Virus and Spyware Removal Guides, uninstall instructions

What is Yeaplayer?

Yeaplayer (also known as YeaDesktop) is a deceptive application that infiltrates systems without consent (the "bundling" method).

Following infiltration, Yeaplayer continually delivers various intrusive online advertisements and records information relating to users' Internet browsing activity. For these reasons, Yeaplayer is categorized as adware and a potentially unwanted program (PUP).

What kind of malware is *.osiris?

*.osiris is a new variant of Locky ransomware and virtually identical to *.zzzzz, *.thor, *.odin, and a number of other viruses. *.osiris was first discovered by R0bert R0senb0rg.

Following infiltration, *.osiris encrypts stored data using asymmetric cryptography and renames encrypted files using the "[8_random_characters]-[4_random_characters]-[4_random_characters]-[8_random_characters]-[12_random_characters].osiris" pattern.

For example, "sample.jpg" might be renamed to "GD89LL14-G8A1-9G01-AF1G9L1K-H0AK3LH0GM17". Following encryption, *.osiris creates an HTML file ("OSIRIS-ede4.html"), placing it on the desktop and changing the desktop wallpaper.

What is yousearch.io?

yousearch.io is presented as an Internet search engine that significantly enhances web browsing by generating improved search results. Judging on appearance alone, yousearch.io barely differs from Google, Bing, Yahoo, and other legitimate search engines.

Therefore, many users believe that this site is also legitimate and useful. In fact, developers promote it by employing deceptive download/installation set-ups designed to modify web browser settings without permission. In addition, yousearch.io continually tracks users' Internet browsing activity.

What is quickstart.ninja?

According to the developers, quickstart.ninja significantly enhances the Internet browsing experience by generating improved search results.

These claims often trick users into believing that quickstart.ninja is legitimate and useful, however, this site gathers various information relating to Internet browsing activity. In addition, developers promote it by employing rogue downloaders/installers designed to modify web browser options without permission.

What is betterfind.me?

Developers present betterfind.me as an improved Internet search engine that supposedly enhances the browsing experience by generating improved results.

Judging on appearance alone, betterfind.me may seem legitimate and useful, however, developers promote this site by employing various download/installation set-ups that modify web browser settings without permission. Furthermore, betterfind.me continually records information relating to users' Internet browsing activity.

What is maxwebsearch.com?

Maxwebsearch.com is a search engine which is distributed through a potentially unwanted application (PUA), a browser hijacker. Typically, apps of this type promote fake search engines.

They promote them by changing certain browser's settings. It is common that browser hijackers not only modify settings but also collect browsing-related and/or other data. Also, in most cases users download and install such apps unknowingly.

What is Zyklon?

Zyklon is ransomware that infiltrates victims' computers and encrypts various files using AES 256 - an asymmetric encryption algorithm, which generates two keys (public to encrypt and private to decrypt). It is impossible to restore encrypted files without the private key and, therefore, developers demand a ransom payment in exchange for this key.

Note that this ransomware appends the name of each encrypted file with the .zyklon extension, making it straightforward to determine which files are compromised.

What is Shifr?

Shifr is a ransomware-type virus written in the Google Go programming language. This malware was first discovered by MalwareHunterTeam.

Once infiltrated, Shifr encrypts various files and appends the ".shifr" extension to the name of each encrypted file (for example, "sample.jpg" is renamed to "sample.jpg.shifr"). After successfully encrypting data, Shifr creates an HTML file ("HOW_TO_DECRYPT_FILES.html"), placing it in each folder containing encrypted files.

What is AES-NI?

AES-NI (full name "AES-NI Ransomware SPECIAL VERSION: NSA EXPLOIT EDITION", named after the recent NSA exploit kit leak) is a ransomware-type virus that stealthily infiltrates systems and encrypts files using AES-256 and RSA-2048 cryptoraphies.

During encryption, AES-NI appends filenames with the ".aes_ni_0day" extension (previous variants of this ransomware appended ".aes_ni"). For example, "sample.jpg" is renamed to "sample.jpg.aes_ni_0day". Following successful encryption, AES-NI creates a text file ("!!! READ THIS - IMPORTANT !!! txt") containing a ransom-demand message, placing it on the desktop.

What is ATLAS?

First discovered by malware security researcher Marcelo Rivero, ATLAS is an updated version of CHIP ransomware. Following successful infiltration, ATLAS encrypts files using RSA cryptography.

During encryption, this malware appends the ".ATLAS" extension to the name of each compromised file (for example, "sample.jpg" is renamed to "sample.jpg.ATLAS"). ATLAS then creates a text file ("ATLAS_FILES.txt"), placing it on the desktop.