Virus and Spyware Removal Guides, uninstall instructions

What is JoJoCrypt?

Ransomware is a type of malware that blocks access to files stored on the infected computer by encryption and displays (or creates) a ransom message to demand payment.

Commonly, ransomware also renames encrypted files. JoJoCrypt (also known as JoJoCrypter) appends the ".jojocrypt" extension to filenames. For example, "1.jpg" is renamed to "1.jpg.jojocrypt", "2.jpg" to "2.jpg.jojocrypt", and so on.

This ransomware variant also creates the "how to recover your files.txt" text file in all folders containing encrypted files.

What is 1stkissmanga[.]com?

1stkissmanga[.]com is an untrusted website, hosting various manhua, manhwa, and manga series. I.e., this site allows users to read Chinese, Korean, and Japanese comics online.

As well as infringing copyright laws, this website also uses rogue advertising networks. Therefore, visitors to 1stkissmanga[.]com are presented with dubious/dangerous content and redirected to other bogus and even malicious pages.

You are strongly advised against visiting and/or using 1stkissmanga[.]com.

What is searchmy.co?

searchmy.co is a fake search engine. Rogue search engines are usually unable to generate unique results, and simply collect users' data. Fake web search engines are promoted by Potentially Unwanted Applications (PUAs) classified as browser hijackers.

The software promoting searchmy.co has been observed adding the "Managed by your organization" feature to Google Chrome browsers. Browser hijackers cause redirects to their associated search engines by making modifications to browser settings.

Additionally, most browser hijackers have data tracking capabilities that are used to record browsing activity and collect sensitive information extracted from it.

What is Backup ransomware?

The Backup ransomware variant belongs to the VoidCrypt ransomware family. Malware of this type generally encrypts files and displays ransom-demand messages, however, Backup creates "Decrypt-me.txt" text files in all folders that contain encrypted data rather than displaying ransom messages.

This ransomware also renames encrypted files by appending the unlockdata@criptext.com email address, a string characters, and the ".Backup" extension. For example, "1.jpg" is renamed to "1.jpg.[unlockdata@criptext.com][MJ-XP0964371852].Backup", "2.jpg" to "2.jpg.[unlockdata@criptext.com][MJ-XP0964371852].Backup", and so on.

What is searcher4u.com?

searcher4u.com is a fake search engine. In most cases, addresses like searcher4u.com are promoted through potentially unwanted applications (PUAs), for example, adware-type applications, browser hijackers.

searcher4u.com is promoted using a browser hijacker called PDFConverter4u, however, it is likely that other PUAs also promote this fake search engine.

Most users do not download/install PUAs or use fake search engines intentionally. Furthermore, browser hijackers are often designed to collect information relating to users' browsing activities.

What is Convuster?

Convuster is rogue software classified as adware. There are two variants of this application, one written in Swift and the other in the Rust programming language.

Adware operates by running intrusive advertisement campaigns (i.e., delivers various ads). Furthermore, most apps like Convuster have browser hijacker characteristics: promotion of fake search engines via browser settings modification.

This application also has data tracking capabilities. Due to the dubious methods used to proliferate Convuster, it is categorized as a Potentially Unwanted Application (PUA).

What is AccessibilityDock?

AccessibilityDock is designed to generate advertisements and force people to use a fake search engine. In this way, AccessibilityDock is designed to function as adware and a browser hijacker.

Additionally, this app may be designed to collect information about users (details relating to browsing habits and other information).

AccessibilityDock and similar apps are often downloaded and installed by users unintentionally and, therefore, they are classified as potentially unwanted applications (PUAs).

What is thedailyrobotcheck[.]site?

thedailyrobotcheck[.]site is a rogue website, which shares many similarities with bestletherservice.me, wholefreshposts.com, pushails.com, and thousands of others. Visitors to this page are presented with dubious content and/or are redirected to other bogus/malicious sites.

Most users access web pages of this kind unintentionally - they are redirected to them by intrusive ads or installed Potentially Unwanted Applications (PUAs). This software does not require explicit user consent to infiltrate devices. PUAs cause redirects, deliver intrusive advertisement campaigns, and gather browsing-related information.

What is the "Instagram Copyright Infringement" scam?

"Instagram Copyright Infringement" refers to a scam promoted on various untrusted websites. It operates as a phishing scam, claiming that content infringing copyright laws has been detected on users' accounts. In this way, it attempts to obtain Instagram log-in credentials (i.e., usernames and passwords).

Additionally, this scheme asks users to enter their email addresses. Therefore, the "Instagram Copyright Infringement" poses a threat not only to the accounts in question but also to those providing email services.

Typically, deceptive sites are accessed via mistyped URLs, or redirects caused by intrusive advertisements or installed Potentially Unwanted Applications (PUAs).

What is bestletherservice[.]me?

bestletherservice[.]me is an untrusted website that is often promoted through other websites of this kind, dubious advertisements, and potentially unwanted applications (PUAs).

Users do not often visit websites such as bestletherservice[.]me or download/install PUAs intentionally. Furthermore, PUAs can gather browsing-related (and other) information and generate unwanted advertisements.