Virus and Spyware Removal Guides, uninstall instructions

What is "AMEX Email Scam"?

"AMEX Email Scam" is a spam campaign (a scam) that cyber criminals use to trick people into divulging various personal details (credit card details and other sensitive information). Trusting this email message might cause serious financial loss and privacy problems. We strongly Advise that you do not provide any details requested in the website form.

What is search.hquickemailaccess.co?

search.hquickemailaccess.co is a fake search engine and we advise that you do not use it under any circumstances. Developers promote the site using a browser hijacker, a potentially unwanted application (PUA) called Quick Email Access. This PUA supposedly allows users to login to their email accounts in just a few clicks.

For some people, this may seem to be a useful tool, however, PUAs record user-information to track browsing activity and adjust browser settings. Furthermore, most users install browser hijackers inadvertently without their permission. Quick Email Access browser hijacker is also known for promoting search.haccessmyemail.co (hp.haccessmyemail.co) browser hijacker.

What is search.fastpackagetracker.co?

The Internet is packed with many dubious fake search engines. The search.fastpackagetracker.co site is just one example. They are often promoted using potentially unwanted applications (PUAs).

In this case, search.fastpackagetracker.co is promoted through a browser hijacker called Fast Package Tracker (which is also used to promote another fake search engine, search.hfasttrackerpackage.net). This PUA is presented as a useful tool to track delivery of packages directly from the browser.

This may seem to be a useful tool, however, people usually install these apps unintentionally. Furthermore, once installed, browser hijackers change browser settings and gather user-system information.

What is mapsnow.co?

mapsnow.co is one of many fake search engines that supposedly provides better, faster results or an improved browsing experience. The site is promoted by developers as a legitimate and useful via an app called Maps Now, which supposedly allows users to find the fastest routes to their destinations.

In fact, this application is categorized as a potentially unwanted app (PUA), a browser hijacker. Apps of this type usually modify browser settings and record information relating to users' browsing habits.

What is internet-start.net?

internet-start.net is an untrustworthy fake search engine and very similar to ciantel.com, initdex.com, defendsearch.com, and a number of others. Although it is supposedly capable of providing an enhanced browsing experience, improved search results, faster searches, and other advantages, it also collects user-system information.

Furthermore, developers promote this site through rogue apps (browser hijackers) that modify browser settings.

What is funkystreams.com?

funkystreams.com is a fake search engine that is very similar to many others this type including ciantel.com, initdex.com, and defendsearch.com.

This is supposedly a useful site that provides faster searches, more accurate search results, and so on. In fact, the main purpose of these fake search engines is to collect browsing-related information. Furthermore, funkystreams.com is promoted using rogue downloaders and installers that modify browser settings.

What is CMG?

CMG is a malicious program that is categorized as ransomware. Developers (cyber criminals) use it to blackmail people by encrypting data and making ransom demands. Once data is encrypted, it cannot be accessed or used.

Note that CMG is a computer infection that belongs to the GlobeImposter ransomware family and was discovered by Michael Gillespie. It adds the ".{CALLMEGOAT@PROTONMAIL.COM}CMG" extension to every encrypted file. For example, "1.jpg" becomes "1.jpg.{CALLMEGOAT@PROTONMAIL.COM}CMG".

It also generates a ransom message within the "decrypt_files.html" HTML file, which can be found in all folders containing encrypted files.

What is L1LL?

L1LL is another ransomware-type virus discovered by Michael Gillespie. After successfully infiltrating the system, L1LL encrypts most stored data and appends filenames with the ".L1LL" extension (e.g., "sample.jpg" is renamed to "sample.jpg.L1LL"). Encrypted data immediately becomes unusable.

Following successful encryption, L1LL generates a text file ("help.txt") and places a copy in every existing folder.

What is Prus?

First discovered by malware security researcher, Michael Gillespie, Prus is a ransomware-type virus that belongs to the Rotor malware family. After successful infiltration, Prus encrypts stored data using the AES-128 and RSA-2048 encryption algorithms. In addition, it appends each filename with the developer's email address and ".prus" extension.

For example, "sample.jpg" becomes "sample.jpg!!!!       prusa@rape.lol    !!!.prus". Encrypted data immediately becomes unusable. Following successful encryption, Prus places a text file ("informprus.txt") in every folder containing encrypted files.

What is searchpage.com?

Developers claim that the Kittens new tab app allows users to search and access their bookmarks and applications using a customized homepage/search engine. Using this app, is possible to change the background image by choosing from over 30 HD pictures.

 Kittens is presented as a useful application with various features, however, it is classified as a browser hijacker, a potentially unwanted application (PUA).

Most people download and install apps of this type unintentionally. Furthermore, Kittens new tab promotes a dubious (fake) search engine, searchpage.com. It also changes browser settings and collects information relating to users' browsing habits.