Virus and Spyware Removal Guides, uninstall instructions

What is Hockey Start?

While investigating suspicious websites, our researchers found one endorsing the Hockey Start browser extension. It is presented as a tool for quick access to hockey sports related online content.

However, after we analyzed this extension, we determined that it changes browser settings to promote the search.nstart.online fake search engine. Due to this behavior, Hockey Start is classified as a browser hijacker.

What kind of application is "Music"?

Our research team discovered the Music application while inspecting suspicious websites. After investigating this app, we determined that it is advertising-supported software (adware). In other words, Music operates by running intrusive advertisement campaigns.

What is finder-search.com?

Finder-search.com is the address of a fake search engine. Websites of this type usually cannot provide search results, and while finder-search.com can – they are likely to include unrelated and deceptive content. Illegitimate search engines are commonly promoted (through redirects) by browser hijackers. Additionally, these sites and software typically collect sensitive user data.

What is Atlantida?

Atlantida is the name of a stealer. Malware within this classification is designed to extract sensitive information from systems and applications installed on them. The Atlantida stealer has been observed being actively spread through suspicious freeware and "cracked" software websites.

What kind of malware is Qowd?

Qowd is ransomware that encrypts files on a victim's computer and demands a ransom payment in exchange for decryption tools. Our team discovered Qowd while checking the VirusTotal site for recently submitted malware samples. Qowd is a variant of the Djvu ransomware family. It may be distributed alongside other malware, such as RedLine or Vidar.

When Qowd infects a computer, it appends the ".qowd" extension to the filename of each encrypted file and drops a ransom note in the form of a file called "_readme.txt". For example, a file named "1.jpg" would be renamed to "1.jpg.qowd", "2.png" to "2.png.qowd", and so forth.

What kind of malware is Qoqa?

Qoqa is a type of ransomware that belongs to the Djvu family. Our research team discovered it while examining malware samples submitted to VirusTotal. Once it infects a computer, it encrypts the victim's files and renames them by appending the ".qoqa" extension to the end of the original filename.

For example, "1.jpg" would be renamed to "1.jpg.qoqa", "2.png" to "2.png.qoqa", etc. Additionally, Qoqa creates a ransom note, which is a text file named "_readme.txt". There is a chance that Qoqa is distributed alongside an information stealer such as RedLine or Vidar.

What is energysearch.co?

While examining energysearch.co, we found that it is a shady search engine that may provide misleading results. Typically, search engines of this kind are promoted through browser hijackers. Apps of this type modify the settings of web browsers to promote search engines.

What kind of page is mp3-convert[.]org?

While investigating suspicious websites, our research team found the mp3-convert[.]org page. It operates as a YouTube converter, i.e., the site allows users to convert said platform's video links to downloadable MP3 files. This service break copyright laws. What is more, mp3-convert[.]org is monetized via rogue advertising networks that are known to promote deceptive and malicious content.

What kind of scam is "Requested Information Or Content"?

We have examined this email and determined that it is a phishing email. Typically, scammers behind such emails try to trick individuals into providing sensitive information such as passwords or financial data. In this case, the phishing email is disguised as a letter from an email service provider.

What kind of page is fastcaptcha[.]top?

After investigating fastcaptcha[.]top, our team has determined that it is an untrustworthy website that shows a misleading message to deceive visitors into consenting to receive notifications. Websites like fastcaptcha[.]top are often accessed inadvertently by visitors. We discovered fastcaptcha[.]top while inspecting other shady pages.