Virus and Spyware Removal Guides, uninstall instructions

What is the Poker ransomware?

Poker is the name of a malicious program designed to encrypt data and demand ransoms for the decryption tools/software. In other words, victims cannot access or use their files, and they are asked to pay - to restore their data. During the encryption process, files are renamed according to this pattern: original filename, cyber criminals' email address, victim's ID, and ".poker" extension.

For example, a file initially titled "1.jpg" would appear as something similar to "1.jpg.[poker021@mailfence.com][MJ-IR2785309416].poker" - after encryption. Following the completion of this process, ransom notes in text files named "Decrypt-me.txt" are dropped into affected folders.

The Poker malware belongs to the VoidCrypt ransomware family.

What is SmartWebSearch?

SmartWebSearch is a potentially unwanted application (PUA), an adware-type application which is a part of the AdLoad adware family. It is designed to display intrusive advertisements and promote a fake search engine.

The app is also likely to gather browsing-related (and other) data. Research shows that SmartWebSearch is distributed through a fake Adobe Flash Player installer/updater. In most cases, people download and install apps such as SmartWebSearch unintentionally.

What is ExploreAnalog?

ExploreAnalog is designed to serve advertisements and change browser's settings (promote a fake search engine). Apps that generate ads are called adware, and apps that promote fake search engines (their addresses) are called browser hijackers.

ExploreAnalog functions as both. It is likely that it is designed to collect information about its users as well. Typically, users do not download and install apps like AAA intentionally.

For this reason, they are called potentially unwanted applications (PUAs). ExploreAnalog's installer is designed to look like the installer for Adobe Flash Player - this app is distributed using a fake installer.

What is Browser Inverter Utility?

Browser Inverter Utility is a piece of software claiming to be able to invert website colors, thereby creating a dark-mode for browsing. This browser extension is classified as adware since it delivers intrusive advert campaigns.

Additionally, Browser Inverter Utility spies on users' browsing activity and collects sensitive information extracted from it. Due to the questionable techniques used to distribute adware-type products, they are also categorized as PUAs (Potentially Unwanted Applications).

What is WebAssistSearch?

WebAssistSearch is a dubious application classified as adware. It delivers various intrusive advertisements, however, this app also has characteristics typical of browser hijackers.

WebAssistSearch modifies browsers and promotes bogus search engines. Furthermore, most adware and browser hijackers monitor users' browsing activity.

Software apps proliferated using these dubious methods are classified as Potentially Unwanted Applications (PUAs). WebAssistSearch is no exception to this, as it is distributed via fake Adobe Flash Player updates.

These fake updaters/installers are employed to proliferate unwanted content such as Trojans, ransomware and other malware.

What is the Dragon ransomware?

Belonging to the VoidCrypt ransomware family, Dragon is a malicious program that operates by encrypting data and demanding payment for the decryption. In other words, victims are unable to access their files, and they are asked to pay a ransom - to restore access to their data.

During the encryption process, affected files are renamed following this pattern: original filename, cyber criminals' email address, unique ID assigned to the victims, and the ".Dragon" extension. For example, a file initially titled "1.jpg" would appear as something similar to "1.jpg.[ForDecrypte@mailfence.com][MJ-PM1208375946].Dragon" - after encryption.

Once this process is complete, ransom-demanding messages - "Decrypt-me.txt" - are dropped into compromised folders.

What is Pending Order email virus?

It is common that cybercriminals use emails to deliver malware by disguising them as official, important letters and attaching malicious files or including malicious links in them.

Their main purpose is to trick recipients into downloading and opening a malicious file designed to install malware. Cybercriminals behind this email pretend to be a company called CYMAX INTERNATIONAL LTD.. They use it to deliver NanoCore - a remote access trojan (RAT).

What is "Order Confirmation Email Virus"?

Similar to BID PURCHASE DOCUMENT Email Virus, Swisscom Email Virus, Complaint Email Virus, and many others, "Order Confirmation Email Virus" is a spam email campaign used to proliferate a high-risk trojan called Emotet.

Cyber criminals send thousands of deceptive emails delivered with attachments that users are encouraged to open. Be aware, however, that the attached files (Microsoft Office documents) are malicious - they download and install Emotet into the system.

What is the "Accounts & Export Depart" scam email?

"Accounts & Export Depart email virus" is the name of a malware-spreading spam campaign. The term "spam campaign" defines a mass-scale operation during which thousands of deceptive/scam emails are sent.

The letters distributed through this campaign - are presented as notifications about overdue invoices. The file attached to these emails contains FormBook malware. When the attachment is opened - download/installation of the malicious program is triggered.

What is Digeus Registry Cleaner?

Digeus Registry Cleaner is the name of a program that is supposed to scan Windows registry for invalid information, remove invalid entries and improve computer performance and stability.

Although, it is distributed using questionable methods which means it is likely that users may download and install unintentionally. Programs that users download and install without knowing about it are called potentially unwanted applications (PUAs).