Virus and Spyware Removal Guides, uninstall instructions

What is likemyculture[.]info?

likemyculture[.]info is a rogue website that shares many similarities with checking-your-browser.com, goodmedia.me, loostnews.biz, and many others. The purpose of this site is to redirect users to other rogue websites and feed them with dubious content.

Websites such as likemyculture[.]info are typically visited unintentionally - users are redirected by potentially unwanted applications (PUAs) or intrusive ads delivered by other rogue sites. PUAs infiltrate computers without users' consent and cause unwanted redirects. They also deliver intrusive advertisements and gather information relating to web browsing activity.

What is Masok?

Discovered by Michael Gillespie, Masok is a ransomware-type program that belongs to the Djvu family. The cyber criminals who designed Masok spread it to make money from unsuspecting people who cannot access their files due to encryption by this ransomware.

To decrypt their files, victims are encouraged to purchase a decryption tool and key. Masok modifies the extension of each encrypted file by changing it to ".masok". For example, "1.jpg" becomes "1.jpg.masok". Instructions about how to pay the ransom (and contact Masok developers) are provided in the "_readme.txt" text file.

What is dingboronhartal[.]pro?

Identical to ernorvious.com, clckworld.club, dreamteammyfriend.com, and many others, dingboronhartal[.]pro is a rogue website designed to feed users with dubious content and redirect them to other rogue sites.

Most visitors arrive at dingboronhartal[.]pro inadvertently - they are redirected by potentially unwanted applications (PUAs) or intrusive ads that people click on untrustworthy sites. PUAs infiltrate computers without users’ permission. Following infiltration, they cause redirects, generate intrusive advertisements, and redirect to rogue websites.

What is MyOfficeX?

MyOfficeX supposedly allows users to access an online office, which includes free processing of Word files, spreadsheets, and presentations. In fact, research shows that this app is a browser hijacker and a potentially unwanted application (PUA). Frequently, people download and install PUAs inadvertently.

Like most browser hijackers, MyOfficeX promotes a dubious search engine (in this case, services.myofficex-svc.org) by changing browser settings and collecting various data relating to users' browsing activities.

What is free-coupons[.]network?

free-coupons[.]network is one of many rogue websites designed to feed users with dubious content and redirect them to other rogue sites. It is virtually identical to goodmedia.me, seplumming.pro, checking-your-browser.com, and many others.

Many users visit this site inadvertently, as they are redirected by potentially unwanted applications (PUAs) or intrusive ads generated by other rogue sites. PUAs often infiltrate computers without users' consent and, as well as causing redirects, deliver intrusive advertisements and gather sensitive data.

What is ERIS RANSOMWARE v2?

As its name suggests, ERIS RANSOMWARE v2 it is a new version of Eris ransomware. Cyber criminals proliferate it to extort money from people by forcing them to pay ransoms. These programs lock (encrypt) files and prevent access unless a ransom is paid.

This version of Eris creates a text file (ransom message) and renames all encrypted files by adding a random extension such as ".OBIDC". For example, "1.jpg" might be renamed to "1.jpg.OBIDC". The name of the text file/ransom message is "HELP-random characters" and, in our example, is called "HELP-OBIDC".

What is optimalsearch.me?

Identical to searchitnow.info and searchmarquis.com, optimalsearch.me is a fake search engine that supposedly enhances the browsing experience by generating improved results. In fact, this site is promoted using rogue downloaders/installers designed to modify browser settings without users' permission (browser hijackers). Additionally, optimalsearch.me gathers data relating to browsing habits.

What is Junior?

Discovered by Jakub Kroustek, Junior is the name of a new version of Paradise ransomware. Like many other programs of this type, Junior encrypts data and encourages victims to pay a ransom.

It creates a ransom message within an HTML file called "%= RETURN FILES =&.html" and renames locked filenames by adding an email address, a unique victim ID, and the ".junior" extension. For example, Junior renames "1.jpg" to "1.jpg.id-Q7T4L8ZL].[mr.yoba@aol.com].junior".

What is Brusaf?

Brusaf is one of many ransomware-type infections from the Djvu ransomware family. As with most of these infections, Brusaf was discovered by Michael Gillespie. The purpose of Brusaf is to stealthily infiltrate computers and encrypt most stored files, thereby rendering them unusable.

During encryption, Brusaf appends each filename with the ".brusaf" extension (hence its name). For example, "sample.jpg" is renamed to "sample.jpg.brusaf". Additionally, Brusaf generates a text file named "_readme.txt" and stores copies in most existing folders.

What is ScreenSaver?

Identical to ScreenCapture.app, Spaces.app, and a number of others, ScreenSaver (also known as ScreenSaver.app) is a potentially unwanted application (PUA) and software categorized as adware. This particular app is designed to promote a dubious website (searchbaron.com), which is a fake search engine.

This search engine redirects users to bing.com using the Amazon AWS service. Typically, people download and install apps such as ScreenSaver unintentionally. When installed, most adware-type apps feed users with annoying, intrusive ads and gather data about browsing habits.