Virus and Spyware Removal Guides, uninstall instructions

What is Search Plus?

Search Plus (also known as Get Search Plus) is a rogue application, which is advertised as a tool designed to improve the browsing experience by supposedly allowing users to manage their web searches. In fact, it operates as a browser hijacker and modifies browsers to promote search.hsearchplus.co (a fake search engine).

Furthermore, Search Plus monitors users' browsing habits and collects their personal information. Since most users install this app inadvertently, it is categorized as a Potentially Unwanted Application (PUA). It is often distributed with another PUA called Hide My Searches.

What is lodder1[.]biz?

lodder1[.]biz is the address of a rogue website that, once visited, opens a number of other untrustworthy web pages or loads dubious content. There are many websites such as lodder1[.]biz on the internet. Some examples are worldmylife[.]info, balanceformoon[.]com and mediazone[.]mobi.

They are commonly opened by potentially unwanted applications (PUAs) installed on the browser or operating system. These apps usually gather browsing data and/or display intrusive advertisements.

What is Online TV Streamer?

Online TV Streamer is a rogue application promoted as a tool for easy access to various TV streaming services. It supposedly also provides quick access to movie and live sports streaming websites.

In fact, Online TV Streamer is classified as a browser hijacker, due to the modifications it makes to browsers to promote search.watchonlinestreamsnowtab.com, a fake search engine. It also has data tracking capabilities, which are employed to gather browsing-related information.

Due to its dubious proliferation methods (most users install this app unintentionally), it is categorized as a Potentially Unwanted Application (PUA).

What is TV Streaming Online?

TV Streaming Online is one of many applications that gather browsing data and promote a fake search engine (in this case, search.watch-tvlivetab.com) by changing browser settings.

Apps of this type are classed as browser hijackers and potentially unwanted applications (PUAs), since people usually download and install them unintentionally. Research shows that TV Streaming Online is installed together with Hide My Searches (another PUA).

What is Directions and Maps Now?

Directions and Maps Now is a potentially unwanted application (PUA), a browser hijacker designed to provide free maps and directions.

In fact, this app promotes a fake search engine (search.directionsandmapsnowtab.com) and gathers information relating to users' browsing habits. Directions and Maps Now is distributed and installed together with another PUA called Hide My Searches.

What is fineplayerreliablenew[.]best?

When visited, fineplayerreliablenew[.]best displays pop-up windows suggesting that Adobe Flash Player is out of date.

This website attempts to trick people into downloading and opening/executing the installer of a potentially unwanted application (PUA) such as a browser hijacker, adware-type app or even malicious software like a Trojan, ransomware, or other high-risk malware.

We strongly advise against downloading anything from fineplayerreliablenew[.]best or other unofficial websites that offer to update Adobe Flash Player (or other legitimate software).

What is skolk[.]pro?

In most cases, browsers open websites such as skolk[.]pro due to potentially unwanted applications (PUAs) installed on the browser and/or operating system. These websites are not generally opened intentionally. When visited, however, they load dubious content or redirect people to other untrustworthy web pages.

Some examples of other websites similar to skolk[.]pro are balanceformoon[.]com, mediazone[.]mobi and toobotnews[.]biz. Most PUAs open untrustworthy websites, collect information relating to users' browsing activity and/or serve intrusive advertisements.

What is "There is a new Codec Pack version"?

"There is a new Codec Pack version" is a scam run by deceptive websites. By claiming that Adobe Flash Player might be outdated, the scheme attempts to trick users into downloading/installing a fake software updater. Rogue updates are used to spread a wide variety of untrustworthy and even malicious content.

For example, various Potentially Unwanted Applications (PUAs) such as adware and browser hijackers, and malware including ransomware, trojans, etc.

The researched sample (promoted via "There is a new Codec Pack version") installed MyCouponsmart adware and the SearchMine browser hijacker, however, it might also be "bundled" with other, additional PUAs and/or malicious software.

Most visits to deceptive/scam websites occur through redirects caused by intrusive advertisements or PUAs already infiltrated into the system.

What is Adair?

Adair is part of the Phobos ransomware family. Like most programs of this type, Adair encrypts files, changes filenames and provides victims with instructions about how to contact the developers. This ransomware renames each file by adding the victim's ID, developers's email address and appending the ".Adair" extension to filenames.

For example, it renames "1.jpg" to a filename similar to "1.jpg.id[1E857D00-2261].[kusachi@cock.li].Adair", and so on. It also provides two ransom message: one in a text file named "info.txt" and the other in a pop-up window, which is launched through the "info.hta" file. Other variants of this ransomware use the ".[decryptbox@airmail.cc].Adair" extension for encrypted files.

What is Removeme2020?

Discovered by malware researcher, Raby, Removeme2020 is a malicious program belonging to the GlobeImposter ransomware family. This ransomware operates by encrypting data and demanding ransom payments for decryption. When Removeme2020 encrypts, files are appended with the ".locker" extension.

For example, "1.jpg" would appear as "1.jpg.locker" following encryption. After this process is finished, an HTML file ("how_to_back_files.html") containing the ransom message is stored on the desktop.