Virus and Spyware Removal Guides, uninstall instructions

What is Azero?

First discovered by malware security researcher, Jakub Kroustek, Azero is yet another ransomware infection that belongs to the Dharma malware family. As with other variants of Dharma, Azero encrypts stored files and appends filenames with the ".azero" extension plus the cyber criminal's email address and victim's unique ID.

For instance, "sample.jpg" might be renamed to a filename such as "sample.jpg.id-1E857D00.[cryptor55@cock.li].azero". This malware is also designed to open a pop-up window and store a text file ("FILES ENCRYPTED.txt") on the desktop.

What kind of malware is ETH?

First discovered by malware security researcher, Jakub Kroustek, ETH is a new variant of a high-risk ransomware infection called Dharma. After successful infiltration, ETH encrypts most stored files and appends filenames with the ".ETH" extension plus the developer's email address and victim's ID.

For example, "sample.jpg" might be renamed to "sample.jpg.id-1E857D00.[helpfilerestore@india.com].ETH". Once data is encrypted, ETH generates a text file ("FILES ENCRYPTED.txt"), which is placed on the desktop, and opens a pop-up window. Updated variants of this ransomware use ".[datasafe@cock.li].ETH" extension for encrypted files.

What is Ursnif?

Ursnif (also known as Gozi, IFSB or Dreambot) is high-risk trojan-type virus designed to record various sensitive information. This virus typically infiltrates systems without permission, since developers proliferate it using spam email campaigns (e.g., "TicketSales Email Virus", "Swisscom Email Virus", etc.) and fake Adobe Flash Player updaters promoted via deceptive websites. These sites are notorious for the promotion of various adware-type applications.

What is Jimm?

Cyber criminals use Jimm ransomware to prevent victims from accessing their files by encrypting all data stored on the system. To decrypt their files, people are urged to pay a ransom (buy a decryption tool). This high-risk computer infection was discovered by Michael Gillespie and is a new variant of Snatch ransomware.

All files encrypted by Jimm are renamed by adding the ".jimm" extension. For example, "1.jpg" becomes "1.jpg.jimm". Victims should be able to find a ransom message within a text file called "Restore_JIMM_Files.txt" in each folder containing encrypted files.

What is "Osascript wants to control Safari"?

"Osascript wants to control Safari" is a fake operating system pop-up message used to trick MacOS users to allow "osascript" to control the Safari web browser. There are many adware-type apps that cause these pop-ups. Note that many users encounter this scam and it should not be trusted.

What is Golden Axe?

Golden Axe is a computer infection that was discovered by mol69 and categorized as ransomware. Cyber criminals use this infection to blackmail people: Golden Axe encrypts data stored on a computer, rendering it inaccessible unless a ransom is paid.

It creates "# instructions-X6DEV #.jpg" (a ransom message in the format of an image file), "# instructions-X6DEV #.txt" (a ransom demand text file), and "# instructions-X6DEV #.vbs" (an audio file).

These files are placed in folders that contain encrypted data. Golden Axe renames every encrypted file by adding a random extension. In our example, the ".X6DEV" extension (a random string as used in the above files). For example, "1.jpg" becomes "1.jpg.X6DEV".

What is "Smart Mac Booster"?

Smart Mac Booster is very similar to many other apps of this type, such as Auto Mac Booster, Auto Mac Speedup, and Speedup Mac Pro. This app supposedly operates as an optimization tool allowing users to find and fix various errors, clean Mac computers from unnecessary data, and improve MacOS operating system performance.

In fact, Smart Mac Booster is categorized as a potentially unwanted application (PUA) and is promoted using a deceptive (dubious) website and the "bundling" method. Thus, in many cases, people download and install this app unintentionally.

What is Klope?

Discovered by Michael Gillespie, Klope is yet another variant of high-risk ransomware called Djvu. This malware is designed to stealthily infiltrate computers and encrypt stored files. In doing so, Klope appends filenames with the ".klope" extension (for instance, "sample.jpg" is renamed to "sample.jpg.klope").

Encrypted data immediately becomes unusable. In addition to file encryption, Klope generates a text file called "_readme.txt" and places a copy in every existing folder. The new file contains a ransom-demand message.

What is search.tvnewtabsearch.com?

search.tvnewtabsearch.com is an example of the many fake search engines that can be found on the internet. It is presented as legitimate and useful, since developers offer an enhanced browsing experience, faster searches, more accurate search results, quick access to popular websites, and so on.

In fact, developers promote this site using a browser hijacker, a potentially unwanted application (PUA) called TVNewtab. Apps of this type adjust browser settings and gather various browsing-related data.

What is initdex.com?

initdex.com is one of many fake search engines that supposedly enhances the browsing experience by generating improved results and providing quick access to various popular websites.

Its appearance suggests that initdex.com is legitimate and useful, however, the site is promoted using rogue download/installation set-ups that modify browser options without users’ permission. Furthermore, initdex.com records various user-system information relating to browsing activity.