores a text file ("_readme.txt") containing the ransom message on the victim's desktop.

What is terko[.]pro?

Virtually identical to pushbesttools.com, androidrecaptcha.info, real-news.net and thousands of others, terko[.]pro is a rogue website. Visitors to it are presented with dubious content and/or redirected to other untrustworthy, even malicious web pages. These websites are rarely accessed intentionally.

Most users are redirected to terko[.]pro by intrusive ads or Potentially Unwanted Applications (PUAs) already present on the system. Note that these apps do not require express permission to infiltrate devices. Following successful installation, PUAs cause redirects, run intrusive advertisement campaigns and monitor users' browsing habits.

What is hellopushworld[.]com?

When opened, hellopushworld[.]com causes redirects to rogue websites or loads dubious content. There are many websites that operate in a similar manner to hellopushworld[.]com. Some examples are ultimate-captcha[.]com, pushbesttools[.]com and detailorproteradie[.]info.

Generally, visitors do not open these sites intentionally. Typically, they are redirected to them by potentially unwanted applications (PUAs) installed on browsers and/or operating systems. Furthermore, most PUAs display intrusive ads and record browsing data.

What is Relola?

Relola is a browser hijacker which promotes search.relola.com, the address of a dubious search engine. Typically, browser hijackers promote search engines by changing certain browser settings. Furthermore, these apps usually gather various private information.

Most people download or install programs of this kind unintentionally and, for this reason, they are classed as potentially unwanted applications (PUAs).

What is search.ishimotto.com?

Identical to search.romandos.com, search.yofitofix.com, search.pensirot.com, and many others, search.ishimotto.com is a fake search engine that supposedly enhances the browsing experience by generating improved results. Judging on appearance alone, search.ishimotto.com barely differs from legitimate search engines such as Google, Bing, Yahoo, etc.

Therefore, many users believe that search.ishimotto.com is also legitimate and useful. In fact, this site is promoted using rogue downloaders/installers that modify browser options without permission. In addition, search.ishimotto.com records various information (mostly relating to web browsing habits).