Virus and Spyware Removal Guides, uninstall instructions

What is TheVideoSearch?

TheVideoSearch browser hijacker promotes thevideosearch.com, the address of a fake search engine, by changing browser settings. It also collects browsing data. Typically, users download browser hijackers unintentionally and, for this reason, TheVideoSearch is categorized as a potentially unwanted application (PUA).

What is datingbasedspot[.]com?

Sharing many similarities with captchatopsource.com, holanews.biz, yourwownews.com, and countless others, datingbasedspot[.]com is an untrusted website. It operates by presenting visitors with dubious content and redirecting them to other dubious and possibly malicious pages.

Users rarely enter these sites intentionally - most are redirected to them by intrusive advertisements or Potentially Unwanted Applications (PUAs) already installed on their systems. These apps cause redirects, run intrusive ad campaigns, and collect browsing-related information.

What is FireMovieSearch?

FireMovieSearch is a browser hijacker promoting firemoviesearch.com, a fake search engine. It operates by making modifications to browser settings, which result in redirects to firemoviesearch.com.

It is likely that FireMovieSearch also has data tracking capabilities, which are employed to monitor users' browsing activity. Since most users download/install browser hijackers inadvertently, these programs are also categorized as Potentially Unwanted Applications (PUAs).

What is XD Locker?

Discovered by Emmanuel_ADC-Soft, XD Locker (also known as XD LOKER) ransomware prevents victims from accessing their files by encrypting them and keeps files inaccessible unless a ransom is paid.

It also renames each encrypted file by replacing its filename with random digits and the ".XL" extension. For example, "1.jpg" is renamed to "5649.XL", "2.jpg" to "23131.XL", and so on.

This ransomware displays a pop-up window and creates 40 text files (named "Oops1.txt", "Oops2.txt"... "Oops40.txt"), all of which contain the same text.

What is AD&POP Block?

AD&POP Block is rogue software, promoted as an online advertisement blocker. According to its promotional material, this browser extension is supposedly capable of blocking ads from more than fifty thousand sources - particularly on Google results and YouTube videos.

Additionally, the tool promises to increase website loading by thirty percent, however, AD&POP Block operates in ways opposite to its advertised claims: it runs intrusive advertisement campaigns (i.e., delivers various ads). Therefore, this software is classified as adware. Additionally, AD&POP Block monitors users' browsing habits.

Due to the dubious techniques used to proliferate adware-type programs, they are also classified as Potentially Unwanted Applications (PUAs).

What is Mp3 ransomware?

Mp3 ransomware is a malicious program that encrypts data and changes the filenames of affected files in order to demand payment for decryption. This malware is a variant of TeslaCrypt ransomware. During the encryption process, files are appended with an ".mp3" extension (not to be confused with the genuine MP3 audio file extension).

For example, a file originally named something like "1.jpg" would appear as "1.jpg.mp3", "2.jpg" as "2.jpg.mp3", and so on. Following the completion of this process, ransom messages in "_ReCoVeRy_[random_string].html", "_ReCoVeRy_[random_string].txt", and "_ReCoVeRy_[random_string].png" files are dropped into compromised folders.

The text in the messages is similar, and is identical in the combined text/image files.

What is peachsecureus[.]com?

The peachsecureus[.]com website attempts to trick users into believing that it might be unsafe to browse the internet and someone might be monitoring them (tracking their browsing activity). It displays a message stating that visitors should encrypt their web traffic and change their IP addresses with an application, which can be downloaded and installed by following the provided instructions.

Note that users do not often visit these web pages intentionally - they are opened by installed potentially unwanted apps (PUAs) while visiting other bogus sites or after clicking deceptive advertisements.

What is CacheImprovment?

The CacheImprovment app displays unwanted advertisements, changes certain browser settings, and possibly also collects browsing-related (and other) information. In this way, CacheImprovment functions as adware and a browser hijacker.

Apps such as CacheImprovment are categorized as potentially unwanted applications (PUAs), since most users download and install them inadvertently. If an app of this type is installed on your browser or operating system, remove it immediately.

What is Power_user_jo ransomware?

Power_user_jo refers to malicious software classified as ransomware. Systems infected with this malware experience data encryption and users receive ransom demands for decryption. During encryption process, affected files are appended with a seemingly random character string, which is the unique ID assigned to the victim.

For example, "1.jpg" would appear as something similar to "1.jpg.3vb5NzHy7fxY_RSA" following encryption. Once this process is complete, ransom messages in "Data recovery.hta" files are dropped into compromised folders.

What is Vovalex?

Vovalex is a form of malware that encrypts files (prevents victims from accessing them) and demands ransom payments to restore access. It also renames each encrypted file by appending the ".vovalex" extension. For example, "1.jpg" is renamed to "1.jpg.vovalex", "2.jpg" to "2.jpg.vovalex", and so on.

Contact and payment information is provided in the "README.VOVALEX.txt" file (ransom message). Vovalex is written in the D (Dlang) programming language, possibly the first ransomware using this language.