Virus and Spyware Removal Guides, uninstall instructions

What is Badday?

Discovered by dnwls0719, Badday is malicious software belonging to the Globeimposter ransomware family. This ransomware encrypts data and keeps it locked, unless a ransom is paid (i.e., the decryption tool/software is purchased). During the encryption progress, Badday renames files with the ".badday" extension.

Therefore, "1.jpg" is renamed to "1.jpg.badday". Once the process is complete, this malicious program creates an HTML file called "how_to_back_files.html" and stores it on the victim's desktop. The file contains the ransom message.

What is Galacti-Crypter?

Galacti-Crypter (GalactiCrypter) ransomware was discovered by MalwareHunterTeam. This is a malicious program that renders victims' files inaccessible by encoding them with a strong encryption algorithm. It displays a ransom message in a pop-up window and renames all files by adding a string of random characters to their filenames (such as "ENCx45cR").

For example, a file named "1.jpg" might be renamed to "ENCx45cR1.jpg.". Typically, it is impossible to decrypt files without specific tools that can be purchased only from cyber criminals who designed the ransomware.

What is CoordinatorPlus?

CoordinatorPlus is promoted as a useful tool for enhancing the browsing experience. It is supposedly capable of providing fast searches, accurate search results and similar. In fact, this app is adware. Adware-type applications run intrusive advertisement campaigns.

I.e., they display various unwanted ads. CoordinatorPlus is also categorized as a potentially unwanted application (PUA), since most users install it unintentionally. Note also that most adware is capable of tracking private data.

What is WindowMode?

WindowMode is endorsed as an application capable of enhancing the browsing experience (e.g. providing fast searches, accurate search results, and similar). In fact, it is classified as adware, since it displays unwanted advertisements. WindowMode is also classed as a potentially unwanted application (PUA), as most users install this app inadvertently (i.e., they are tricked).

Most adware-type applications also have data tracking capabilities, which they employ to record users' browsing activity, consequently collecting their personal information.

What is Local?

Local ransomware is a type of software designed to lock victims' files (by encryption) and deny access to them unless a ransom is paid. I.e., to decrypt data, victims must purchase a tool from the cyber criminals who designed the ransomware. Local is a part of the Scarab ransomware family and was discovered by dnwls0719.

This ransomware renames all encrypted files by adding the ".local" extension to filenames. For example, "1.jpg" becomes "1.jpg.local". Additionally, it creates a ransom message in the "HOW TO RECOVER ENCRYPTED FILES.TXT" text file.

What is searchtown.net?

searchtown.net is a fake search engine promoted through a potentially unwanted application (PUA), a browser hijacker called Patriot PDF Converter.

Generally, browser hijackers promote fake search engines by changing browser settings. Additionally, these PUAs are often designed to gather information relating to users. In most cases, people download and install browser hijackers and other PUAs unintentionally.

What is WorkDefault?

The WorkDefault app supposedly enhances the browsing experience (provides fast searches, accurate search results, etc.), however, it is actually software that is categorized as adware. Typically, apps of this type serve unwanted advertisements and, in some cases, also gather information relating to users' browsing habits.

Note that adware-type apps are potentially unwanted applications (PUAs) that most people download and install inadvertently.

What is "Dear Chrome User, Congratulations!"?

"Dear Chrome User, Congratulations!" is a deceptive message delivered by various rogue websites. Research shows that many visitors arrive at the "Dear Chrome User, Congratulations!" website inadvertently - they are redirected by potentially unwanted applications (PUAs) or intrusive advertisements delivered by other rogue sites.

Be aware that many PUAs infiltrate systems without permission and, as well as causing redirects, deploy intrusive advertisements and gather sensitive information.

What is ServiceLegacy?

ServiceLegacy is a potentially unwanted application (PUA) classified as adware. Adware is software that serves users with various advertisements.

In some cases, apps of this type collect information relating to users. ServiceLegacy supposedly provides fast searches, accurate results, and other features that enhance the browsing experience. Generally, people download and/or install adware (and other PUAs) inadvertently/accidentally.

What is dsruseedsdreed[.]com?

dsruseedsdreed[.]com is one of many rogue websites available online. It shares similarities with muchinspardorop.info, mega-deals.mobi, vinuser.biz, and thousands of others. These sites operate by presenting users with dubious content and generating redirects to other untrustworthy/malicious websites.

Few users enter dsruseedsdreed[.]com intentionally - most are redirected by intrusive advertisements or potentially unwanted applications (PUAs) already present within the system. Note that these apps do not need explicit user consent to be installed onto devices.

Once successfully infiltrated, PUAs cause redirects, deliver intrusive ad campaigns, and gather information relating to users' browsing activity.