Virus and Spyware Removal Guides, uninstall instructions

What is funnysurfing.com?

Developers present funnysurfing.com as an Internet search engine that significantly enhances the browsing experience by generating improved search results, displaying local weather forecasts, allowing users to create 'a to-do list', and providing a a number of other 'features'.

Judging on appearance alone, funnysurfing.com may appear legitimate and useful, however, this website records various user-system information relating to Internet browsing activity. Furthermore, developers promote it by employing deceptive download/installation set-ups that modify web browser settings without permission.

What is FastoPlayer?

FastoPlayer is supposedly a media player that provides a wide range of media-related features (for example, video download, format conversion, file sharing, etc.) - "Fasto player - The fastest player you will ever use! Our FAST media player with Automatic sub-title download and private browsing.

Plays, downloads and bookmarks all popular video formats. Build your video library!" These false claims often trick users to install, however, be aware that FastPlayer generates intrusive online advertisements and tracks Internet browsing activity. This app is categorized as a potentially unwanted program (PUP) and adware.

What is Kirk?

Kirk is a ransomware-type virus that claims to be a network stress tool called "Low Orbital Ion Cannon". This ransomware was first discovered by malware researcher Jakub Kroustek. Following successful infiltration, Kirk encrypts files and appends filenames with the ".kirked" extension (for example, "sample.jpg" is renamed to "sample.jpg.kirked").

A pop-up window is then displayed and a text file ("RANSOM_NOTE.txt") created and placed on the desktop. Both contain identical ransom-demand messages. This virus also creates a file called "pwd", and places it in each folder containing encrypted data. This file contains the victim's password, which is also encrypted.

What is kwinzy.com?

kwinzy.com is a fake Internet search engine that falsely claims to enhance the Internet browsing experience by generating improved search results. Judging on appearance alone, kwinzy.com barely differs from Google, Bing, Yahoo, and other legitimate search engines.

Therefore, many users believe that kwinzy.com is also legitimate and useful. In fact, it is promoted via rogue download/installation set-ups that modify web browser settings without permission. Furthermore, kwinzy.com continually gathers various data relating to users' Internet browsing activity.

What is All_Your_Documents.rar?

All_Your_Documents.rar (also known as ROSHALOCK 2.00) is ransomware-type virus discovered by security researcher Michael Gillespie.

As with other ransomware-type viruses, All_Your_Documents.rar infiltrates systems without users' consent, however, it does not encrypt files - it compresses all files to a single password-protected archive (called "All_Your_Documents.rar"). All_Your_Documents.rar then creates a text file ("All Your Files in Archive!.txt") and places it on the desktop.

What is search.snapdo.com?

The Search.snapdo.com browser redirect issue is caused by a browser toolbar developed by ReSoft Ltd. This browser add-on is compatible with Internet Explorer, Google Chrome, and Mozilla Firefox. The SnapDo toolbar promises to enhance Internet users' browsing experience by displaying quick links to social networks, Wikipedia, radio stations, etc.

While this added functionality may seem useful, many computer users report that the toolbar was installed on their Internet browsers without their consent and they experience unwanted redirects to search.snapdo.com Redirects to this website are not related to malware or viruses, however, computer users who experience this problem, are likely to have been tricked into installing the SnapDo toolbar when downloading or installing free software.

What is search.logicwhatever.com?

Identical to search.emptovo.com, search.gracepot.com, search.nunu-app.com, and many others, search.logicwhatever.com is a fake Internet search engine that falsely claims to generate improved search results. 

Judging on appearance alone, search.logicwhatever.com may seem legitimate and useful, however, this website is promoted via deceptive download/installation set-ups that hijack Internet browsers and stealthily modify various options. Furthermore, search.logicwhatever.com continually gathers various user-system information.

What is Turkish FileEncryptor?

Turkish FileEncryptor is a ransomware-type virus that stealthily infiltrates systems and encrypts various data. During encryption, Turkish FileEncryptor appends the ".encryption" extension to the name of each encrypted file (for example, "sample.jpg" is renamed to "sample.jpg.encrypted").

Furthermore, this virus creates an XML file for each encrypted file. These files are named using the "[encrypted_file_name].manifest.xml" pattern (for example, "sample.manifest.xml"). Turkish FileEncryptor then creates a text file ("Beni Oku.txt") and opens a pop-up window (very similar to CTB-Locker pop-up), both containing ransom-demand notes.

What is Free WiFi Hotspot?

Free WiFi Hotspot is a deceptive application that falsely claims to allow users to share their Internet connections via WiFi. On initial inspection, this functionality may appear legitimate and useful, however, Free WiFi Hotspot often infiltrates systems without users' permission (the "bundling" method).

Furthermore, it delivers intrusive online advertisements and collects various user-system information relating to Internet browsing activity. For these reasons, Free WiFi Hotspot is categorized as adware and a potentially unwanted program (PUP).

What is Revenge?

Revenge is a new variant of a ransomware-type virus called CryptoMix. It is also very similar to CryptoShield (another variant of CryptoMix ransomware). Criminals proliferate Revenge via a RIG Exploit Kit. They hack various websites and inject Javascript code that searches for visitors' computer vulnerabilities and attempts to install this ransomware.

Following infiltration, Revenge terminates a number of processes (to get access to various data) and starts encrypting files using AES-256 cryptography. In addition, this virus renames encrypted files using the "[32_random_characters].REVENGE" pattern. For instance, "sample.jpg" might be renamed to "G89AL1H0PJM34GNHEQBYF2DAZM820K4L.REVENGE" or similar.

Furthermore, Revenge runs several commands to delete Shadow Volume Copies and disable Windows Startup Recovery. It then creates a text file ("# !!!HELP_FILE!!! #.txt"), placing it in each folder containing encrypted files.