Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is Cadq?

Typically, victims of ransomware attacks cannot access data on their computers or other devices until they pay a ransom. Ransomware is a type of malware that encrypts files stored on a device and generates a ransom note that usually contains details such as an email address to contact the attackers, the price of a decryption tool, etc.

This ransomware belongs to the ransomware family called Djvu. It renames every encrypted file by appending the ".cadq" extension to its filename. For example, it renames "1.jpg" to "1.jpg.cadq", "2.jpg" to "2.jpg.cadq", and so on, and creates the "_readme.txt" file (ransom note). Cadq creates its ransom note in all folders that contain encrypted data.

What is HAM ransomware?

Ransomware is a type of malware that encrypts either the files or the entire computer. The attackers use ransomware to prevent victims from accessing their files (or computers) and demand a ransom. As long as the victims do not pay the ransom, their files or computers stay encrypted/unusable.

Quite often, ransomware not only encrypts but also renames files. HAM renames them by adding the victim's ID, the backup24@msgsafe.io email address, and appending the ".HAM" extension to their filenames.

For example, HAM renames "1.jpg" to "1.jpg.id-C279F237.[backup24@msgsafe.io].HAM", "2.jpg" to "2.jpg.id-C279F237.[backup24@msgsafe.io].HAM", and so on. It also displays a pop-up window and creates the "FILES ENCRYPTED.txt" file (ransom notes). HAM is a part of the Dharma ransomware family.

What is captcha2020[.]com?

Captcha2020[.]com is the address of an untrustworthy web page that is designed to promote other pages of this kind, or to load dubious, deceptive content. The Internet is full of pages like this one. Some examples of pages that are similar or almost identical to captcha2020[.]com are withoughtc[.]top, uspetenti[.]top and settings-chrome[.]com.

It is important to mention that users do not visit such pages on purpose. Typically, users unintentionally open pages like captcha2020[.]com by clicking shady ads while visiting other unreliable websites. It is also common that browsers open unreliable pages without user interference.

It usually happens when browsers have some potentially unwanted application (PUA) installed on them.

What is itabsolan[.]com?

The Internet is full of untrustworthy and unreliable websites, itabsolan[.]com is but one of them. Visitors to this page are presented with dubious material and/or redirected to other rogue and possibly malicious sites.

Typically, itabsolan[.]com and webpages akin to it (e.g., withoughtc.top, uspetenti.top, settings-chrome.com, etc.) - are accessed through redirects caused by intrusive ads or installed PUAs (Potentially Unwanted Applications). This software does not require permission to infiltrate systems; hence, users may be unaware of their presence.

PUAs are designed to force-open websites, run intrusive advertisement campaigns, and collect private data.

What is PDFConverterSearchPro?

PDFConverterSearchPro is a piece of software categorized as a browser hijacker. It operates by making modifications to browser settings to promote the pdfconvertersearchpro.com fake search engine. Software within this category typically collects browsing-related data, and it is likely that PDFConverterSearchPro does so as well.

Due to the dubious methods employed to proliferate browser hijackers, they are also classified as Potentially Unwanted Applications (PUAs).

What is veniamad[.]com?

veniamad[.]com is one of many websites that promote applications using deceptive methods. In this case, it employs a scare tactic to trick visitors into believing that their devices are infected with viruses and claims that they must download and install an app to remove the threats.

Deceptive web pages such as veniamad[.]com can never be trusted, even if the software that they advertise is legitimate. These sites are usually opened after clicking dubious ads, while visiting bogus websites, or by installed potentially unwanted applications (PUAs). I.e., they are not often visited by people intentionally.

What is ElementaryOptimizer adware?

ElementaryOptimizer is an adware-type app that also possesses browser hijacker traits. Following successful installation, it runs intrusive ad campaigns and makes alterations to browser settings in order to promote bogus search engines. ElementaryOptimizer promotes (via akamaihd.net) Safe Finder in this way.

It is highly likely that ElementaryOptimizer also has data tracking capabilities, which is common to adware-type apps and browser hijackers. Additionally, due to the dubious techniques used to proliferate ElementaryOptimizer, it is classified as a Potentially Unwanted Application (PUA).

What is TopSearchConverter?

Browser hijackers are potentially unwanted applications (PUAs) that alter the behavior of browsers, usually by changing certain settings. The main purpose of these apps is to promote fake search engines and collect browsing data. The TopSearchConverter browser hijacker promotes topsearchconverter.com in this way.

Note that apps of this type are classified as PUAs because users often download and install them unintentionally.

What is QuickTab Plus?

QuickTab Plus is a browser hijacker promoting tailsearch.com (a fake search engine). Software within this category usually operates by making changes to browser settings, which are intended to promote fake search engines, however, QuickTab Plus does not always modify browser settings in this way (see below).

Additionally, this dubious browser extension monitors users' browsing activity. Since most users download/install browser hijackers inadvertently, they are also categorized as Potentially Unwanted Applications (PUAs).

What is protect-connection[.]com?

protect-connection[.]com is a deceptive website running various scams, primarily targeting iPhone users. At the time of research, this page promoted two different schemes: one claimed that visitors' devices were infected with high-risk viruses; the other implied that they must download/install the promoted VPN application.

The purpose of these scams is to endorse untrusted and possibly malicious software. For example, they promote fake anti-viruses, adware, browser hijackers, and other Potentially Unwanted Applications (PUAs). Note that some of these schemes proliferate Trojans, ransomware, cryptominers, and other malware.

Users typically access sites like protect-connection[.]com via mistyped URLs, redirects caused by intrusive advertisements, and installed PUAs.