Virus and Spyware Removal Guides, uninstall instructions

What is SocksBot?

SocksBot is backdoor-type malware: it creates a 'backdoor' for other malicious programs to infiltrate. I.e., following successful infiltration, SocksBot can download/install additional malware.

Backdoors such as SocksBot are used to infect devices with all manner of malicious software such as Trojans, ransomware, cryptominers, and so on. Hence, the threats posed by SocksBot are particularly varied.

What is the DriverScape unwanted application?

DriverScape is untrusted software, endorsed as a tool for identifying missing and outdated drivers, and then installing/updating them. DriverScape's website claims to have a well-organized database, which contains various drivers from official sources. The application also claims to have various printer, scanner, video, audio, motherboard, monitor, Bluetooth, mobile device, keyboard, mouse, and other drivers.

In fact, DriverScape is distributed using dubious techniques and is thus classified as a Potentially Unwanted Application (PUA). Apps within this classification are likely to be nonoperational and might have dangerous capabilities.

What is Enel email virus?

Enel is an Italian manufacturer and distributor of electricity and gas. There are multiple variants of phishing and malspam emails that are currently circulating and claiming to be from this company. Cyber criminals behind these emails attempt to trick recipients into providing sensitive information or installing malicious software called Ursnif.

What is GameSearcher?

GameSearcher is dubious software classified as a browser hijacker. It operates by making alterations to browser settings to promote game-searcher.com (a fake search engine). Additionally, GameSearcher collects browsing-related information, which makes it a serious privacy concern.

Due to the dubious methods used to proliferate browser hijackers, they are also classified as Potentially Unwanted Applications (PUAs).

What is MILIHPEN?

MILIHPEN belongs to the family of ransomware called NEFILIM and was discovered by MalwareHunterTeam. MILIHPEN is a form of malware that encrypts files to prevent victims from using or accessing their data unless a ransom is paid.

In most cases, ransomware not only encrypts files but also renames them. MILIHPEN appends the ".MILIHPEN" extension to the filenames. For example, "1.jpg" is renamed to "1.jpg.MILIHPEN", "2.jpg" to "2.jpg.MILIHPEN", and so on.

MILIHPEN also creates the "MILIHPEN-INSTRUCT.txt" file (ransom message) in all folders that contain encrypted files.

What is TomLe ransomware?

TomLe is malicious software, which is part of the Dharma ransomware group. It operates by encrypting data and demanding payment for decryption.

During the encryption process, files are renamed according to this pattern: original filename, unique ID assigned to the victim, cyber criminals' email address, and the ".TomLe" extension. For example, a file originally named "1.jpg" would appear as something similar to "1.jpg.id-C279F237.[TomLee240@aol.com].TomLe" after encryption.

Following the completion of this process, ransom messages are created in a pop-up window and "FILES ENCRYPTED.txt" text file.

What is Us1 ransomware?

Us1 is a malicious program belonging to the MedusaLocker ransomware family. This malware operates by making files inaccessible and redundant by encryption, in order to demand ransoms for decryption.

When Us1 encrypts data, files are appended with the ".us1" extension. For example, a file originally named something like "1.jpg" would appear as "1.jpg.us1" following encryption. After this process is complete, ransom messages within "Recovery_Instructions.html" files are dropped into affected folders.

What is Block Hack?

This website is advertised as a console to redirect unconfirmed Bitcoin cryptocurrency transactions to the provided BTC wallet. No less than two antivirus scanners on VirusTotal detected this as a phishing website.

Research shows that the site also contains a login form, which could be used to steal login credentials. Since this web page is crypto-related, it might be used to hijack Bitcoin wallets.

What is fake Google Translate extension?

Potentially unwanted applications (PUAs) are commonly distributed using installers for other apps of this type. In other words, this software is often bundled with additional unwanted and/or malicious applications.

Hence, in some cases, a deceptive installer (e.g., fake Adobe Flash Player updater/installer) carrying software like the fake Google Translate extension - also installs multiple browser hijackers, adware, trojans, ransomware, etc.

This fake Google Translate extension is also promoted using deceptive installers. It can operate as adware, spy on users' browsing activity, and even steal Facebook log-in credentials. Users who have this extension installed on browsers should remove it immediately.

What is videogate1[.]com?

videogate1[.]com is an untrusted web page that users do not often visit intentionally. Usually, these pages are opened by clicking deceptive ads, while visiting other bogus web pages, or they are opened by browsers with potentially unwanted applications (PUAs) installed.

There are many websites similar to videogate1[.]com online including, for example, financeflick[.]com, aboutyoun[.]com, and datingbasedspot[.]com.