Virus and Spyware Removal Guides, uninstall instructions

What is uploadhub[.]co?

uploadhub[.]co and similar sites are often opened after clicking dubious advertisements, visiting bogus websites, or by installed potentially unwanted applications (PUAs).

Most users do not visit these web pages intentionally. Examples of similar sites are videogate1[.]com, financeflick[.]com and aboutyoun[.]com. If a browser continually opens these pages automatically, PUAs are likely to be installed on browsers or operating systems.

What is SearchConverterPro?

The SearchConverterPro changes browser settings to promote searchconverterpro.com, the address of a fake search engine. It is likely that SearchConverterPro also gathers browsing-related information.

Most users do not download or install browser hijackers intentionally and, for this reason, apps such as SearchConverterPro are classified as potentially unwanted applications (PUAs).

What is FreeSearchConverter?

FreeSearchConverter is a browser hijacker promoting the freesearchconverter.com fake search engine. This piece of software operates by assigning browser settings to its associated web search engine address.

Additionally, FreeSearchConverter collects browsing-related data. Since most users download/install browser hijackers inadvertently, they are also classified as Potentially Unwanted Applications (PUAs).

What is youtube-to-mp3[.]org?

youtube-to-mp3[.]org is a YouTube downloader website, offering a service to convert YouTube video URLs (links) to MP3 and MP4 files, which users can download. As well as infringing copyright laws, this web page also uses rogue advertising networks.

Therefore, by opening/using youtube-to-mp3[.]org, users are forced to visit various other dubious and malicious sites. You are strongly advised against visiting/using youtube-to-mp3[.]org or similar websites.

What is TerrorWare?

Ransomware is a type of malware that blocks access to files using encryption, until the victim pays a ransom in exchange for a decryption tool (decryption software or key). The decryption tool supposedly allows the victim to access files encrypted by the ransomware.

Ransomware often renames encrypted files - TerrorWare renames them by appending the ".terror" extension. For example, "1.jpg" is renamed to "1.jpg.terror", "2.jpg" to "2.jpg.terror", and so on. It also changes the desktop wallpaper and creates the "READ_ME.txt" text file (ransom message).

What is Niros ransomware?

Discovered by malware researcher S!Ri, Niros is malicious software categorized as ransomware. This ransomware operates by encrypting the files stored on the infected system, essentially rendering the data inaccessible and useless. This enables cyber criminals behind the infection to demand payment for decryption.

Typically, malicious programs within this category alter the filenames of affected files, however, this is not always the case with Niros (see below). Once the encryption process is complete, a ransom-demand message is displayed in a pop-up window.

What is OVO ransomware?

Belonging to the Dharma ransomware family, OVO is data-encrypting malware. Systems infected with this ransomware have their files rendered inaccessible and users receive ransom demands for decryption.

During the encryption process, all affected files are renamed following this pattern: original filename, unique ID, cyber criminals' email address, and the ".OVO" extension. For example, a file named "1.jpg" would appear as something similar to "1.jpg.id-C279F237.[dable19@mail.fr].OVO" after encryption.

Once this process is complete, ransom-demand messages are created in a pop-up window and "FILES ENCRYPTED.txt" text file.

What is DiamondFox?

DiamondFox is highly modular malware offered as malware-as-a-service, and is for sale on various hacker forums. Therefore, cyber criminals who are willing to use DiamondFox do not necessarily require any technical knowledge to perform their attacks.

Once purchased, this malware can be used to log keystrokes, steal credentials (e.g., usernames, email addresses, passwords), hijack cryptocurrency wallets, perform distributed denial of service (DDoS) attacks, and to carry out other malicious tasks.

DiamondFox allows cyber criminals to choose which plug-ins to keep activated and see infection statistics in real-time.

What is Brilliant Check?

Identical to Searchlee, and similar to countless others, Brilliant Check is a browser hijacker. Following successful infiltration, it changes browser settings in order to promote brilliantcheck.com, a fake search engine. In addition, Brilliant Check operates as adware - it injects various advertisements into the search results.

Most browser hijackers are capable of tracking browsing-related data and, due to the dubious methods used to proliferate Brilliant Check, it is also classified as a Potentially Unwanted Application (PUA).

What is Search Lime?

Browser hijackers modify browser settings without users' permission to promote fake search engines. Search Lime promotes searchlime.com, a search engine generating fake search results, which include dubious advertisements among them. It is likely that this app also gathers browsing data and other information.

Search Lime is developed by Linkury Inc., and is not the only browser hijacker that this company has developed. Most users download and install apps such as Search Lime inadvertently and, for this reason, they are classified as potentially unwanted applications (PUAs).