Virus and Spyware Removal Guides, uninstall instructions

What is Hydra (VoidCrypt) ransomware?

Belonging to the VoidCrypt ransomware family, Hydra is a malicious program that operates by encrypting data and demanding ransoms for the decryption. In other words, victims cannot access the files affected by Hydra (VoidCrypt) ransomware, and they are asked to pay to restore their data.

During the encryption process, files are retitled following this pattern: original filename, cyber criminals' email address, unique ID assigned to the victims, and the ".hydra" extension.

For example, a file initially named "1.jpg" would appear as something similar to "1.jpg.[wyooy@tutanota.com][MJ-PV8479036215].hydra" - after encryption. Once this process is complete, ransom notes - "Decrypt-me.txt" - are dropped into compromised folders.

What is topgirlsdating[.]com?

Topgirlsdating[.]com is a rogue website designed to deliver questionable material and/or redirect visitors to other untrustworthy/malicious pages. There are countless sites of this type on the Web; wsoyourwi.fun, ourbestnews.com, revercecaptcha.com - are but a few examples.

Users seldom access such webpages intentionally. Most get redirected to them by intrusive advertisements or PUAs (Potentially Unwanted Applications) already installed onto their systems. This software does not require explicit user permission to infiltrate devices.

PUAs operate by causing redirects, running intrusive advert campaigns, and collecting browsing-related information.

What is the "Debt Settlement" scam email?

"Debt Settlement email scam" refers to a spam campaign - a large-scale operation during which thousands of deceptive emails are sent. The letters sent through this campaign - notify recipients of a paid debt. It must be emphasized that the information provided by these scam emails - is false.

The spam campaign's aim is to promote a phishing website, which requests users to validate their email accounts by providing their log-in credentials (i.e., email addresses and passwords). Phishing sites operate by recording data entered into them.

Therefore, by trusting the "Debt Settlement" letters, recipients can have their email accounts stolen.

What is vpnservice[.]me?

Usually, the main purpose of websites like vpnservice[.]me is to trick their visitors into downloading and installing some potentially unwanted applications (PUAs).

Most of them use scare tactics to promote PUAs, for example, they display fake virus or error messages claiming that visitors need to remove viruses, fix errors or solve other issues as soon as possible. Otherwise, a device will be damaged even more.

It is important to mention that it is very uncommon for pages like vpnservice[.]me to be visited by users on purpose. Most popular ways to promote such pages are through other shady websites, deceptive advertisements, or PUAs.

What is Zwbowhtlni ransomware?

Zwbowhtlni is a piece of malicious software classified as ransomware. Systems infected with this malware experience data encryption and receive ransom demands for the decryption.

In other words, files affected by Zwbowhtlni are rendered inaccessible and renamed; to recover access to their data - victims are asked to pay. During the encryption process, files are appended with the ".zwbowhtlni" extension.

For example, a file originally titled something like "1.jpg" would appear as "1.jpg.zwbowhtlni", "2.jpg" as "2.jpg.zwbowhtlni", "3.jpg" as "3.jpg.zwbowhtlni", etc. After this process is complete, ransom notes - "HOW TO RESTORE YOUR FILES.TXT" - are created and dropped into compromised folders.

Zwbowhtlni malicious program belongs to the Snatch ransomware group.

What is the tackis[.]xyz site?

Tackis[.]xyz is an untrustworthy website designed to run various scams. At the time of research, this page promoted a scheme claiming that visitors' iPhones have been infected and damaged by viruses. While the scam primarily targets iPhone users, the webpage might be accessed via other Apple devices as well.

It must be emphasized that no site can detect threats or issues present on their visitors' systems; hence, any that make such claims are scams.

Schemes of this type aim to push users into downloading/installing and/or purchasing dubious software, e.g., fake anti-viruses, adware, browser hijackers, and other Potentially Unwanted Applications (PUAs).

It is noteworthy that these scams may also proliferate malware (e.g., trojans, ransomware, cryptocurrency miners, etc.). The tackis[.]xyz website has been observed being promoted via deceptive Calendar events.

Users seldom enter harmful sites intentionally; most access them via mistyped URLs, or redirects caused by intrusive advertisements or installed PUAs.

What is PublicConsoleSearch?

Adware is a type of software that displays advertisements and sometimes changes browser settings. Research shows that PublicConsoleSearch does both. Therefore, this app is categorized as adware and a browser hijacker.

It noteworthy that apps of this type often are designed to collect information about their users as well. This particular app is distributed by disguising its installer as the installer for Adobe Flash Player (via fake installer).

Most users download and install apps that are distributed using deceptive methods unknowingly, accidentally. For this reason, PublicConsoleSearch and other apps of this kind are called potentially unwanted applications (PUAs).

What is wsoyourwi[.]fun?

It is strongly advisable not to visit (trust) the wsoyourwi[.]fun website, or pages that it is used to promote. As a rule, pages like wsoyourwi[.]fun are promoted through deceptive advertisements, other untrustworthy websites, and (or) potentially unwanted applications (PUAs).

In other words, is not common for pages like wsoyourwi[.]fun to be visited by users on purpose. Users who have a PUA installed on their web browsers or computers should remove them as soon as possible - quite often, apps of this kind are designed to gather various data, generate unwanted advertisements.

It is noteworthy that there are may pages like wsoyourwi[.]fun on the web, some examples are ourbestnews[.]com, essingto[.]online, mycoolnewz[.]com.

What is the Make changes browser hijacker?

Make changes is the name of a browser hijacker promoting the fxsmash.xyz fake search engine. It is endorsed as a tool for improving website legibility by changing text and background colors. This piece of rogue software operates by modifying browser settings - to promote its web searcher.

Additionally, Make changes has data tracking abilities, which are employed to collect browsing-related information. Due to the questionable techniques used to distribute browser hijackers, they are also classified as PUAs (Potentially Unwanted Applications).

What is Apple ID email scam?

As a rule, cybercriminals (scammers) behind phishing emails impersonate legitimate companies, organizations or other entities with the purpose to trick unsuspecting people into providing sensitive information.

Most of them target credit card details, and login credentials (e.g., usernames, email addresses, passwords) for various personal accounts. It is common that phishing emails contain a link designed to open a deceptive website where visitors are asked to enter personal information.

This phishing email is used to trick recipients into providing some of their Apple ID account information and banking-related details.