Virus and Spyware Removal Guides, uninstall instructions

What is My Flight Finder?

My Flight Finder is advertised as an app that allows users to access websites, which provide information about the flights of various airlines. In fact, it operates as a browser hijacker, changing browser settings and gathering information.

Typically, people do not download or install apps of this type intentionally and, for this reason, My Flight Finder is classified as potentially unwanted application (PUA).

Furthermore, developers distribute it with another PUA called Hide My Searches. Therefore, it is very likely that people who have installed My Flight Finder, also have Hide My Searches installed on their systems.

What is The PC Power?

The PC Power is software endorsed as a system cleaner and optimizer. It is allegedly capable of freeing up storage space, detecting and removing unnecessary files, malware, spyware, adware, and other threats/issues. Due to its dubious proliferation methods, it is categorized as a Potentially Unwanted Application (PUA).

The PC Power has a promotional website, from which a trial version can be downloaded free of charge and the full version purchased, however, it can also be inadvertently installed together with other programs. This deceptive marketing tactic of pre-packing regular software with unwanted content is called "bundling".

What is Derp?

Derp is malicious software categorized as ransomware. Derp is a part of a ransomware family called Djvu. Like most programs of this type, it encrypts files so that victims cannot access or use them unless they pay ransoms to cyber criminals. Furthermore, Derp renames all encrypted files by changing their extensions to ".derp".

For example, "1.jpg" becomes "1.jpg.derp". It also creates a text files named "_readme.txt" and stores a copy in every folder that contains encrypted data.

What is DynamicPanel?

DynamicPanel is an app categorized as adware. It supposedly allows easy web browsing, however, it actually feeds users with intrusive advertisements. It also operates as an information tracking tool, recording details relating to users' browsing habits and other information.

Most people download and install apps such as DynamicPanel unintentionally and, for this reason, they are also known as potentially unwanted applications (PUAs).

What is Safe ransomware?

Safe is a new variant of Paradise ransomware. It operates by encrypting data and demanding ransom payments for decryption. When encryption is underway, all files are appended with a unique ID number (generated individually for each victim), the developer's email address, and ".safe" extension (format: "[id-[victim's_ID]].[opensafezona@cock.li].safe").

For example, "1.jpg" might be renamed to a filename such as "1.jpg[id-UZMv97Qb].[opensafezona@cock.li].safe", and so on for all encrypted files. Once this process is complete, an HTML file named "=_BACK_FILES_~.html" is created and stored on the desktop.

What is tencecatche[.]info?

People who arrive at tencecatche[.]info are presented with dubious content or redirected to other untrustworthy websites. This site operates in a similar manner to many other rogue sites including, for example, robotornotchecks[.]online, zwenews[.]biz, and vikolidoskopinsk[.]info.

In most cases, the sites are opened by potentially unwanted applications (PUAs) that are installed on browsers. Therefore, people do not generally open websites such as tencecatche[.]info intentionally. Furthermore, PUAs commonly feed users with unwanted advertisements and gather data. Note that many users download and install PUAs inadvertently.

What kind of malware is Kronos?

Kronos is malicious software and a new variant of Ouroboros ransomware. It is designed to encrypt data and demand ransom payments for its recovery (i.e., payment for decryption tools/software).

During the encryption process, all files are appended with the ransomware developer's email address, victim's unique ID number, and ".KRONOS" extension (format: ".Email=[luciferenc@tutanota.com]ID=[victim's_ID].KRONOS").

Therefore, "1.jpg might be renamed to a filename such as "1.jpg.Email=[luciferenc@tutanota.com]ID=[ALEohfnsVHCbRp8].KRONOS". Once this process is complete, a text file called "HowToDecrypt.txt" is stored in every affected folder.

What is Coot?

Coot is one of many malicious programs that belong to the Djvu ransomware family. Ransomware is a form of software that blocks access to data by encryption. Victims who have files encrypted by ransomware cannot regain access unless they decode them with a decryption tool and/or key.

To obtain these tools/keys, victims are encouraged to pay a ransom to cyber criminals. Instructions about how to decrypt files encrypted by Coot can be found in a text file named "_readme.txt".

Coot places this file in folders that contain locked files. Furthermore, this ransomware renames each encrypted file by adding the ".coot" extension to the filename. For example, "1.jpg" becomes "1.jpg.coot".

What is BitSecure AV?

BitSecure AV is advertised as antivirus software that includes additional features such as a firewall, disk cleaner, startup items manager, and PC tuner.

In fact, this program is categorized as a potentially unwanted application (PUA), since developers distribute it through the set-ups of other programs (they include BitSecure AV as an additional offer). People often download and install software of this type unintentionally.

What is ForwardOpen?

ForwardOpen is yet another adware-type application endorsed as tool that improves the browsing experience by providing fast searches, accurate search results, and similar. This app operates by running intrusive advertisement campaigns (it displays unwanted, annoying, and even harmful ads).

Furthermore, adware often has data tracking capabilities. Due to the dubious ways ForwardOpen is proliferated, it is categorized as a Potentially Unwanted Application (PUA).