Virus and Spyware Removal Guides, uninstall instructions

What kind of website is searchmarquis.com?

Searchmarquis.com is the address of a fake search engine designed to generate unique results and enhance the overall browsing experience. This may seem to be a regular search engine (such as Yahoo, Google, etc.), however, it is advertised through rogue download/installation set-ups.

Typically, these set-ups change browser settings. Furthermore, most fake search engines collect various details relating to browsing activities. Note that searchmarquis.com is identical to searchitnow.info.

What kind of malware is Datalock?

Datalock is a ransomware-type program, designed to encrypt data and demand payment for the decryption tools. In other words, this malware renders files inaccessible and demands a ransom to be paid for access recovery to the data.

During the encryption process, affected files are appended with the ".datalock" extension. For example, a file initially named something like "1.jpg" would appear as "1.jpg.datalock", "2.jpg" as "2.jpg.datalock", etc.

Once this process is complete, ransom-demanding messages - "Recovery_Instructions.html" - are dropped into compromised folders. Datalock belongs to the MedusaLocker ransomware family.

What is Kabayaboo?

Ransomware victims cannot access their files unless they decrypt them with the right tool that can be purchased from the attackers. Typically, malware of this type encrypts files using a strong encryption algorithm and changes their extension.

Kabayaboo appends the ".crypted" extension, for example, it renames a file named "1.jpg" to "1.jpg.crypted", "2.jpg" to "2.jpg.crypted", and so on.

Like most ransomware variants, Kabayaboo generates a ransom note - it creates the "READ_ME.crypted.txt" file and displays a pop-up window. Kabayaboo was discovered by Petrovic.

What is MovieSearchZilla?

MovieSearchZilla is a piece of dubious software categorized as a browser hijacker. It operates by promoting the moviesearchzilla.com illegitimate search engine by making alterations to browser settings.

It is noteworthy that most browser hijackers spy on users' browsing habits; hence, it is likely that MovieSearchZilla does so as well. Since users typically download/install browser hijackers unintentionally, they are also classified as PUAs (Potentially Unwanted Applications).

What is Delta (AsupQue) ransomware?

Delta (AsupQue) is the name of a ransomware-type program. Systems infected with this malware experience data encryption (files rendered inaccessible/unusable) and receive ransom demands for the decryption (access/use recovery).

As Delta (AsupQue) malicious program encrypt, affected files are appended with the ".[Delta][victim's_ID]" extension (ID refers to the code assigned to the victim). For example, a file originally titled "1.jpg" would appear as something similar to "1.jpg.[Delta]uVkSQApq" - following encryption. After this process is complete, a ransom note is displayed in a pop-up window ("Info.hta").

What is Binance giveaway scam?

It became popular for scammers to offer free giveaways of Bitcoin or other digital currencies in exchange for paying a registration fee by providing some personal information. Scammers behind this particular giveaway scam claim that the more cryptocurrency people send, the more they will get back.

These scams have to be ignored. No people ever received any amount of cryptocurrency back and simply lost the cryptocurrency they sent to scammers.

What is Coupon Printer?

Coupon Printer is supposed to print Coupon with barcodes that could be properly scanned in stores. However, it is known that after the installation of this application, users start seeing unwanted advertisements, which means Coupon Printer functions as adware.

Typically, users do not download and install software of this type intentionally. Apps that users download or install unknowingly are called potentially unwanted applications (PUAs).

Quite often, adware-type apps not only feed users with ads but also collect various information about them. In one way or another, it is highly advisable not to have apps like Coupon Printer installed on browsers or computers.

What is "Device Infected After Visiting An Adult Website"?

There is a great number of deceptive websites using scare tactics to advertise various potentially unwanted applications (PUAS). In most cases, they display fake notifications/virus alerts claiming that a device is infected with viruses, Trojans, or other malicious programs and urging visitors to install some PUA that supposed to fix the problem (remove viruses).

All notifications that these pages display are fake and can be ignored. It is noteworthy that most these deceptive websites are promoted through other pages of this kind, dubious advertisements and PUAs. In other words, users to not visit them by intentionally.

What is the onterralink[.]xyz website?

Similar to earntthatyo.biz, rtenmy.com, oundoutth.biz, and thousands of others, onterralink[.]xyz is an untrustworthy site. It is designed to load dubious content and/or redirect visitors to unreliable and possibly malicious websites.

Pages of this kind are seldom accessed intentionally; most get redirected to them by intrusive adverts or installed PUAs (Potentially Unwanted Applications). These apps can infiltrate devices without user consent.

PUAs can have heinous functionalities, including - force-opening sites, running intrusive advertisement campaigns, and gathering browsing-related data.

What is XiNo?

Ransomware victims cannot access and use their files unless they decrypt them with specific software or key. Usually, malware of this type provides instructions on how to purchase a decryption tool from the attackers as well. Most ransomware variants append their extension to the name of each encrypted file.

XiNo appends the ".XiNo" extension. For example, it renames "1.jpg" to "1.jpg.XiNo", "2.jpg" to "2.jpg.XiNo", and so on. It changes desktop wallpaper, creates the "HOW TO DECRYPT FILES.txt" file (in all folders containing encrypted files), and displays a pop-up window.

All three of them are XiNo's ransom notes. XiNo belongs to the Xorist ransomware family.