Virus and Spyware Removal Guides, uninstall instructions

What is googlescan.ru?

Developers present googlescan.ru as a 'high-experience' search engine that enhances the Internet browsing experience by generating improved results. Judging on appearance alone, googlescan.ru barely differs from Bing, Yahoo, Google, and other legitimate search engines.

Therefore, many users believe that this rogue website is legitimate. In fact, developers promote it by employing deceptive download/installation set-ups designed to modify browser settings without consent. Furthermore, googlescan.ru continually records various information relating to users' Internet browsing activity.

What is hp.myway.com?

DownloadManagerNow is a deceptive application developed by Mindspark Interactive Network. By claiming to ease the data download process, DownloadManagerNow attempts to give the impression of legitimacy, however, this app is categorized as a potentially unwanted program (PUP) and a browser hijacker.

There are three main reasons for these negative associations: 1) installation without consent; 2) modification of web browser settings, and; 3) tracking of users' Internet browsing activity.

What is Mordor?

Mordor is a ransomware-type virus discovered by MalwareHunterTeam. This malware is a based on an open source ransomware project called Hidden Tear. Cyber criminals edit Hidden Tear source code and attempt to generate revenue by providing Mordor as a RaaS (Ransomware-as-a-Service).

Mordor is distributed using spam emails that contain malicious Javascript attachments designed to run the ransomware. Once infiltrated, Mordor encrypts various files and appends the ".mordor" extension to each of them. The virus then creates an HTML file ("READ_ME.html"), placing it on the desktop.

What is restore@protonmail.ch?

Restore@protonmail.ch is an new version of Fantom ransomware. Once infiltrated, restore@protonmail.ch encrypts files using asymmetric cryptography. As with Fantom, restore@protonmail.ch also displays a fake Windows Update screen during file encryption.

Furthermore, this ransomware renames encrypted files using the "8_random_characters.locked" pattern (e.g., "sample.jpg" might be renamed to "MS5qcGc=.locked").

The desktop wallpaper is then modified and two files created: 1) an executable file ("READ_ME!.exe"), which opens a ransom-demand pop-up, and; 2) a random file ("16_random_characters.locked", content unknown). Both files are placed in every existing folder.

What is OzozaLocker?

OzozaLocker is a ransomware-type virus that infiltrates the system and encrypts various data. During encryption, OzozaLocker appends the ".locked" extension to the name of each encrypted file. For instance, "sample.jpg" is renamed to "sample.jpg.locked".

A text file ("HOW TO DECRYPT YOU FILES.txt") is then created and placed on the desktop. The file contains a ransom-demand message.

What is combotab.com?

Developers present combotab.com as an search engine that generates improved results and, therefore, enhances the Internet browsing experience.

Judging on appearance alone, combotab.com may seem legitimate and useful, however, this site gathers various information relating to Internet browsing activity. Furthermore, developers promote it by employing deceptive download/installation set-ups that hijack web browser settings and modify various options.

What is Ranion?

Ranion is a ransomware virus promoted as a RaaS (Ransomware-as-a-Service) in the Dark Web. This malware is designed to encrypt various data using the AES encryption algorithm. Following successful encryption, Ranion opens a pop-up window containing a ransom-demand message.

What is NM4?

NM4 is ransomware-type malware discovered by Michael Gillespie. This virus stealthily infiltrates systems and encrypts various data using the AES and RSA encryption algorithms. During encryption, this malware appends names of encrypted files with the ".NM4" extension.

Following successful encryption, NM4 creates an HTML file ("Recovers your files.html"), placing it in each folder containing encrypted files.

What is Jokers House?

First discovered by security researcher, Michael Gillespie, Jokers House is another variant of ransomware-type malware called Jigsaw. Once infiltrated, Jokers House encrypts files using AES cryptography. During encryption, Jokers House appends filenames with the ".Contact_TarineOZA@Gmail.com_" extension.

For example, "sample.jpg" is renamed to "sample.jpg.Contact_TarineOZA@Gmail.com_". Following successful encryption, Jokers House opens a pop-up window containing a ransom-demand message.

What is seekdns.com?

seekdns.com is a deceptive website that falsely claims to be an Internet search engine that generates improved results. Judging on appearance alone, seekdns.com may appear legitimate and useful, however, this site records various user-system information relating to browsing activity.

Furthermore, developers promote it by employing deceptive downloaders/installers that hijack browser options without consent. For these reasons, seekdns.com is categorized as adware and a potentially unwanted program (PUP).