Virus and Spyware Removal Guides, uninstall instructions

What is Still Sherpa?

Still Sherpa is advertised as a tool for finding content on the Internet. An important detail about this application is that it is classified as adware - it generates advertisements. Most users install adware inadvertently.

What is Simply Convert Files?

Simply Convert Files is a browser extension endorsed as a tool for easy file format conversion. It is supposedly capable of converting document, image, and audio formats. Instead, Simply Convert Files operates as adware. Additionally, since most users install adware-type products unintentionally, they are also classified as PUAs (Potentially Unwanted Applications).

What is Newnet ransomware?

Newnet belongs to a family of ransomware called MedusaLocker. This ransomware encrypts files and appends the ".newnet" extension to their filenames. For example, it changes "1.jpg" to "1.jpg.newnet", "2.jpg" to "2.jpg.newnet". Newnet also creates the "HOW_TO_RECOVER_DATA.html" file that contains contact information and other details.

What is DoppelDridex?

DoppelDridex is a new variant of the Dridex malware. This malicious program has been used to inject systems with additional malware, with the final payload being ransomware. It is noteworthy that DoppelDridex has been actively proliferated via virulent Microsoft Office documents distributed through email spam campaigns.

What is oataltaul[.]com page?

Oataltaul[.]com shows notifications used to promote various scams and other untrustworthy pages and opens websites of this kind itself. It functions like beta-one[.]net, news-themes[.]com, fast-travel[.]org, and plenty of other pages. Most of them are promoted through shady pages, unreliable ads, and potentially unwanted apps (PUAs).

What is MOON ransomware?

MOON is a malicious program designed to encrypt data and demand payment for the decryption. This malware belongs to the Dharma ransomware family.

During the encryption process, files are renamed following this pattern: original filename, unique ID assigned to the victim, cyber criminals' email address, and a ".MOON" extension. For example, a file like "1.jpg" would appear as something similar to "1.jpg.id-C279F237.[moondog@onionmail.org].MOON". Afterwards, ransom notes are created/displayed in a pop-up window and "info.txt" text file.

What is Chld ransomware?

Chld is part of the Dharma ransomware family. This variant encrypts files, appends the victim's ID, keychild@onionmail.org email address and the ".chld" extension to their filenames, and generates two ransom notes (displays a pop-up window and creates the "info.txt" file).

Chld renames a file named "1.jpg" to "1.jpg.id-C279F237.[keychild@onionmail.org].chld", "2.jpg" to "2.jpg.id-C279F237.[keychild@onionmail.org].chld", and so on. Its ransom notes provide contact information.

What is JustVideoSearch browser hijacker?

JustVideoSearch is a browser hijacker designed to promote the justvideosearch.com address, a fake search engine. It changes the web browser's settings to promote that address. Users often download and install browser hijackers inadvertently. For this reason, they are categorized as potentially unwanted apps (PUAs).

What is BlackByte ransomware?

BlackByte ransomware makes files inaccessible by encrypting them and generates a ransom note (the "BlackByte_restoremyfiles.hta" file) that contains instructions on how to contact the attackers for data decryption and other details.

Also, BlackByte appends the ".blackbyte" extension to the names of encrypted files. For example, it renames a file named "1.jpg" to "1.jpg.blackbyte", "2.jpg" to "2.jpg.blackbyte", and so on.

What is AdBlock 360?

AdBlock 360 is a fake adblocker. This rogue browser extension promises to block pop-ups and other intrusive ads, as well as trackers, and automatically skip advertisements on YouTube videos. Instead, AdBlock 360 operates as adware. Since most users inadvertently download/install adware-type products, they are also categorized as PUAs (Potentially Unwanted Applications).