Virus and Spyware Removal Guides, uninstall instructions

What is Koobface?

Koobface is high-risk trojan/worm that stealthily infiltrates computers and performs a number of malicious tasks.

This virus is distributed in various ways, including social engineering (spam email campaigns, private messaging in social networks), malicious websites, unofficial software download websites, fake software updaters, and so on. This malware can cause significant damage.

What is hp.myway.com?

GardeningEnthusiast is a browser app that supposedly provides users with hundreds of free gardening hints and tips. It is just one of many apps created by Mindspark Interactive Network Inc. In fact, GardeningEnthusiast is a potentially unwanted application (PUA), a browser hijacker.

Typically, people download and install apps of this type unintentionally. Once installed, they promote dubious (fake) search engines by changing browser settings. In this case, GardeningEnthusiast promotes the hp.myway.com search engine.

What is "Managing Director Email Virus"?

"Managing Director Email Virus" is a scam that cyber criminals proliferate using a spam campaign. They send emails to many people hoping that a percentage of them will open the attached files. The attachment is an MS Office Word (.doc) file that uses an RTF (Rich Text Format) exploit.

In summary, this document downloads and installs HawkEye, a keystroke logger. Having this malicious program installed can cause serious problems, Therefore, do not open the attachment included in the "Managing Director Email Virus" email.

What is Virus-encoder?

Virus-encoder (also known as GetCrypt) is the name of ransomware-type program that is designed by cyber criminals. They use programs of this type to encrypt files stored on people's computers and to keep them encrypted (locked) unless a decryption tool is purchased (ransom is paid).

Virus-encoder was discovered by GrujaRS, this ransomware mimics another program of this type which is called Cerber. It creates a text file (ransom note) named "# DECRYPT MY FILES #.txt" and renames all encrypted files by adding an extension that contains four random letters.

For example, if a file is named "1.jpg", then Virus-encoder will change it to "1.jpg.ELSH" and so on. This ransomware also changes its victim's desktop wallpaper. Once installed, it also runs a malicious process in the Task Manager, it is named "Tky If Dos".

What is easyziptab.com?

easyziptab.com is a fake Internet search engine that, according to the developers, enhances the web browsing experience by generating improved results and providing quick access to a number of popular sites (Twitter, Facebook, YouTube, etc.)

Judging on appearance alone, easyziptab.com may appear legitimate, however, this site is promoted using a browser-hijacking app called EazyZip, which claims to provide file compression functionality. Furthermore, easyziptab.com and EazyZip collect various sensitive information relating to web browsing activity.

What is knowwoow[.]com?

knowwoow[.]com is a rogue website designed to deliver dubious content and redirect users to other rogue sites. It is very similar to tinhowsinutha.pro, androponhowrow.info, feenotifyfriends.info, and hundreds of other untrustworthy sites.

As with these examples, many users visit knowwoow[.]com inadvertently - they are redirected by potentially unwanted applications (PUAs) and intrusive ads displayed on various dubious sites. PUAs are notorious for infiltrating computers without users' consent. These applications cause unwanted redirects, generate advertisements, and record sensitive data.

What is Ferosas?

Ferosas is a ransomware-type program that encrypts data and forces victims to pay a ransom (purchase a decryption tool/key from the cyber criminals who designed it). This malicious program belongs to the Djvu ransomware family and was discovered by Michael Gillespie.

Ferosas modifies the names of encrypted files by adding the ".ferosas" extension (i.e., "1.jpg" becomes "1.jpg.ferosas") and stores a ransom message (within the "_readme.txt" file) in folders that contain encrypted data.

What is hanstrackr[.]com?

hanstrackr[.]com is a rogue website promoted via various rogue plug-ins. In fact, criminals also promote this site by hijacking legitimate plug-ins and injecting them with malicious code.

Therefore, developers continually encounter redirects to hanstrackr[.]com whenever a malicious/compromised plug-in is installed and enabled. Furthermore, this site delivers dubious content and uses the visitor's computer to mine cryptocurrency.

What is fmovies[.]to?

The fmovies[.]to website allows users to watch high-quality movies online free of charge. It states that they can be watched without any annoying advertisements. This information might be accurate, however, fmovies[.]to uses rogue ad networks that deploy various pop-up ads.

In summary, this page displays ads, redirects to untrustworthy websites, and might also cause unwanted installations.

What is search.yourmapsnow.com?

Your Maps Now is a deceptive application identical to My Maps XP, My Coupons XP, My Weather XP, and number of other potentially unwanted programs (PUPs). This application supposedly provides functions for online maps and Internet searches - "Easily search maps and satelite images, and instantly get map driving directions." 

These false claims to deliver 'useful' functionality often trick users into believing that Your Maps Now is a legitimate app. Be aware, however, that this app infiltrates systems without users’ permission. In addition, Your Maps Now modify browser settings, displays intrusive online advertisements, and continually tracks Internet browsing activity.