Virus and Spyware Removal Guides, uninstall instructions

What is URGENT INFORMATION ON COVID-19 VACCINATION email virus?

One of the most commonly used ways to deliver malware is to send emails with malicious links or files (attachments) in them. Cybercriminals behind this particular email attempt to trick users into downloading and opening a malicious document designed to install RustyBuer.

What is play-new-vids[.]com?

Play-new-vids[.]com is a website designed to display deceptive content and open untrustworthy websites (it depends on the geolocation of its visitors). More examples of websites like play-new-vids[.]com are byluxrayor[.]com, deeepmedia[.]biz, and trking[.]xyz.

What is StreamSearching?

StreamSearching is a browser hijacker promoting the streamsearching.com fake search engine. This piece of software operates by making modifications to browser settings to cause redirects to streamsearching.com. Additionally, StreamSearching has data tracking abilities, which are used to spy on users' browsing activity.

Due to the questionable techniques used to distribute browser hijackers, they are also classified as PUAs (Potentially Unwanted Applications).

What is RustyBuer malware?

RustyBuer is the name of a new variant of the Buer loader. The main difference between the new and the original variants is that one is written in Rust multi-paradigm programming language, and another one is written in C programming language. Both RustyBuer and Buer function as loaders - they infect computers with other malware.

What is Hive ransomware?

Hive is a ransomware-type program. It operates by encrypting data and demanding ransoms for the decryption. In other words, this malware renders files inaccessible and demands payment for access recovery.

During the encryption process, affected files are renamed following this pattern: original filename, random character string, and ".hive" extension.

For example, a file initially titled "1.jpg" would appear as something similar to "1.jpg.3FTVjumqQ4OHTCZxlHTlF1jniMpLRvMkH4T62rsHFwY.hive" - after encryption.

Once the encryption process is complete, ransom notes - "HOW_TO_DECRYPT.txt" - are dropped into compromised folders.

What is ThePDFConverterSearch browser hijacker?

ThePDFConverterSearch is a potentially unwanted application (PUA), a browser hijacker designed to change a browser's settings to thepdfconvertersearch.com (to promote a fake search engine). It is worth mentioning that this application can read browsing history and possibly other browsing-related or even sensitive information.

What is MacRunnerDaemon?

MacRunnerDaemon, or simply MacRunner, is a rogue piece of software belonging to the Pirrit adware family. It operates by running intrusive advertisement campaigns, i.e., delivering various ads. Additionally, adware usually has data tracking abilities, which are used to collect sensitive information.

MacRunnerDaemon may also display pop-ups offering fake software updates. It is noteworthy that fraudulent updaters are used to proliferate adware, browser hijackers, and other PUAs (Potentially Unwanted Applications). Furthermore, fake updates have been observed being used to infect systems with trojans, ransomware, cryptocurrency miners, and other types of malware.

What is Access to this pc has been blocked for security reasons scam?

There are many deceptive websites designed to look like official Microsoft (or other company's) pages and display fake virus and (or) error notifications with telephone numbers. Websites of this type are called technical support scams. Scammers behind these pages attempt to trick users into paying money for unnecessary services, programs or providing remote access to their computers.

What is Miis ransomware?

Belonging to the Djvu ransomware family, Miis is a malicious program designed to encrypt data and demand ransoms for the decryption tools. In other words, victims cannot access the files affected by Miis ransomware, and they are asked to pay - to restore access to their data.

During the encryption process, files are appended with ".miis" extension. For example, a file originally titled "1.jpg" would appear as "1.jpg.miis", "2.jpg" as "2.jpg.miis", and so on.

Following the completion of the encryption process, a ransom note named "_readme.txt" is created.

What is Leex ransomware?

Leex ransomware variant belongs to the Djvu ransomware family. It encrypts files, appends its extension (".leex") to their filenames and creates the "_readme.txt" file as its ransom note. Leex renames encrypted files in this manner: it renames a file named "1.jpg" to "1.jpg.leex", "2.jpg" to "2.jpg.leex", and so on.