Virus and Spyware Removal Guides, uninstall instructions

What is search.searchpat.com?

Package Tracker is a dubious application that supposedly allows tracking of package deliveries. These false claims often trick users into believing that Package Tracker is a legitimate application, however, Package Tracker is classed as a browser hijacker and a potentially unwanted program (PUP).

This application infiltrates systems without users’ permission, modifies web browser settings, displays intrusive online advertisements, and collects various user/system information.

What is search.searchlen.com?

Login Email Now is a deceptive application claiming to allow email access from any new browser tab. These claims often trick users to install, however, Login Email Now is classed as a potentially unwanted program (PUP) and a browser hijacker.

One of the main reasons for these negative associations is stealth installation - Login Email Now often infiltrates systems without users’ permission. Following successful infiltration, this app hijacks web browsers, tracks users' web browsing activity, and generates intrusive online advertisements.

What is Payms?

Payms is a ransomware-type virus based on the source code of another ransomware infection called Jigsaw. Developers of Jigsaw sell the source code in dark web and, thus, new variants of this ransomware are common. Once infiltrated, Payms employs an asymmetric algorithm to encrypt files stored in victims' computers.

The name of each encrypted file is appended with the .paymrss, .paym, .payrms, .payms, .paymst, or .pays extension. A "Payment_Instructions.txt" file is then created, which is placed on the desktop.

What is Yakes?

Yakes (Mobef) is ransomware-type malware similar to Salam!. After infiltrating the system, Yakes encrypts various types of files (for example, .doc, .ppt, .pdf, etc.) stored on victims' computers. Some variants of this ransomware extend the names of encrypted files with the Lokmann.Key993, .KEYH0LES or .KEYZ extension, however, others make no changes.

Therefore, it is often difficult to determine which files are encrypted. Following encryption, a message is displayed making a ransom demand.

What is Vault ransomware?

Vault is ransomware-type malware designed to encrypt various files stored on infected computers. During encryption, this ransomware adds a ".vault" or ".xort" extension to each encrypted file and, therefore, it is easy to determine which files are affected.

All files are encrypted using the RSA algorithm and, thus, a private key is required to decrypt them. In exchange for the key, developers of Vault encourage victims to pay a ransom. Note that this malware targets users located in Russia.

What kind of malware is 7ev3n

7ev3n ransomware stealthily infiltrates systems via malicious e-mail attachments, P2P networks, and fake software updates. After system infiltration, 7ev3n encrypts files stored on computers and adds the .r5a (or .r4a) extension to compromised files. Once files are successfully encrypted, a pop-up message is displayed providing information regarding the encryption.

Payment of a ransom is demanded in exchange for a private key, which is used to decrypt the files. If the ransom is not paid within the given time frame, the private key will be destroyed and all files will remain encrypted forever.

What is CryptXXX?

CryptXXX is ransomware-type malware distributed using the Angler Exploit Kit. Following infiltration, CryptXXX encrypts various files stored on local and mounted drives using RSA4096 - an asymmetric encryption algorithm. Thus, public (to encrypt) and private (to decrypt) keys are generated during encryption.

To the restore files, victims require the private key, which is stored on Command and Control (C&C) servers belonging to the cyber criminals. To receive the decrypter (with the private key embedded), victims must supposedly pay a ransom. In addition, CryptXXX gathers various private data (browsing details, cookies, etc.)

What is GamesCake?

GamesCake is a deceptive application identical to GamingTreasure, ArcadeTropics, GamesLagoon, and a number of other bogus programs. All (including GamesCake) offer functionality to play various Flash games, however, these false claims are merely attempts to trick users into believing that this application is legitimate.

In fact, GamesCake is categorized as a potentially unwanted program (PUP) and adware. One of the main reasons for these negative associations is stealth installation - GamesCake usually infiltrates systems without users’ consent. Users' web browsing activity is then tracked and intrusive online advertisements displayed.

What is searchswapper.com?

searchswapper.com is a fake Internet search engine claiming to enhance the web browsing experience by generating the most relevant search results. Judging by appearance alone, searchswapper.com may seem very similar to Google, Yahoo, Bing, and other legitimate Internet search engines.

Therefore, users often believe that searchswapper.com is also legitimate. Be aware, however, that developers promote this site using dubious application 'installers' that modify web browser settings without users' consent. In addition, searchswapper.com continually gathers various user/system information.

What is Aga?

Aga is another ransomware-type virus that targets Russian users and encrypts files (.doc, .jpg, ppt, .pdf, etc). During encryption, this ransomware adds the .aga extension to the name of each encrypted file (for example, a file named "sample.jpg" is renamed to "sample.jpg.aga"). A text file named "Instructionaga" is then generated.