Virus and Spyware Removal Guides, uninstall instructions

What is 123movies?

123movies offers a TV and movie streaming service, however, developers do this illegally. Another problem with this web page is that it uses rogue advertising networks. Untrustworthy ads are displayed on the website, which redirects to other dubious, deceptive sites. We advise against using 123movies and its services. Also avoid visiting other sites of this kind.

What is converto[.]io?

The converto[.]io website offers features to download videos from YouTube and save them in .mp3 or .mp4 formats.

This is a typical YouTube video downloader/converter, however, note that it is illegal to download videos from YouTube. Additionally, this site uses rogue advertising networks and thus contains unwanted advertisements and causes redirects to other dubious web pages.

What is mp3-youtube[.]download?

mp3-youtube[.]download is presented as a simple and fast YouTube downloader and converter. Additionally, it is capable of downloading and converting videos from Facebook, Instagram, audio from Soundcloud, and so on. Note that it is illegal to download videos from YouTube and, furthermore, the mp3-youtube[.]download website uses rogue advertising networks.

What is checking-in-progress[.]com?

Similar to ciessimple.pro, miresnahapsi.pro, storynnews.com, and many others, checking-in-progress[.]com is a rogue website designed to feed users with potentially malicious content and redirect them to other dubious/dubious sites.

Visitors typically end up visiting checking-in-progress[.]com inadvertently, since they are redirected by potentially unwanted applications (PUAs) or intrusive advertisements displayed on other rogue sites. PUAs infiltrate computers without users' consent. As well as causing redirects, they also deliver intrusive ads and gather information.

What is Coinmoney?

Coinmoney is a ransomware infection written in the Go (Golang) programming language. This malicious program was discovered by A Shadow and infects computers through a Python extension called py2exe, which converts Python scripts into MS Windows executables. When executed, these spread Coinmoney via a LAN with the EternalBlue exploit.

When infected with Coinmoney, all files on the system become encrypted. Furthermore, it renames all files by appending the ".locked" extension to filenames. For example, "1.jpg" becomes "1.jpg.locked". The ransom message appears within an HTML file called "README.html".

What is searchinggood.com?

searchinggood.com is a fake search engine that, according to the developers, enhances the browsing experience by generating the most relevant results. On initial inspection, searchinggood.com may seem legitimate and useful, however, developers promote this website using browser-hijacking download/installation set-ups. Furthermore, the site monitors browsing activity.

What is sinentoldrewhap[.]pro?

sinentoldrewhap[.]pro is very similar to redtext[.]biz, ciessimple[.]pro, storynnews[.]com and many other rogue sites that redirect visitors to untrustworthy, potentially malicious websites or display dubious content.

In most cases, people visit sinentoldrewhap[.]pro inadvertently, since they are redirected by potentially unwanted applications (PUAs) or through clicked intrusive advertisements. Generally, people download and install these apps by accident. After installation, they cause redirects to dubious web pages, collect sensitive browsing data, and feed users with intrusive ads.

What is Nusar?

First discovered by malware researcher Michael Gillespie, Nusar is yet another ransomware infection from the Djvu family. After successful infiltration, Nusar encrypts stored data and appends filenames with the ".nusar" extension. For example, "sample.jpg" is renamed to "sample.jpg.nusar".

Following successful encryption, Nusar generates a text file called "_readme.txt", which contains a ransom-demand message.

What is FreezedByWizard?

Discovered by Petrovic, FreezedByWizard is one of many programs categorized as ransomware. Computers are infected with FreezedByWizard when users open a malicious PowerShell script file, which then starts encrypting files. During encryption, this ransomware appends file extensions with ".Freezing" (e.g., "1.jpg" becomes "1.jpg.Freezing").

When encryption is finished, the file extension is changed by applying ".FreezedByWizard" (e.g., "1.jpg.Freezing" becomes "1.jpg.FreezedByWizard").

Furthermore, if a file is being used by a process, this ransomware terminates that process. Another detail specific to FreezedByWizard is that it creates a ransom message within a text file called ".FreezedByMagic.README.txt" and stores it on the desktop.

What is go-search.me?

According to the developers, go-search.me is a legitimate web search engine that significantly enhances the browsing experience by generating improved results. It is very similar to g-search.pro and judging on appearance alone, go-search.me barely differs from Google, Yahoo, Bing, and other legitimate search engine.

Therefore, many users believe that go-search.me is also legitimate and useful. In fact, developers promote this site using rogue download/installation tools designed to modify web browser options without permission. Furthermore, go-search.me continually gathers various data relating to web browsing activity.