Virus and Spyware Removal Guides, uninstall instructions

What is luckypageing123.com?

Identical to startpageing123.com, luckystarting.com, searchonlineusa.com, and many other sites, luckypageing123.com is a fake Internet search engine claiming to generate improved search results. Judging on appearance alone, luckypageing123.com may seem similar to Google, Yahoo, Bing, and other legitimate search engines.

Therefore, many users are often tricked into believing that luckypageing123.com is also legitimate, however, this site records information relating to users' Internet browsing activity. Furthermore, developers promote luckypageing123.com using rogue download/installation set-ups designed to modify web browser settings without direct user permission.

What is Marlboro?

Marlboro is a ransomware-type virus distributed via spam emails. Following infiltration, Marlboro encrypts files using RSA-2048 and AES-128 cryptography, and appends filenames with the ".oops" extension. For example, "sample.jpg" is renamed to "sample.jpg.oops".

Following successful encryption, Marlboro places two files ("_HELP_Recover_Files_.html" and "DecryptFiles.exe") on the desktop, as well as in each folder containing encrypted files.

What is startpageing123.com?

Developers present startpageing123.com as an improved Internet search engine that enhances the Internet browsing experience by generating improved search results. These claims often trick users into believing that startpageing123.com is legitimate.

In fact, this website is promoted using deceptive software download/installation set-ups that hijack web browsers and modify various options without consent. Furthermore, startpageing123.com continually records information relating to users' Internet browsing activity.

What is Phoenix?

Phoenix is malware based on Hidden Tear - an open source ransomware project. Following successful infiltration, Phoenix encrypts files using the AES-256 encryption algorithm. It also renames encrypted files by appending the ".R.i.P" extension to each file name.

For instance, "sample.jpg" is renamed to "sample.jpg.R.i.P". Phoenix then creates a text file ("Important!.txt") containing a ransom-demand message, and places it on the desktop.

What is search.moviecorner.com?

search.moviecorner.com is a fake Internet search engine claiming to enhance the Internet browsing experience by generating improved search results and providing quick access to various popular websites.

On initial inspection, search.moviecorner.com may seem legitimate and useful, however, developers promote this website using rogue download/installation steps designed to modify web browser settings without consent. In addition, search.moviecorner.com continually records various data relating to users' Internet browsing activity.

What is search.webwebweb.com?

The WebWebWeb.com browser hijacker infiltrates Internet browsers (Google Chrome and Mozilla Firefox) through free software downloads. At time of testing, this website was promoted via an application called 'video downloader professional'.

Developers of this browser settings-changing adware (LINK64 GmbH) employ a deceptive software marketing method called 'bundling', and thus, most computer users install this plug-in inadvertently without their consent. After successful infiltration, this browser hijacker assigns the browser homepage and default search engine fields to webwebweb.com

At time of research, this site redirected users to Google, a legitimate Internet search engine, however, the developers of this deceptive browser plug-in are able to redirect webwebweb.com to other malicious websites at any time.

What is obzhora.net?

obzhora.net is a deceptive website claiming to be an improved Internet search engine that generates improved results. Judging on appearance alone, obzhora.net barely differs from Bing, Yahoo, Google, and other legitimate Internet search engines. Therefore, many users believe that obzhora.net is also legitimate and useful.

In fact, developers promote this site via deceptive software download/installation set-ups designed to modify web browser settings without consent. In addition, obzhora.net continually records various information relating to users' Internet browsing activity.

What is Evil?

Evil is a ransomware-type virus written in Javascript. Following infiltration, Evil encrypts various files using AES cryptography. During encryption, Evil appends ".file0locked" to the name of each encrypted file.

For instance, "sample.jpg" is renamed to "sample.jpg.fire0locked". Updated variants use ".aes" extension for encrypted files. Following successful encryption, Evil generates an HTML file ("HOW_TO_DECRYPT_YOUR_FILES.htm"), placing it on the desktop.

What is InstallWizz?

InstallWizz is an adware-type application claiming to allow users to download and install various apps. On initial inspection, InstallWizz may appear legitimate and useful, however, this app often infiltrates systems without permission. Furthermore, it generates intrusive online advertisements and collects various data relating to users' Internet browsing activity.

For these reasons, InstallWizz is categorized as a potentially unwanted program (PUP) and adware.

What kind of malware is FireCrypt?

FireCrypt is a ransomware-type virus that encrypts files using AES-256 cryptography. The executable used to encrypt files opens a console window that contains various figures drawn using ASCII art. This malware appends the ".firecrypt" extension to the name of each encrypted file.

For instance, "sample.jpg" is renamed to "sample.jpg.firecrypt". Following successful encryption, FireCrypt generates a "READ_ME.html" file and places it on the desktop.