Virus and Spyware Removal Guides, uninstall instructions

What is ZinoCrypt?

ZinoCrypt is a ransomware-type virus discovered by malware researcher, MalwareHunterTeam. Once infiltrated, ZinoCrypt encrypts files and appends filenames with the ".ZINO" extension. For example, "sample.jpg" might be renamed to "sample.jpg.ZINO".

Following successful encryption, ZinoCrypt creates a text file ("ZINO_NOTE.txt") containing a ransom-demand message, and places it on the desktop.

What is search.mysearch.com?

Search.mysearch.com is a deceptive website that claims to be an Internet search engine. The appearance of this site is identical to other websites such as Google, Yahoo, and Bing, Users often believe that search.mysearch.com is legitimate, however, search.mysearch.com is promoted using bogus software 'installers' designed to modify web browser settings.

In addition, search.mysearch.com collects various information relating to Internet browsing activity.

What is Browser Shop?

Browser Shop is an advertising platform used by many dubious websites that promote potentially unwanted programs (PUPs), questionable medicinal products, dating services, etc. This platform is implemented by various browser extension developers to monetize their free plug-ins. 

Browser Shop is not a stand-alone program, and therefore, users who observe Browser Shop advertisements when browsing the Internet should check any recently-installed browser add-ons - they are likely to be the cause of these intrusive ads. Note that these ads alone are not categorized as viruses or malware, however, clicking them can cause serious privacy and computer security issues.

What is mystart.dealwifi.com?

The DealWifi application supposedly allows users to turn their Windows PC into a Wi-Fi hotspot - "Deal WiFi, a product of RAFO TECHNOLOGY, is an easy-to-use software that turns your laptop/PC into a Wi-Fi wireless access point. Anyone nearby can surf the Internet through your sharing."

These fake promises are used to trick users into believing that DealWifi is a useful and legitimate application, however, this app is considered to be a browser hijacker and a potentially unwanted program (PUP). After stealthily infiltrating the most popular Internet browsers (Internet Explorer, Google Chrome, and Mozilla Firefox), DealWifi modifies the browser settings and collects system data without users' consent.

What is dregol.com?

The browser-hijacking application, dregol.com, employs a deceptive free software marketing method called 'bundling' to infiltrate Internet browsers (Internet Explorer, Google Chrome, Mozilla Firefox, and Safari).

Bundling is a way to distribute applications together with other software, and therefore, dragol.com usually infiltrates systems during download of free software from freeware download websites. Once installed, this rogue application assigns the browser default search engine, new tab URL, and homepage settings to dragol.com.

Furthermore, several applications called 'helper objects' are installed together with this browser hijacker and prevent users from reverting these changes. 

What is bardiscover.com?

According to the developers, bardiscover.com generates improved search results and, therefore, enhances the Internet browsing experience.

These claims often trick users into believing that this site is legitimate and useful, however, developers promote bardiscover.com by employing rogue download/installation set-ups that modify web browser settings without consent. Furthermore, this website continually gathers various information relating to users' Internet browsing activity.

What is Crptxxx?

Crptxxx is a ransomware-type virus discovered by malware researcher MalwareHunterTeam. This malware employs enigma0x3's UAC (Microsoft's User Account Control) bypass. Once infiltrated, Crptxxx encrypts various data using AES cryptography.

In addition, this ransomware appends the ".crptxxx" extension to the name of each encrypted file (for example, "sample.jpg" is renamed to "sample.jpg.crptxxx"). The malware then creates a text file ("HOW_TO_FIX_!.txt"), placing it in each folder containing the encrypted files.

What is funnysurfing.com?

Developers present funnysurfing.com as an Internet search engine that significantly enhances the browsing experience by generating improved search results, displaying local weather forecasts, allowing users to create 'a to-do list', and providing a a number of other 'features'.

Judging on appearance alone, funnysurfing.com may appear legitimate and useful, however, this website records various user-system information relating to Internet browsing activity. Furthermore, developers promote it by employing deceptive download/installation set-ups that modify web browser settings without permission.

What is FastoPlayer?

FastoPlayer is supposedly a media player that provides a wide range of media-related features (for example, video download, format conversion, file sharing, etc.) - "Fasto player - The fastest player you will ever use! Our FAST media player with Automatic sub-title download and private browsing.

Plays, downloads and bookmarks all popular video formats. Build your video library!" These false claims often trick users to install, however, be aware that FastPlayer generates intrusive online advertisements and tracks Internet browsing activity. This app is categorized as a potentially unwanted program (PUP) and adware.

What is Kirk?

Kirk is a ransomware-type virus that claims to be a network stress tool called "Low Orbital Ion Cannon". This ransomware was first discovered by malware researcher Jakub Kroustek. Following successful infiltration, Kirk encrypts files and appends filenames with the ".kirked" extension (for example, "sample.jpg" is renamed to "sample.jpg.kirked").

A pop-up window is then displayed and a text file ("RANSOM_NOTE.txt") created and placed on the desktop. Both contain identical ransom-demand messages. This virus also creates a file called "pwd", and places it in each folder containing encrypted data. This file contains the victim's password, which is also encrypted.