Virus and Spyware Removal Guides, uninstall instructions

What is GetMusicSearch browser hijacker?

GetMusicSearch is called a browser hijacker because it promotes a fake search engine (getmusicsearch.com) by changing the web browser's settings. Usually, users download and install browser hijackers inadvertently because they are promoted/distributed using questionable methods.

What is Stocks Info?

Stocks Info is an adware-type browser extension. It operates by running intrusive advertisement campaigns and spies on users' browsing activity. Due to the dubious techniques used to distribute products within the adware classification, they are also considered to be PUAs (Potentially Unwanted Applications).

What is "New documents assigned Email Scam"?

"New documents assigned Email Scam" refers to a phishing spam campaign. These letters make false claims that users have received several documents. The goal of the deceptive emails is to promote a phishing website. Pages of this type are designed to record the information entered into them.

What is LEAKS ransomware?

LEAKS is a ransomware-type program. It is designed to encrypt data (render files inaccessible) and demand ransoms for the decryption. During the encryption process, files are appended with a ".LEAKS" extension. For example, a file initially titled "1.jpg" would appear as "1.jpg.LEAKS", "2.jpg" as "2.jpg", and so forth. After encryption, a ransom note - "LEAKS!!!DANGER.txt" - is dropped onto the desktop.

What is "Payment completed on behalf of my boss Email Scam"?

"Payment completed on behalf of my boss" is the name of a spam campaign - a mass-scale operation during which thousands of deceptive emails are sent. The letters distributed through this campaign - request recipients to confirm a supposed payment. The goal of these scam letters is to push a phishing file, which is designed to trick users into revealing their email account log-in credentials (i.e., passwords).

What is L30 ransomware?

L30 is a type of malware that blocks access to files until a ransom is paid. It encrypts files and appends the ".L30" extension to their filenames (for example, it renames "1.jpg" to "1.jpg.L30", "2.jpg" to "2.jpg.L30"). Also, L30 creates the "HOW_TO_RECOVER_DATA.html" file (a ransom note). This ransomware belongs to MedusaLocker family.

What is BrowserState adware?

BrowserState is a potentially unwanted application (PUA) that has the qualities of advertising-supported software and a browser hijacker. It generates advertisements and changes the web browser's settings. It is worth mentioning that apps of type often are designed to collect various information. In most cases, users install them unknowingly.

What is BasicKey?

BasicKey is a rogue app categorized as adware. Additionally, it has browser hijacker qualities. This piece of software operates by delivering intrusive advertisement campaigns and making modifications to browser settings in order to promote fake search engines. BasicKey likely has data tracking abilities as well. Due to the dubious techniques used to distribute adware and browser hijackers, they are also classified as PUAs (Potentially Unwanted Applications).

What is Efdc ransomware?

Efdc ransomware encrypts victim's files and renames them by appending the ".Efdc" extension to their filenames (for example, it renames "1.jpg" to "1.efdc", "2.jpg" to "2.efdc"). It provides contact and payment information in its ransom note, a text file named "_readme.txt". Efdc is part of the Djvu ransomware family.

What is HYDRA (HydaHelp1@tutanota.com) ransomware?

HYDRA is a piece of malicious software designed to encrypt data and demand payment for the decryption. In other words, this ransomware renders files inaccessible, and victims are asked to pay - to restore access to their data.

During the encryption process, files are renamed following this pattern: cyber criminals' email address, unique ID assigned to the victim, original filename, and the ".HYDRA" extension. For example, a file initially named "1.jpg" would appear as similar to "[HydaHelp1@tutanota.com][ID=C279F237]1.jpg.HYDRA". After this process is complete, a ransom note - "#FILESENCRYPTED.txt" - is dropped onto the desktop.