Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is PSCrypt?

PSCrypt is a ransomware-type virus based on another malware infection called GlobeImposter. Immediately after infiltration, PSCrypt encrypts most stored files. In addition, it adds the ".docs" extension to the name of each encrypted file (for instance, "sample.jpg" is renamed to "sample.jpg.docs").

Once files are encrypted, using them becomes impossible. Immediately after compromising data, PSCrypt creates an HTML file (".docs document.html") and places a copy in every existing folder.

What is Redirecting Rogue Extension?

The Internet is full of applications/browser extensions that modify web browser settings without consent. These potentially unwanted programs (PUPs) and add-ons are categorized as browser hijackers. In most cases, these so-called browser hijackers infiltrate systems without users' consent - developers proliferate them using intrusive advertising and "bundling" methods.

What is Relieve Stress Paint?

Developers present Relieve Stress Paint as legitimate software that helps people to calm down in stressful situations. On initial inspection, Relieve Stress Paint may seem legitimate and useful, however, it is categorized as a trojan. Furthermore, Relieve Stress Paint is distributed via a rogue website (that claims to be Aol.net) and with various adware-type programs.

What is Horsia?

Horsia is newly-discovered ransomware that originates from another high-risk malware infection called Scarab. Immediately after infiltration, Horsia encrypts most stored data and appends the developer's email address ("horsia@airmail.cc") as an extension to the name of each compromised file.

For instance, "sample.jpg" is renamed to "sample.jpg.horsia@airmail.cc". Encrypted data becomes unusable. Once encryption is complete, Horsia changes the desktop wallpaper and generates a text file ("HOW TO RECOVER ENCRYPTED FILES.TXT"), placing a copy in each existing folder.

What is m.smartsrch.com?

m.smartsrch.com is a fake web search engine that supposedly enhances the browsing experience by generating improved results. Judging on appearance alone, m.smartsrch.com may seem legitimate, however, this site is promoted using a browser-hijacking application called SearchFunctions. Furthermore, it continually gathers various information relating to web browsing activity.

What is GANDCRAB 3?

Recently discovered by malware security researcher, Marcelo Rivero, GANDCRAB 3 is a new variant of high-risk ransomware called GANDCRAB V2.0. After successful system infiltration, GANDCRAB 3 encrypts most stored files and appends filenames with the ".CRAB" extension. For example, "sample.jpg" is renamed to "sample.jpg.CRAB".

Compromised data becomes unusable. Once encryption is complete, GANDCRAB 3 creates a text file ("CRAB-DECRYPT.txt") and places a copy in each existing folder. These features are inherited from a previous GANDCRAB 3 version. Unlike past versions, however, GANDCRAB 3 also changes the desktop wallpaper.

What kind of scam is "BLOCK due to Suspicious Activities"?

"BLOCK due to Suspicious Activities" is a fake pop-up error message displayed by a website that users are redirected to by potentially unwanted adware-type programs.

Adware often infiltrates systems without users' consent - developers distribute these applications using a deceptive marketing method called "bundling". As well as causing unwanted browser redirects, adware also collects various user/system information and delivers intrusive online advertisements.

What is srcbar.com?

srcbar.com is a fake web search engine identical to srch.bar By falsely claiming to generate improved results, srcbar.com often tricks users into believing that it is legitimate and useful, however, developers promote this website using a browser-hijacking app called Search Manager.

Furthermore, srcbar.com and Search Manager are designed to record information relating to users' Internet browsing activity.

What is go.pajosh.com?

go.pajosh.com is a fake web search engine identical to go.bonanzoro.com, go.zipcruncher.com, go.paradiskus.com, and many others. Its appearance barely differs from Google, Bing, Yahoo, and other legitimate search engines. Therefore, many users believe that go.pajosh.com is also legitimate and useful.

In fact, developers promote this site using a browser-hijacking application called Pajosh, which supposedly speeds up the software installation process. In addition, go.pajosh.com and Pajosh continually monitor users' Internet browsing activity.

What is go.bonanzoro.com?

go.bonanzoro.com is a fake search engine identical to go.paradiskus.com, go.zipcruncher.com, and a number of others. It supposedly enhances the browsing experience by generating improved results.

The appearance of this site barely differs from Google, Yahoo, Bing, and other legitimate search engines and, thus, many users believe that go.bonanzoro.com is also legitimate and useful. In fact, this site is promoted using a browser-hijacking application called Bonanzoro, which supposedly speeds up the software installation process.

In addition, go.bonanzoro.com and Bonanzoro continually gather information relating to users' Internet browsing activity.