Virus and Spyware Removal Guides, uninstall instructions

What is search.hearthandsatellitemaps.com?

search.hearthandsatellitemaps.com is a fake search engine that supposedly provides faster searches, more accurate results, and so on. In fact, it is promoted using a browser hijacker, a potentially unwanted application (PUA) called Earth And Satellite Maps. Like most apps of this type, it modifies browser settings and gathers user-system information.

What is WannaOof?

Discovered by MalwareHunterTeam, WannaOof is a ransomware-type program that is designed to encrypt files stored on the victim's computer. Unlike most programs of this type, however, it is simply prank ransomware and developers demand no ransom payments.

When a computer is infected with WannaOof, all encrypted files are renamed by adding the ".oof" extension (for example, "1.jpg" is renamed to "1.jpg.oof"). It also enables a pop-up window and changes the victim's desktop wallpaper.

What is Kovter?

Kovter (also known as Trojan.Kovter, Trojan:Win32/Kovter, and Trojan.Kovter.297) is an adware-type trojan designed to generate traffic for various websites. Research shows that Kovter is typically proliferated using malicious Microsoft Office attachments (which are distributed using spam email campaigns) and another trojan.

What is PUP.Optional.Legacy?

PUP.Optional.Legacy is a generic detection name used by anti-virus and anti-spyware suites for PUPs (Potentially Unwanted Programs). 

The name might vary on different programs - in our example, it is the Malwarebytes version. It indicates that the installed security suite has detected some potentially unwanted applications/programs installed on the computer or browser. Apps of this type are usually browser hijackers, adware, and so on.

What kind of malware is MegaCortex?

Ransomware is software that encrypts files stored on a computer and keeps them inaccessible unless a ransom is paid. MegaCortex is one of these programs and was discovered by Michael Gillespie. It also renames all encrypted files by adding the ".aes128ctr" extension.

For example, "1.jpg" becomes "1.jpg.aes128ctr". Additionally, MegaCortex creates a ransom message within the "!!!_READ_ME_!!!.txt" file and places it in folders that contain encrypted files.

What is Video?

'Video' is the name of a ransomware-type program that cyber criminals use to encrypt files and force people to pay ransoms. Video belongs to the Dharma ransomware family and was discovered by Jakub Kroustek.

Like most programs of this type, it renames encrypted files by adding its own extension, in this case, the ".video" extension that includes a unique victim ID and the Video developer's email address.

For example, Video might rename a file called "1.jpg" to "1.jpg.id-1E857D00.[tetty86@cock.li].video". It also displays a pop-up window with instructions and creates a ransom message in a text file called "FILES ENCRYPTED.txt".

What is Roldat?

First discovered by malware researcher, Michael Gillespie and Belonging to the Djvu ransomware family, Roldat is high-risk file-compromising malware. After successful infiltration, Roldat encrypts most stored files, thereby making them unusable. Additionally, Roldat appends each filename with the ".roldat" extension.

For instance, "sample.jpg" is renamed to "sample.jpg.roldat". Once encryption is complete, Roldat generates a text file ("_readme.txt") and places a copy in every existing folder. This file contains a ransom-demand message.

What is Qbit Speedup Pro?

According to Qbit Speedup Pro's developers, this app (also known as Qbit-Speedup-Pro) cleans, optimizes and improves the performance of computers.

Its purpose is to make computers run faster and more smoothly without errors, however, it is also classified as a potentially unwanted application (PUA), since developers promote it by bundling it with other software set-ups. Therefore, people often download and install this app unintentionally.

What is watch-this[.]live?

watch-this[.]live is one of many rogue websites that cause redirects to other dubious, untrustworthy sites. It is virtually identical to a number of other websites of this type such as oraronerethet[.]info, newchannel[.]club, and hatnofort[.]com.

In most cases, people are forced to visit the site by potentially unwanted applications (PUAs) that they have unintentionally installed on their computers (browsers). PUAs deliver intrusive ads and gather data relating to users' browsing habits.

What is enheprenropher.info?

enheprenropher[.]info is a typical rogue website that redirects to other untrustworthy sites or displays dubious content. Generally, people visit this site inadvertently due to potentially unwanted apps (PUAs) installed on their systems.

Many PUAs cause unwanted redirects, deploy intrusive ads, and gather browsing-related data. Other websites similar to enheprenropher[.]info include oraronerethet[.]info, newchannel[.]club, and hatnofort[.]com.