Virus and Spyware Removal Guides, uninstall instructions

What is Crypt0L0cker?

Crypt0L0cker (or TorrentLocker) is a ransomware infection that infiltrates computers using infected email message attachments (message topics often include: “package tracking”, ”speeding tickets”, “unpaid invoice”, etc.) Note that cyber criminals localise these spam email messages to make them appear legitimate.

For example, computer users located in the United Kingdom receive fake email messages claiming to be package tracking messages from Royal Mail, PC users from Australia receive messages from Australia Post, etc. After successful infiltration, this malware encrypts files on victims' computers and demands ransom payments of 2.2 Bitcoin to decrypt them.

Crypt0l0cker ransomware (some newer variants use the name CryptoLocker) encrypts all files found on victims' computers except the following: .html, .inf, .manifest, .chm, .ini, .tmp, .log, .url, .lnk, .cmd, .bat, .scr, .msi, .sys, .dll, .exe,  .avi, .wav, .mp3, .gif, .ico, .png, .bmp, and .txt (files needed for normal Windows operation).

What is Vortex?

Vortex is a ransomware-type virus developed using AESxWin - an open-source file encryption project. This malware is virtually identical to the Polski and Flotera viruses. Following successful infiltration, Vortex encrypts various files using AES-256 cryptography and appends the ".aes" (or ".ZABLOKOWANE") extension to the name of each encrypted file.

For example, a file such as "sample.jpg" might be renamed to "sample.jpg.aes". Once the files are encrypted, Vortex creates a text file (ODZSZYFRUJ-DANE.txt" (or "#$# JAK-ODZYSKAC-PLIIKI.txt"), placing it on the desktop.

What is coolasearch.com?

Identical to chumsearch.com, coolasearch.com is a fake Internet search engine that falsely claims to enhance the web browsing experience by generating improved results.

These claims often trick users into believing that coolasearch.com is legitimate and useful, however, developers promote this site by employing rogue download/installation set-ups that hijack web browsers and stealthily modify various options. Furthermore, coolasearch.com continually records various information relating to users' Internet browsing activity.

What is Flotera?

Flotera is a ransomware-type virus similar to Polski ransomware. This malware is developed using an open-source file encryption project called AESxWin. Once infiltrated, Flotera encrypts files using AES-256 cryptography. During encryption, Flotera appends names of encrypted files with the ".aes" extension.

For instance, "sample.jpg" is renamed to "sample.jpg.aes". Following successful encryption, Flotera creates a text file ("!!!-ODZYSKAJ-DANE-!!!.TXT"), which contains a ransom-demanding message, and places it on the desktop.

What is SafeSear.ch?

The SafeSear.ch website enables users to search the Internet and also presents several links to popular social networking websites. The website is promoted using a browser extension called SafeSear.ch toolbar. This browser add-on is compatible with Internet Explorer, Google Chrome, and Mozilla Firefox.

Creators of this website claim that they have developed a unique search engine to filter malicious websites that may harm users' computers. Whilst this initiative may seem useful, there is a downside of SafeSear.ch - the creators of this website employ deceptive promotion methods.

Many users report that they are redirected to SafeSear.ch without their consent, a situation that may occur if the SafeSear.ch toolbar was installed together with free software downloaded from the Internet.

What is Enhance Pro?

Enhance Pro is a rogue application that falsely claims to save time and money by providing various coupons for online shops. Judging on appearance alone, Enhance Pro may appear legitimate and useful, however, this app often infiltrates systems without users' consent.

Furthermore, it continually delivers intrusive online advertisements and records various user-system information. For these reasons, Enhance Pro is categorized as a potentially unwanted program (PUP) and adware.

What is LLTP?

First discovered by malware researcher, MalwareHunterTeam, LLTP is an updated version of a ransomware-type virus called VenusLocker. Once infiltrated, LLTP encrypts files using AES-256 and RSA-2048 algorithms. In addition, the virus renames encrypted files by encoding the original filenames with Base64 scheme.

It also changes the file extension to either ".ENCRYPTED_BY_LLTP" or ".ENCRYPTED_BY_LLTPp" (depending on the type of file).

For example, "1.jpg" might be renamed to "MS5qcGcNCg0K.ENCRYPTED_BY_LLTPp". After successfully encrypting files, LLTP changes the desktop wallpaper, opens a pop-up window, and creates a text file ("LEAME.txt"), placing it on the desktop. All three contain ransom demand messages.

What is eAdvisor?

According to developers, eAdvisor helps to save time and money by providing various e-shopping coupons. These claims often trick users into believing that eAdvisor is legitimate and useful, however, it is categorized as a potentially unwanted program (PUP) and adware.

There are three main reasons for these negative associations: 1) stealth installation without users' consent; 2) display of intrusive online advertisements, and; 3) tracking of users' Internet browsing activity.

What is Dealicious?

Dealicious is a rogue application that falsely claims to save time and money by providing various e-shopping coupons. On initial inspection, Dealicious may appear legitimate and useful, however, this app often infiltrates systems without users' permission. Furthermore, it delivers intrusive online advertisements and collects various user-system information.

For these reasons, this application is categorized as a potentially unwanted program (PUP) and adware.

What is hp.myway.com?

EasyFileConvert is a rogue application that falsely claims to allow conversion of various file formats. Judging on appearance alone, EasyFileConvert may appear legitimate and useful, however, this app is categorized as a browser hijacker and a potentially unwanted program (PUP).

There are three main reasons for these negative associations: 1) installation without users' consent; 2) stealth modification of web browser settings, and; 3) tracking of users' Internet browsing activity.