Virus and Spyware Removal Guides, uninstall instructions

What is Shadow?

Discovered by Michael Gillespie, Shadow is a new variant of high-risk ransomware called BTCWare. Following successful infiltration, Shadow encrypts most stored files and appends filenames with the ".[paydayz@cock.li]-id-1360.shadow" extension.

For example, "sample.jpg" is renamed to "sample.jpg.[paydayz@cock.li]-id-1360.shadow". Henceforth, files become unusable. Once files are encrypted, Shadow opens a pop-up window containing a ransom-demand message.

What is search.searchisemail.com?

Email Account Login is presented as a legitimate application that supposedly allows users to access their emails. Judging on appearance alone, search.searchisemail.com may seem legitimate and useful, however, this app typically infiltrates systems without permission and records various sensitive data.

In addition, Email Account Login is categorized as a browser hijacker - a form of unwanted software that modifies Internet browser options without permission.

What is Internet Security Alert?

"Internet Security Alert" is a fake error message similar to Microsoft Warning Alert, Ransomware Detected, Warning: Hyper-V Manager, and many others.

This error is displayed by malicious websites that users often visit inadvertently - they are redirected by potentially unwanted programs (PUPs) that infiltrate systems without consent. As well as causing redirects, PUPs stealthily run unwanted processes, deliver malicious ads, and record various user-system information.

What is Napoleon?

Similar to Blind, Napoleon is a ransomware-type virus discovered by malware security researcher, Jakub Kroustek. Once infiltrated, Napoleon encrypts most stored data.

During encryption, Napoleon appends filenames with the ".[supp01@airmail.cc].napoleon" extension (e.g., "sample.jpg" is renamed to "sample.jpg.[supp01@airmail.cc].napoleon"). Henceforth, using encrypted files becomes impossible. After successfully encrypting data, Napoleon places the "How_Decrypt_Files.hta" file on the desktop.

What is TEST?

First discovered by MalwareHunterTeam, TEST is a new variant of high-risk ransomware called CryptoMix. Immediately after infiltration, TEST encrypts most stored data and renames it using a hexadecimal numeral system (32 characters) and adds the ".TEST" extension to each affected file.

For example, "sample.jpg" might be renamed to something like "123E7C332654AF453A089F8F26B69385.TEST". From this point, files become unusable and indistinguishable. Following successful encryption, TEST generates a text file ("_HELP_INSTRUCTION.TXT") and places it in every folder containing encrypted files.

What is Cyber Security?

Delivered by a malicious website, "Cyber Security" is a fake error similar to Your TCP Connection Was Blocked, You Have A Trojan!, Windows Detected ZEUS Virus, and many others. 

Research shows that users are often redirected to this website by various potentially unwanted programs (PUPs) that typically infiltrate systems without permission. As well as causing redirects, PUPs are known to misuse system resources, deliver intrusive ads, and record sensitive information.

What is WantMoney?

WantMoney is a ransomware-type virus discovered by malware security researcher, Karsten Hahn. Immediately after infiltration, WantMoney encrypts most stored data. From this point, files become unusable.

It also changes file type extensions to "ONVUG-JUQQC-INZRP-LJBZQ.Encrypted[B32588601@163.com].WantMoney22" (e.g., "sample.jpg" is renamed to "sample.ONVUG-JUQQC-INZRP-LJBZQ.Encrypted[B32588601@163.com].WantMoney22").

Following successful encryption, WantMoney places two files ("_Want Money_.txt" and "_Want Money_.bmp" [also set as the desktop wallpaper]) on the desktop and opens a pop-up window.

What is hdmoviesearch.com?

According to the developers, hdmoviesearch.com is a high-end Internet search engine that enhances users' Internet browsing experience by generating improved results. The appearance of hdmoviesearch.com barely differs from Google, Bing, Yahoo, and other legitimate search engines.

Therefore, many users believe that hdmoviesearch.com is also legitimate and useful. In fact, developers promote this site using a browser-hijacking application called HD Video Search Tool. In addition, hdmoviesearch.com and HD Video Search Tool continually record various user-system information (mostly relating to Internet browsing habits).

What is hp.myway.com?

ProPDFConverter is a rogue application developed by Mindspark Interactive Network (also known as IAC Applications).

By offering conversion of PDF files to other formats, ProPDFConverter attempts to give the impression of legitimacy, however, this app typically infiltrates systems and stealthily modifies web browser options without consent. For these reasons, ProPDFConverter is categorized as a potentially unwanted program (PUP) and a browser hijacker.

What is adplexmedia.com?

Identical to smartoffer.site, primosearch.com, restheet.com, and many others, adplexmedia.com is a rogue website designed to redirect to other dubious sites. The only differences are the target sites to which users are redirected.

Research shows that users often visit adplexmedia.com inadvertently - they are redirected by potentially unwanted programs (PUPs) that typically infiltrate systems without permission. As well as causing redirects, PUPs generate intrusive advertisements, diminish system performance, and gather various information (mostly relating to web browsing activity).