Virus and Spyware Removal Guides, uninstall instructions

What is MONETA?

MONETA belongs to the Phobos ransomware family. It encrypts victims' files, renames them, displays a pop-up window, and creates the "info.txt" text file. MONETA adds the victim's ID, ICQ username, and appends the ".MONETA" extension to the filenames of encrypted files.

For example, "1.jpg" is renamed to "1.jpg.id[C279F237-3105].[ICQ_Monetadicavallo].MONETA", "2.jpg" to "2.jpg.id[C279F237-3105].[ICQ_Monetadicavallo].MONETA", and so on. The pop-up window and "info.txt" text file contain the ransom messages, which contain instructions about how to contact cyber criminals who designed the ransomware.

What is GetConverterSearch?

GetConverterSearch is classified as a browser hijacker because it modifies browser settings without users' knowledge. I.e., it forces people to use a fake search engine (visit getconvertersearch.com). Typically, users download and install browser hijackers inadvertently and, therefore, they are categorized as potentially unwanted applications (PUAs).

What is watch-video[.]net?

Like many other similar websites (e.g., news06[.]biz, bifidavity[.]club, opertisticolk[.]club), watch-video[.]net is designed to promote/open other untrusted sites and display dubious content. Commonly, browsers open these websites when PUAs are installed on them, or when users click deceptive advertisements or visit bogus web pages.

What is the Chrome Tools adware?

Chrome Tools is rogue software classified as adware. Following successful installation, it operates by running intrusive advertisement campaigns. I.e., Chrome Tools delivers various dubious and harmful ads.

Additionally, this adware has data tracking capabilities, which are used to collect browsing-related information. Due to the dubious methods used to proliferate Chrome Tools, it is also classified as a Potentially Unwanted Application (PUA).

What is UltraSearchApp?

UltraSearchApp is a rogue application belonging to the AdLoad adware family. This app has adware-type and browser hijacker traits. UltraSearchApp runs intrusive advertisement campaigns (i.e., delivers various unwanted and even dangerous ads). It can also alter browser settings to promote a fake search engine.

Most software with adware or browser hijacker characteristics can track browsing-related data. Due to UltraSearchApp's dubious proliferation methods, it is classified as a Potentially Unwanted Application (PUA). This application has been distributed using a fake Adobe Flash Player updater/installer.

As well as unwanted software, these bogus updaters/installers often spread Trojans, ransomware and other malware.

What is nlyimprese[.]fun?

Generally, users do not open pages such as nlyimprese[.]fun intentionally - they are opened when they click dubious ads, visit dubious pages, or when installed potentially unwanted applications (PUAs) open them. Note that there are many web pages similar to nlyimprese[.]fun online. Some examples are bigkick[.]biz, rchesasider[.]top and pectionexa[.]top.

What is Adrozek?

Adrozek is a malicious browser modifier, classified as adware. It operates by infiltrating browsers and injecting untrusted and malicious ads into them, however, it can do more damage than just running intrusive advertisement campaigns.

This software collects information extracted from browsers and attempts to gain a better foothold on the device through manipulation of browser settings and extensions (and installation of additional extensions).

During research, Adrozek did not successfully carry out its intended purposes, yet it nonetheless poses a significant threat to device/user safety. Due to the dubious methods used to proliferate adware, these apps are also classified as Potentially Unwanted Applications (PUAs).

What is GlobalSearchConverter?

GlobalSearchConverter is a typical browser hijacker - it promotes a fake search engine. More precisely, it modifies certain browser settings (changing them to globalsearchconverter.com.

GlobalSearchConverter also collects browsing data. Note that in most cases users download and install browser hijackers inadvertently and, for this reason, GlobalSearchConverter and other apps of this type are classified as potentially unwanted applications (PUAs).

What is GlobalPDFConverterSearch?

GlobalPDFConverterSearch is rogue software. Following successful infiltration, it makes modifications to browser settings to promote globalpdfconvertersearch.com (a fake search engine). Due to this, it is classified as a browser hijacker.

Additionally, GlobalPDFConverterSearch collects browsing-related information. Since most users download/install browser hijackers inadvertently, they are also classified as Potentially Unwanted Applications (PUAs).

What is Leitkcad?

Leitkcad ransomware encrypts victims' files, renames them by appending the ".leitkcad" extension to filenames, and creates the "help-leitkcad.txt" text file (ransom message). For example, "1.jpg" is renamed to "1.jpg.leitkcad", "2.jpg" to "2.jpg.leitkcad", and so on.

Note that Leitkcad is similar to another ransomware program called Prometey.