Virus and Spyware Removal Guides, uninstall instructions

What is Oxar?

Discovered by malware security researcher, Marcelo Rivero, Oxar is a ransomware-type virus based on an open-source ransomware project called Hidden Tear. Once infiltrated, Oxar encrypts various data. During encryption, this virus appends filenames with the ".OXR" extension.

For example, "sample.jpg" is renamed to "sample.jpg.OXR". Newer variants of this ransomware use .F*CK, .FDP, .PEDO and .ULOZ extensions for encrypted files. Following successful encryption, Oxar opens a pop-up window containing a ransom-demand message.

What is search.mykotlerino.com?

search.mykotlerino.com is presented as a "top-notch" Internet search engine that significantly enhances the browsing experience by generating improved results.

Initially, search.mykotlerino.com may seem legitimate and useful, however, developers promote this site by employing rogue download/installation set-ups that hijack browsers and stealthily modify options. Furthermore, search.mykotlerino.com records various user-system information relating to browsing activity.

What is myallsearch.com?

myallsearch.com is a fake Internet search engine virtually identical to go.myquery.net, searchprivacy.co, jp.salbin.com, and many others. According to the developers, myallsearch.com significantly enhances the Internet browsing experience by generating improved search results.

These claims often trick users into believing that myallsearch.com is legitimate and useful. In fact, developers employ deceptive software download/installation set-ups to promote this site. Furthermore, this fake Internet search engine continually gathers various information relating to Internet browsing activity.

What is FCP?

FCP is a ransomware-type virus discovered by malware security researcher, Karsten Hahn. Once infiltrated, FCP supposedly encrypts stored data, however, unlike other ransomware-type viruses, this virus does not append filenames with an extension.

After successfully "encrypting" files, FCP creates four files ("Chinese_national_flag.png", "READ_ME_HELP_ME.png", "READ_ME_HELP_ME.txt", and "FCP Decryptor.exe"), placing them on the desktop. Both PNG files are automatically opened.

What is search.poreskanaf.com?

Developers present search.poreskanaf.com as a "top-notch" Internet search engine that significantly enhances the browsing experience by generating improved results. Judging on appearance alone, this website barely differs from Google, Bing, Yahoo, and other legitimate search engines.

Therefore, many users believe that search.poreskanaf.com is also legitimate. In fact, it is promoted via rogue downloaders/installers that modify browser options without consent. Furthermore, search.poreskanaf.com continually gathers various information relating to users' Internet browsing activity.

What is search.festovshade.com?

According to developers, search.festovshade.com is a "high-quality" Internet search engine that generates improved results and, therefore, enhances the browsing experience. On initial inspection, search.festovshade.com barely differs from Google, Bing, Yahoo, and other legitimate search engines.

Therefore, many users believe that this website is also legitimate. In fact, developers promote search.festovshade.com by employing rogue downloaders and installers. In addition, the site monitors browsing activity by gathering various user-system information.

What is BTCWare?

Discovered by malware researcher, MalwareHunterTeam, BTCWare is an updated version of a ransomware-type virus called Crptxxx. This ransomware is distributed via a malicious application called "Rogers Hi-Speed Internet".

Once infiltrated, BTCWare encrypts files and appends filenames with the ".btcware" extension (e.g., "sample.jpg" is renamed to "sample.jpg.btcware"). Newer variants of this ransomware append .shadow, .payday, .wyvern, .nuclear, .aleta, .gryphon, .nopasaran, .blocking, .xfile, .master, .onyon, .theva, .cryptobyte or .cryptowin extensions to encrypted files.

BTCWare then creates an HTM file ("#_HOW_TO_FIX_!.hta.htm"), placing it on the desktop. Other variants of this ransomware use !#_RESTORE_FILES_#!.inf file to store their ransom demanding message.

What is search.jangoram.com?

Developers present search.jangoram.com as a "top-notch" Internet search engine that significantly enhances the browsing experience by generating improved results.

Judging on appearance alone, search.jangoram.com may seem legitimate and useful, however, this website is promoted via rogue download/installation set-ups that modify browser options without permission. In addition, search.jangoram.com tracks users' Internet browsing activity.

What is searchkska.xyz?

searchkska.xyz is a fake Internet search engine that supposedly enhances the browsing experience by generating improved results. On initial inspection, searchkska.xyz may seem similar to Google, Bing, Yahoo, and other legitimate search engines. Therefore, many users believe that searchkska.xyz is also legitimate and useful.

In fact, this site is promoted via rogue download/installation set-ups that hijack web browsers and stealthily modify options. In addition, searchkska.xyz continually tracks browsing activity.

What is END of ISRAEL?

END of ISRAEL is a ransomware-type virus discovered by malware security researcher, Jakub Kroustek. Research shows that this malware is developed using .NET framework. Once infiltrated, END of ISRAEL encrypts stored data and appends filenames with the ".israbye" extension multiple times.

For example, "sample.jpg" might be renamed to a filename such as "sample.jpg.israbye.israbye.israbye.israbye.israbye.israbye.israbye.israbye.israbye.israbye". Following successful encryption, END of ISRAEL changes the desktop wallpaper and opens a pop-up window.