Virus and Spyware Removal Guides, uninstall instructions

What is "Email credentials phishing"?

Email credentials phishing describes a deceptive message claiming to be an official notification from the recipient's email service provider. It alerts users of a 'new security measure' in an attempt to steal their email credentials. This scam tactic is called "phishing" and is a form of social engineering.

Note that most deceptive/scam emails are disguised as "official", "important", "priority". and similar. You are expressly advised against opening suspicious mail or opening attachments/links present within them.

What is MainBoardSearch?

MainBoardSearch is a rogue application with adware and browser hijacker characteristics. It operates by delivering intrusive advertisement campaigns. I.e., it enables the placement of ads on any visited web page. This app also modifies browsers to promote a fake search engine.

Furthermore, most adware-type apps and browser hijackers can track browsing-related data. Since few users install MainBoardSearch intentionally, it is also classified as a Potentially Unwanted Application (PUA). MainBoardSearch has been observed being spread via fake Adobe Flash Player updates.

Rogue software updaters/installers are commonly used to proliferate PUAs and even Trojans, ransomware and other malware.

What is "Bash wants to control System Events"?

"Bash Wants To Control System Events" is a macOS pop-up window (message) used to trick users into allowing "bash" to take over System Events. These pop-up windows are commonly displayed by adware (designed to deliver advertisements).

Do not trust the "Bash Wants To Control System Events" notification or others such as Osascript wants to control Safari and Terminal would like to control this computer.

What kind of scam is "OneDrive" scam?

"OneDrive Email Scam" refers to a spam campaign used to steal email account credentials (passwords) via Google Forms, a survey administration platform. The term "spam campaign" defines a large-scale operation, during which thousands of deceptive emails are sent.

The messages sent during this spam campaign claim a file has been shared with the recipients, however, when they try to access the file, they are asked to provide their email account credentials.

What is FlashSearch?

FlashSearch is rogue software classified as a browser hijacker. It operates by promoting the Flashsearch.club bogus search engine through modification of browser settings. Additionally, FlashSearch has data tracking capabilities, which are employed to monitor users' browsing activity.

Since most users download/install browser hijackers unintentionally, they are also categorized as Potentially Unwanted Applications (PUAs).

What is Kamira99 ransomware?

Virtually identical to FilesRecoverEN, Kamira99 is a ransomware-type program. This malware encrypts and renames files and creates ransom messages, which demand payment for decryption. I.e., files affected by Kamira99 become inaccessible/unusable and victims are asked to pay to restore their data.

During the encryption process, files are renamed according to this pattern: original filename, unique ID assigned to the victim, cyber criminals' email address, and a random four-character (number and character) extension. To elaborate, a file initially named "1.jpg" would appear as something similar to "1.jpg[ID=Bpol6v-Mail=kamira99@tutanota.com].ba8g" following encryption.

After the completion of this process, ransom demand messages are created in a pop-up window ("ReadMe_Now!.hta") and "Read_Me!_.txt" text files, which are dropped into compromised folders.

What is Show Tabs?

Show Tabs is a typical browser hijacker: it modifies certain browser settings to promote a fake search engine (it changes the settings to fxsmash.xyz).

This app can also read browsing histories and possibly other, more personal details. In any case, browser hijackers should never be installed. Note that users do not often download or install software of this type intentionally and, for this reason, Show Tabs and similar apps are classified as potentially unwanted applications (PUAs).

What is Jdtdypub?

Ransomware is a type of malicious software that blocks access to files by encryption and demands ransom payments to recover them.

Jdtdypub both encrypts and renames files, appending ".jdtdypub" as the file extension. For example, "1.jpg" is renamed to "1.jpg.jdtdypub", "2.jpg" to "2.jpg.jdtdypub", and so on.

Like most ransomware variants, Jdtdypub generates a ransom message - in this case, within the "HOW TO RESTORE YOUR FILES.TXT" text file, which is stored in all folders containing encrypted files.

Note that Jdtdypub is part of the Snatch ransomware family.

What is the eouldeco[.]online site?

Sharing similarities with mekiroki.com, sakh.site, mobilemediahits.com, cfplay.online, and countless others, eouldeco[.]online is a rogue website. It operates by delivering dubious content and redirecting visitors to other untrusted/malicious sites.

Users seldom enter these web pages intentionally - most are redirected to them by intrusive ads or Potentially Unwanted Applications (PUAs) already infiltrated into their devices. These apps do not require explicit permission to be installed onto systems, and thus users may be unaware of their presence. PUAs can have dangerous functionality, including causing redirects, running intrusive advertisement campaigns, and collecting browsing-related information.

What is mekiroki[.]com?

You are strongly advised not to trust mekiroki[.]com or web pages that it opens. Mekiroki[.]com is a deceptive website used to promote other pages of this kind.

Generally, these sites are promoted through deceptive advertisements, other untrusted sites, and potentially unwanted applications (PUAs). I.e., People do not often visit these rogue sites intentionally. Remove all PUAs from browsers/computers immediately, since these apps can collect data and generate advertisements.

More examples of pages similar to mekiroki[.]com are mobilemediahits[.]com, cehuiy[.]com, and premiumbros[.]com.