Virus and Spyware Removal Guides, uninstall instructions

What kind of software is QR Code Search?

Our researchers discovered the QR Code Search browser extension while investigating suspect websites. Following our examination, we determined that this is browser-hijacking software. It makes alterations to browser settings in order to promote the qrcodeme.xyz fake search engine. QR Code Search also has data-tracking abilities.

What kind of software is Shop Assistant?

Shop Assistant is a browser extension that promises to add shopping offers to the users' search results. This is a piece of advertising-supported software (adware), and its ads can be displayed on interfaces outside of search engines. Furthermore, this extension collects sensitive user data.

Our research team discovered the Shop Assistant rogue browser extension while investigating untrustworthy and deceptive websites.

What kind of software is Protected Browse?

Protected Browse is a rogue browser extension that promises to block access to malicious websites. We discovered this piece of software during a routine inspection of untrustworthy sites.

Our investigation revealed that Protected Browse modifies browser settings to promote the protectedbrowse.com fake search engine. Additionally, this extension spies on users' browsing activity. Due to this behavior, Protected Browse is classed as a browser hijacker.

What kind of software is Changify?

While investigating deceptive websites, our research team found the Changify browser extension. It promises to display browser wallpapers.

However, after examining this piece of software, we determined that it is a browser hijacker. Changify makes changes to browser settings in order to endorse (via redirects) the qhereugo.com illegitimate search engine.

What kind of application is GoT Phrases?

After analysis, it has come to our attention that GoT Phrases modifies the settings of a web browser to promote a specific address (a fake search engine). This activity falls under the category of browser hijacking. Additionally, GoT Phrases can read certain data. Thus, users are advised not to trust this app.

What kind of malware is Intel?

While investigating new file submissions to the VirusTotal website, our researchers discovered the Intel ransomware. This malicious program is part of the Dharma ransomware family. Intel malware encrypts data and demands payment for its decryption.

On our test machine, the files encrypted by Intel were also renamed. Original filenames were appended with a unique ID assigned to the victim, ".[intellent@ai_download_file]", and the ".intel" extension. For example, a file initially named "1.jpg" appeared as "1.jpg.id-9ECFA84E.[intellent@ai_download_file].intel".

After the encryption process was concluded, ransom notes were created in a pop-up window and text files titled "README!.txt"; the latter were dropped into each encrypted folder and on the desktop. Based on the message in the pop-up, it is evident that this ransomware targets companies and utilizes double extortion tactics.

What kind of application is Boost Audio?

Upon examination, it has been determined that Boost Audio is an ad-supported application (browser extension). The classification of Boost Audio as adware stems from its capacity to display intrusive advertisements to users. Additionally, Boost Audio possesses the capability to access forms of data.

What kind of malware is DoctorHelp?

In the course of our examination, it has been identified that DoctorHelp is malicious software categorized as ransomware. This ransomware is part of the MedusaLocker family. DoctorHelp has been discovered while inspecting samples on the VirusTotal page. The purpose of DoctorHelp is to encrypt files.

Additionally, DoctorHelp provides a ransom note ("How_to_back_files.html") and appends the ".doctorhelp" extension to filenames. For instance, it renames "1.jpg" to "1.jpg.doctorhelp", "2.png" to "2.png.doctorhelp", etc.

What kind of application is The Pray Time?

Upon examination, we have established that The Pray Time application functions as a browser hijacker with the intent to endorse a deceptive search engine. Similar to other applications in this category, The Pray Time engages in browser hijacking by altering the configuration settings of a web browser.

What is "Incoming Mail Notification"?

After conducting an examination, it has become evident that the content of this email is the work of scammers intending to deceive recipients into divulging sensitive information. Such fraudulent emails are commonly referred to as phishing emails. Recipients should exercise utmost caution and refrain from engaging with or responding to such deceptive communications.