Virus and Spyware Removal Guides, uninstall instructions

What is CharacterSearch?

Adware is a type of software that generates advertisements. It is uncommon for software of this type to be downloaded and installed knowingly. There are certain deceptive techniques to trick users into downloading or installing adware. It is known that CharacterSearch is distributed a fake Adobe Flash Player installer.

What is the Ouelezin Zebi ransomware?

Ouelezin Zebi is a ransomware-type program. It is designed to encrypt data and demand payment for the decryption. In other words, this malware renders files inaccessible and asks victims to pay - to recover access to their data.

During the encryption process, each of the affected files is appended with a different extension, which consists of four random characters. For example, files initially titled "1.jpg", "2.jpg", and "3.jpg" would appear as something similar to "1.jpg.kpbe", "2.jpeg.c3bx", and "3.jpg.ja9u" - following encryption. After the encryption process is complete, ransom-demanding messages - "read_it.txt" - are dropped into compromised folders.

What is the "SPIN FOR REWARD" scam?

"SPIN FOR REWARD" is a scam run on various untrustworthy sites. Deceptive websites are rarely accessed intentionally. Most users enter them via mistyped URLs, redirects caused by other unreliable pages, intrusive ads, or installed PUAs (Potentially Unwanted Applications).

This scheme claims that users can win an exclusive prize by participating in it. However, none of the information provided by "SPIN FOR REWARD" is true; hence, users will not receive any of the promised prizes. This scam aims to promote phishing sites, which are designed to record data entered into them. At the time of research, "SPIN FOR REWARD" primarily pushed webpages targeting personal information.

What is profitsurvey365[.]online?

Depending on the geolocation of its visitors, profitsurvey365[.]online opens a couple of questionable websites or loads deceptive content. In one way or another, this website should not be trusted. Profitsurvey365[.]online is pretty similar to chicheet[.]com, bestonclock[.]com, nmuandwishto[.]biz and lots of other websites of this type.

It is common for pages like profitsurvey365[.]online to be promoted through potentially unwanted applications (PUAs), untrustworthy advertisements, or websites. In other words, users rarely visit them willingly.

What kind of malware is Gamigin?

Gamigin is a malicious program belonging to the Makop ransomware family. It operates by encrypting data (rendering files unusable) and demands payment for the decryption (access recovery). As Gamigin ransomware encrypts, affected files are renamed according to this pattern: original filename, unique ID assigned to the victim, cyber criminals' email address, and ".gamigin" extension.

For example, a file initially titled "1.jpg" would appear as something similar to "1.jpg.[9B83AE23].[gamigin0612@tutanota.com].gamigin" - after encryption. Following the completion of this process, ransom-demanding messages - "readme-warning.txt" - are dropped into compromised folders.

What is MyShopSearch browser hijacker?

The main purpose of the MyShopSearch application is to promote a fake search engine. It changes some of the browser's settings to myshopsearch.com to force users to use it as a search engine. It is common that browser hijackers like MyShopSearch collect browsing-related information as well.

It is worth mentioning that most browser hijackers are distributed using questionable methods. Therefore, users download and install them unknowingly.

What is the ndconsiderat[.]biz site?

Ndconsiderat[.]biz is the address of a rogue website. The Internet is rife with pages of this type; chicheet.com, bestonclock.com, and nmuandwishto.biz are some examples. Sites within this classification operate by loading dubious content and/or redirecting their visitors to other untrustworthy/malicious webpages. Users seldom intentionally access ndconsiderat[.]biz and websites akin to it.

Most get redirected to them by intrusive advertisements or installed PUAs (Potentially Unwanted Applications). This software can infiltrate systems without express user permission. PUAs are designed to cause redirects, deliver intrusive ad campaigns, and collect browsing-related data.

What is Iqll ransomware?

Ransomware is a type of malware threat actors use to prevent victims from accessing files. It encrypts files, adds extensions to their filenames, generates a ransom note, and keeps files inaccessible until the demanded ransom is paid.

Iqll appends the ".iqll" extension, for example, it renames a file named "1.jpg" to "1.jpg.iqll", "2.jpg" to "2.jpg.iqll", and so on. As its ransom note, it creates a text file named "_readme.txt". Iqll is one of the ransomware variants belonging to the Djvu family.

What is Pr09 ransomware?

Pr09 is the name of a malicious program designed to encrypt data and demand ransoms for the decryption tools/software. In other words, following successful infiltration - this ransomware renders files inaccessible and demands payment from the victims for access recovery to their data.

During the encryption process, affected files are retitled following this pattern: original filename, unique ID assigned to the victim, cyber criminals' email address, and ".pr09" extension. To elaborate, an encrypted file initially named "1.jpg" would appear as something similar to "1.jpg.id-C279F237.[khfsuca@protonmail.com].pr09".

Once this process is complete, ransom notes are created/displayed in a pop-up window and "FILES ENCRYPTED.txt" text file. Pr09 malicious program belongs to the Dharma ransomware family.

What is Lemon Duck?

Lemon Duck is malicious software. The primary function of this malware is to exploit the infected machine's resources to mine cryptocurrency, specifically Monero (XMR) cryptocurrency. This malicious program severely compromises infected devices and can even damage them permanently. Lemon Duck was first observed being proliferated in Asia (notably, China), however, its reach has spread exponentially.