Virus and Spyware Removal Guides, uninstall instructions

What is HORSEMONEY ransomware?

HORSEMONEY is a malicious program belonging to the Phobos ransomware family. It operates by encrypting data and demanding payment for the decryption. In other words, this malware renders files inaccessible and asks victims to pay - to restore access to their data.

During the encryption process, files are renamed following this pattern: original filename, unique ID assigned to the victims, cyber criminals' ICQ messenger username, and ".HORSEMONEY" extension. For example, a file initially titled "1.jpg" would appear as something similar to "1.jpg.id[C279F237-3221].[ICQ_HORSEMONEY].HORSEMONEY".

After this process is complete, ransom notes are created/displayed in a pop-up window ("info.hta") and "info.txt" text file (which does not contain any message).

What is the uniqdatacaptcha[.]top site?

Uniqdatacaptcha[.]top is a rogue website designed to load questionable content and/or redirect visitors to various pages (likely unreliable or dangerous ones). The Internet is rife with sites of this kind; nakedstreaming.com, typiccor.com, captchacheckout.top, and tik-ttok.net are just some examples.

Users seldom intentionally access such websites. Most get redirected to them by untrustworthy webpages, intrusive adverts, or installed PUAs (Potentially Unwanted Applications). This software can infiltrate systems without user consent and subsequently cause redirects, run intrusive advertisement campaigns, and collect browsing-related data.

What is nakedstreaming[.]com?

Sharing similarities with captchacheckout.top, flashymass.com, vgdjhz.com, and thousands of others, nakedstreaming[.]com is a rogue website. This page operates by presenting visitors with dubious content and/or redirecting them to other sites (likely untrustworthy or malicious ones).

Users seldom access rogue websites intentionally; most get redirected to them by suspect pages, intrusive ads, or installed PUAs (Potentially Unwanted Applications). This software can infiltrate systems without express permission and subsequently cause redirects, run intrusive advertisement campaigns, and collect browsing data.

What is BestStreamSearch?

BestStreamSearch is a browser hijacker promoting the beststreamsearch.com fake search engine. This piece software modifies browser settings to cause redirects to its web searcher. Additionally, BestStreamSearch likely has data tracking abilities, which are employed to spy on users' browsing habits. Due to the questionable techniques used to distribute browser hijackers, they are also categorized as PUAs (Potentially Unwanted Applications).

What is funsmartlook[.]com?

Funsmartlook[.]com is pretty similar to captchacheckout[.]top, captchaverifier[.]top, captcha-bros[.]com, and other pages designed to trick visitors into allowing them to show notifications and open a couple of questionable websites. Usually, users do not visit pages like funsmartlook[.]com on purpose.

What is WIZOZ ransomware?

WIZOZ is part of the VoidCrypt ransomware family. It blocks victims from accessing their files by encrypting them and provides a ransom note (creates the "Decrypt-info.txt" text file). WIZOZ's ransom note contains instructions on how to contact the attackers and other details regarding data decryption.

Also, it renames files by appending the whizoze@gmail.com email address, victim's ID, and the ".WIZOZ" extension. For example, it renames a file named "1.jpg" to "1.jpg.[whizoze@gmail.com][MJ-JY6124980537].WIZOZ", "2.jpg" to "2.jpg.[whizoze@gmail.com][MJ-JY6124980537].WIZOZ", and so on.

What is MainSearchBoard?

MainSearchBoard is an adware-type application with browser hijacker features. This app operates by running intrusive advertisement campaigns and promoting fake search engines through modifications to browser settings. MainSearchBoard likely has data tracking abilities as well.

Since most users unintentionally download/install adware and browser hijackers, they are also classified as PUAs (Potentially Unwanted Applications). MainSearchBoard has been observed being proliferated via fake Adobe Flash Player updates. Fraudulent updaters/installers are notorious for spreading PUAs and malware.

What kind of application is WebBoostSeach adware?

WebBoostSeach is distributed via a fake installer designed to look like the installer for Adobe Flash Player. Therefore, this application is classified as an unwanted application. WebBoostSeach generates advertisements and promotes a fake search engine - it functions as adware and a browser hijacker.

What is Flow adware?

Flow is a dubious browser extension, endorsed as a tool that adds "relevant" search results into users' web searches on Google. Typically, such software injects various untrustworthy and even malicious ads into the search results. Hence, products that operate in this manner are classified as adware.

Additionally, Flow has data tracking abilities, which are used to spy on users' browsing activity. Since most users download/install adware-type products inadvertently, they are also considered to be PUAs (Potentially Unwanted Applications).

What is LogarithmicList adware?

LogarithmicList is a potentially unwanted application (PUA) designed to generate advertisements and hijack browsers by changing their settings. In other words, this application has the qualities of an adware-type application and a browser hijacker. In most cases, users download and install apps like LogarithmicList unintentionally.