Virus and Spyware Removal Guides, uninstall instructions

What is nowsearchit.com?

We have tested nowsearchit.com and found that it is a questionable search engine that may generate unreliable results. Search engines of this kind are promoted mainly via browser hijackers. Typically, users install/add apps of this type without knowing that these apps will change the settings of their web browsers.

What is Usr ransomware?

Our research team found the Usr ransomware while investigating new submissions to VirusTotal. This malicious program is part of the Phobos ransomware family.

Once we executed a sample of Usr on our test machine, it began encrypting files. The filenames of the affected files were appended with a unique ID assigned to the victim, the cyber criminals' email address, and a ".usr" extension. For example, a file initially titled "1.jpg" appeared as "1.jpg.id[9ECFA84E-3449].[username@worker.com].usr".

After the encryption process was created, ransom notes were created in a pop-up window ("info.hta") and text file ("info.txt").

What is PixelSee?

While inspecting rogue websites, our research team found a page promoting the PixelSee application. It is endorsed as a free media player.

However, due to the app's dubious promotion and potentially unmentioned undesirable functionalities, it is classed as a PUA (Potentially Unwanted Application). It is likely that this piece of software tracks user data, and it may have other harmful abilities. Additionally, freeware and PUAs are often bundled with unwanted/hazardous software.

 What is a cryptocurrency clipper?

A cryptocurrency clipper is a harmful software that can obtain and alter the information stored in the clipboard. ESET has reported numerous fraudulent Telegram and WhatsApp websites which aim to deceive Android (and Windows) users by offering fake (malicious) versions of these messaging applications.

What kind of software is "Bottle"?

While investigating suspicious websites, our researchers discovered an installer (commonly detected as Valyria) that contained the Bottle browser hijacker. Unlike most software within this classification, it does not modify browser settings to promote its fake search engine – oldforeyes.com.

What kind of app is Tabs Organizer for Chrome?

After downloading and adding the Tabs Organizer for Chrome extension to our browser, we found that this app displays annoying advertisements. Due to this behavior, we classified Tabs Organizer for Chrome as adware. In most cases, users install/add adware without realizing it.

What is LeadingExplorerSearch?

While inspecting new submissions to VirusTotal, our research team discovered the LeadingExplorerSearch application. Our analysis of this app revealed that it is advertising-supported software (adware). It is pertinent to mention that LeadingExplorerSearch belongs to the AdLoad malware family.

What kind of page is getcaptcha[.]top?

Getcaptcha[.]top is among the numerous websites that utilize deceptive messages to deceive visitors into allowing them to display notifications. Also, visitors may be redirected to other untrustworthy websites while browsing getcaptcha[.]top. Our discovery of getcaptcha[.]top occurred during our inspection of websites that employ dubious advertising networks.

What kind of malware is Kmufesd?

After examining Kmufesd, we determined that it is ransomware that belongs to the Snatch family. Our malware researchers discovered Kmufesd while checking malware samples submitted to the VirusTotal page. Kmufesd is ransomware that encrypts files, appends the ".kmufesd" extension to filenames, and creates the "HOW TO RESTORE YOUR FILES.TXT" file.

The text file dropped by Kmufesd is a ransom note. An example of how Kmufesd modifies filenames: it renames "1.jpg" to "1.jpg.kmufesd", "2.png" to "2.png.kmufesd", and so forth.

What kind of application is Movie Searcher?

While testing the Movie Searcher application (browser extension), we noticed that it operates as a browser hijacker. This app hijacks a web browser by changing some of its settings to search-movie.com. The purpose of Movie Searcher is to promote a fake search engine. This extension is promoted on a deceptive page.