Virus and Spyware Removal Guides, uninstall instructions

What is DoctoPDF?

DoctoPDF is a browser hijacker, advertised as a tool capable of converting doc file format to PDF documents. Following successful installation, this piece of software modifies browsers in order to promote pdfsrch.com - a fake search engine. Additionally, DoctoPDF spies on users' browsing activity.

Due to this browser hijackers dubious proliferation methods, it is considered to be a PUA (Potentially Unwanted Application).

What is Image Sherpa?

Image Sherpa is a potentially unwanted application (PUA), a browser hijacker. Typically, apps of this type promote the addresses of fake search engines and gather browsing data. Image Sherpa promotes image-sherpa.com in this way. As with most browser hijackers, this app promotes the fake search engine by modifying certain browser settings to include the rogue URL.

Image Sherpa is identical to Search Sherpa, another app of this type. These apps are categorized as PUAs, since users often download and install them unintentionally.

What is Quick Forms?

Quick Forms is a rogue application categorized as a browser hijacker and endorsed as a tool for easy access to various forms websites. Quick Forms operates by altering browser settings to promote hquick-forms.com (a fake search engine). Additionally, this app has data tracking capabilities, which are employed to monitor users' browsing habits.

Due to the dubious proliferation methods used to promote Quick Forms, it is also classified as a Potentially Unwanted Application (PUA). Quick Forms is often distributed together another PUA called Hide My History.

What is mycoolsearch.com?

mycoolsearch.com is a fake search engine that does not generate unique results. Typically, these web addresses are promoted by browser hijackers, potentially unwanted applications (PUAs) that change certain browser settings. These apps are categorized as PUAs, since many users download and install them unintentionally.

Note that browser hijackers modify browser settings to promote fake search engines and also collect information relating to users' browsing habits.

What is ProstoStealer?

ProstoStealer is an information stealer, which is used to steal sensitive data and also to infect computers with additional malware. This malware could potentially inflict serious damage to the system. Therefore, if your computer is infected with ProstoStealer, eliminate this malicious software immediately.

What is Mzlq?

Mzlq is a malicious program belonging to the Djvu ransomware family. It renames all encrypted files by appending the ".mzlq" extension.

For example, it changes a file named "1.jpg" to "1.jpg.mzlq", "2.jpg" to "2.jpg.mzlq", and so on. Instructions about how to contact Mzlq's developers, cost of decryption, and other details are provided within the "_readme.txt" file. Mzlq drops this text file (containing the ransom message) in every folder that contains encrypted files.

What is Quick To Email?

Quick To Email is a browser hijacker, endorsed as a tool for easy access to email accounts. This software modifies browsers to promote quicktoemail.com (a bogus search engine). Furthermore, this browser hijacker monitors users' browsing activity. Due to its dubious proliferation methods, Quick To Email is classified as a Potentially Unwanted Application (PUA).

What is yursd.xyz?

yursd.xyz is the address of a fake search engine. These dubious web search tools are commonly promoted by rogue software, classified as browser hijackers. This promotion is performed by modifying browser settings. Additionally, most fake search engines and browser hijackers monitor users' browsing activity.

As a result of the dubious methods used to spread these apps, they are also classified as Potentially Unwanted Applications (PUAs).

What is Manuals Finder?

Manuals Finder supposedly provides quick access to various popular brand manuals, however, this app is a browser hijacker which promotes hmanualsfinder.co (a fake search engine) by changing certain browser settings. Commonly, apps of this type not only modify settings but also collect data.

People often download and install browser hijackers inadvertently and, therefore, they are categorized as potentially unwanted applications (PUAs). Note that Manuals Finder is distributed with another, similar app called Hide My History.

What is .NET (Dharma)?

Discovered by dnwls0719, .NET is a malicious program belonging to the Dharma ransomware. Systems infected with this malware experience data encryption, a situation that criminals use to demand payment for decryption.

When .NET (Dharma) ransomware encrypts, all affected files are renamed according to this pattern: original filename, unique ID, cyber criminals' email address, and the ".NET" extension. For example, a file originally named "1.jpg" would appear as something similar to "1.jpg.id-1E857D00.[neural.net@tuta.io].NET" following encryption.

After this process is complete, a pop-up window is displayed and a text file ("FILES ENCRYPTED.txt") is created.