Virus and Spyware Removal Guides, uninstall instructions

What is Pro Flip?

Identical to eAdvisor and Enhance Pro, Pro Flip is a rogue application that falsely claims to save time and money by providing various coupons for e-shops. Many users believe that Pro Flip is legitimate and useful, however, it is categorized as a potentially unwanted program (PUP) and adware.

This app infiltrates systems without users' permission, delivers intrusive online advertisements, and continually gathers various information relating to web browsing activity.

What is X3M?

X3M is a ransomware-type virus discovered by Jakub Kroustek. This malware is very similar to CryptON CryptoLocker ransomware. After successfully infiltrating the system, X3M encrypts files and appends filenames with the ".id-[victim’s ID]_[x3m-pro@protonmail.com]_[x3m@usa.com].x3m" extension.

For instance, "sample.jpg" is renamed to "sample.jpg.id-[victim’s ID]_[x3m-pro@protonmail.com]_[x3m@usa.com].x3m". Following successful encryption, X3M changes the desktop wallpaper and creates an HTML file ("### HOW TO DECRYPT FILES ###.html"), placing it on the desktop.

What is Zorro?

Zorro is a ransomware-type virus discovered by malware researcher, Lawrence Abrams. Once infiltrated, this malware encrypts files and appends the ".zorro" extension to the name of each compromised file. For example, "sample.jpg" is renamed to "sample.jpg.zorro".

Zorro then creates a text file ["Take_Seriously (Your saving grace).txt"], placing it on the desktop wallpaper.

What is AngleWare?

Identical to MafiaWare, AngleWare is a ransomware-type virus developed using an open-source ransomware project called Hidden Tear.

Once infiltrated, this malware encrypts files using AES-256 cryptography and  appends the ".AngleWare" extension to the name of each encrypted file (e.g., "sample.jpg" might be renamed to "sample.jpg.AngleWare"). In addition, AngleWare creates a text file ("READ_ME.txt") containing a ransom-demand message and places it on the desktop.

What is search.viewsearch.net?

Search.viewsearch.net (also known as searchword.news) is a fake Internet search engine that generates the most relevant search results, and also provides users with the latest news trending on the Internet.

Judging on appearance alone, this website may seem legitimate, however, search.viewsearch.net continually records various data relating to Internet browsing activity. Furthermore, developers promote this site using rogue application installers that modify Internet browser settings without users' permission.

What is search.testmyspeeds.co?

According to developers, the Test My SPEEDS app allows users to test Internet performance. Judging on appearance alone, Test My SPEEDS may appear legitimate and useful, however, it is categorized as a potentially unwanted program (PUP) and a browser hijacker.

There are three main reasons for these negative associations: 1) installation without consent; 2) stealth modification of web browser settings, and; 3) tracking of users' Internet browsing activity.

What is NowUSeeIt Player?

NowUSeeIt Player is a deceptive app claiming to provide a feature allowing users to play online videos without using Internet browsers - "The NowUSeeIt Player is based on one simple but brilliant idea: an enjoyable online video viewing experience – without the browser! The NowUSeeIt Player offers seamless online video viewing directly on your desktop while working, browsing the Web or gaming."

On initial inspection, this application may seem legitimate and useful, however, NowUSeeIt Player is classed as adware and a potentially unwanted program (PUP). After NowUSeeIt Player successfully infiltrates the system without users' permission, it displays intrusive online advertisements and tracks Internet browsing activity.

What is Crypt0L0cker?

Crypt0L0cker (or TorrentLocker) is a ransomware infection that infiltrates computers using infected email message attachments (message topics often include: “package tracking”, ”speeding tickets”, “unpaid invoice”, etc.) Note that cyber criminals localise these spam email messages to make them appear legitimate.

For example, computer users located in the United Kingdom receive fake email messages claiming to be package tracking messages from Royal Mail, PC users from Australia receive messages from Australia Post, etc. After successful infiltration, this malware encrypts files on victims' computers and demands ransom payments of 2.2 Bitcoin to decrypt them.

Crypt0l0cker ransomware (some newer variants use the name CryptoLocker) encrypts all files found on victims' computers except the following: .html, .inf, .manifest, .chm, .ini, .tmp, .log, .url, .lnk, .cmd, .bat, .scr, .msi, .sys, .dll, .exe,  .avi, .wav, .mp3, .gif, .ico, .png, .bmp, and .txt (files needed for normal Windows operation).

What is Vortex?

Vortex is a ransomware-type virus developed using AESxWin - an open-source file encryption project. This malware is virtually identical to the Polski and Flotera viruses. Following successful infiltration, Vortex encrypts various files using AES-256 cryptography and appends the ".aes" (or ".ZABLOKOWANE") extension to the name of each encrypted file.

For example, a file such as "sample.jpg" might be renamed to "sample.jpg.aes". Once the files are encrypted, Vortex creates a text file (ODZSZYFRUJ-DANE.txt" (or "#$# JAK-ODZYSKAC-PLIIKI.txt"), placing it on the desktop.

What is coolasearch.com?

Identical to chumsearch.com, coolasearch.com is a fake Internet search engine that falsely claims to enhance the web browsing experience by generating improved results.

These claims often trick users into believing that coolasearch.com is legitimate and useful, however, developers promote this site by employing rogue download/installation set-ups that hijack web browsers and stealthily modify various options. Furthermore, coolasearch.com continually records various information relating to users' Internet browsing activity.