Virus and Spyware Removal Guides, uninstall instructions

What is the SchwarzeSonne Trojan?

SchwarzeSonne is malicious software classified as a Trojan. This type of malware has a wide variety of dangerous functionality. SchwarzeSonne can steal system and user information, and potentially used to cause chain infections (i.e. download/install additional malicious programs).

This Trojan is highly dangerous and poses a threat to device and user safety.

What is muhamm[.]space?

Generally, users do not visit websites such as muhamm[.]space intentionally - they are opened by browsers automatically when they have potentially unwanted applications (PUAs) installed on them.

They are classified as PUAs because, in most cases, users download and install them unintentionally. Some examples of pages that are similar to muhamm[.]space (and are often promoted by PUAs) include tutupdate29[.]com, tecontrad[.]top and psalrausoa[.]com.

What is K2 ransomware?

K2 belongs to the VoidCrypt ransomware family. Ransomware is a type of malware that prevents victims from accessing the operating system and/or files and demands ransom payments. In most cases, this malware renames encrypted files and provides contact details and/or payment information within ransom messages.

K2 renames encrypted files by adding the helpforfiles@xmpp.es email address, victim's ID, and appending the ".k2" extension to filenames. For example, "1.jpg" is renamed to "1.jpg.[Helpforfiles@xmpp.es][3R1EO5WNJM7A6DQ].k2", "2.jpg" to "2.jpg.[Helpforfiles@xmpp.es][3R1EO5WNJM7A6DQ].k2", and os on.

It creates a ransom message within the "!INFO.HTA" file, which is stores in all folders that contain encrypted files.

What is IncognitoSearcher?

IncognitoSearcher is dubious software categorized as a browser hijacker. It operates by making changes to browser settings to promote incognitosearcher.com (a fake search engine). In addition, most browser hijackers monitor users' browsing habits, and it is likely that IncognitoSearcher is no exception to this.

Since most users download/install browser hijackers unintentionally, they are also classified as Potentially Unwanted Applications (PUAs).

What is GetSearchConverter?

GetSearchConverter modifies web browser settings and redirects users to getsearchconverter.com. I.e., it forces people to use this fake search engine. GetSearchConverter also reads the browsing history. Typically, users do not download or install browser hijackers intentionally and, for this reason, they are classified as potentially unwanted applications (PUAs).

What kind of malware is CARLOS?

Discovered by malware researcher S!Ri, CARLOS is a malicious ransomware program that operates by encrypting the data of infected systems and demanding ransoms to be paid for decryption tools/software.

During the encryption process, all affected files are renamed according to the following pattern: original filename; unique ID; cyber criminals' email address, and; ".CARLOS" extension. For example, a file such as "1.jpg" would appear as something similar to "1.jpg.[EF7BE7BC].[carlosrestore2020@aol.com].CARLOS".

After the encryption process is complete, a text file ("readme-warning.txt") is dropped onto the desktop. Updated variants of this ransomware use the ".[markmontgomery2020@hotmail.com].CARLOS" extension for encrypted files.

What is torrentfunk[.]com?

torrentfunk[.]com is a torrent website that contains dubious ads and redirects users to other bogus web pages using rogue advertising networks. Note that torrenting is not illegal, however, downloading copyrighted content is, and it is likely that torrentfunk[.]com contains such content.

What is GetIncognitoSearch?

GetIncognitoSearch promotes a fake search engine (getincognitosearch.com). Like most browser hijackers, it achieves this by making certain changes to browser settings. Additionally, it is likely that GetIncognitoSearch gathers browsing-related details and other information.

Frequently, users download and install browser hijackers unintentionally and, therefore, apps such as GetIncognitoSearch are classified as potentially unwanted applications (PUAs).

What is the torrentgalaxy[.]to site?

torrentgalaxy[.]to is an untrusted Torrent website, which uses rogue advertising networks. This is a common monetization technique and operates by promoting (i.e. force-opening/causing redirects to) various dubious and malicious sites. In addition to the threats posed by visiting the promoted web pages, Peer-to-Peer sharing networks infringe copyright laws.

Torrent websites commonly offer Potentially Unwanted Applications (PUAs) and even malware  (e.g. ransomware, Trojans, etc.) for downloading, disguised as or bundled with normal content. Therefore, you are strongly advised against visiting or using torrentgalaxy[.]to.

What is moderation-support[.]network?

moderation-support[.]network is one of many deceptive pages that scammers use to trick visitors into installing various potentially unwanted applications (PUAs). When visited, these web pages display a fake notification stating that the device is infected (and/or damaged) and that it can be fixed with a specific app.

Pages such as moderation-support[.]network should never be trusted. Note that users do not often visit them intentionally - usually, these web pages are promoted via other dubious sites, deceptive ads, and PUAs.